Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Adserver Popup öffnet sich immer wieder

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.06.2013, 17:27   #1
Manolo25
 
Adserver Popup öffnet sich immer wieder - Standard

Adserver Popup öffnet sich immer wieder



Hallo,
seit ein paar Tagen öffnet sich ständig ein Fenster von ad.adserver oder ad.yieldmanager. Ich hab leider wenig Ahnung davon, wie man Viren, Trojaner usw. los wird, darum würde ich mich sehr über Hilfe freuen. Was kann ich tun?
Gruß, Manolo

Alt 12.06.2013, 17:27   #2
markusg
/// Malware-holic
 
Adserver Popup öffnet sich immer wieder - Standard

Adserver Popup öffnet sich immer wieder



Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 16.06.2013, 14:22   #3
Manolo25
 
Adserver Popup öffnet sich immer wieder - Standard

Adserver Popup öffnet sich immer wieder



OTL.txt:

Code:
ATTFilter
OTL logfile created on: 6/16/2013 12:40:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ManuK\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013.30 Mb Total Physical Memory | 546.35 Mb Available Physical Memory | 53.92% Memory free
1.99 Gb Paging File | 1.20 Gb Available in Paging File | 60.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.00 Gb Total Space | 31.94 Gb Free Space | 37.57% Space Free | Partition Type: NTFS
Drive D: | 127.79 Gb Total Space | 119.92 Gb Free Space | 93.84% Space Free | Partition Type: NTFS
 
Computer Name: MANUK-PC | User Name: ManuK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/13 11:14:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ManuK\Desktop\OTL.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/11/30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/06/20 18:13:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/01 02:31:56 | 002,203,136 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\SFB\SmartRestarter.exe
PRC - [2010/04/07 20:30:32 | 002,835,744 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
PRC - [2010/04/07 20:30:32 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010/04/07 20:30:32 | 000,636,192 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010/04/07 15:40:06 | 000,843,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/02/03 07:19:20 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~4\SUPNOT~1.EXE
PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/12/14 09:17:48 | 000,091,136 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/11/20 09:35:38 | 000,013,312 | ---- | M] (DoctorSoft) -- C:\Program Files\AnyPC Client\APLangApp.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010/02/03 07:19:20 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~4\SUPNOT~1.EXE
MOD - [2010/02/03 07:19:20 | 000,155,648 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~4\HMXML.dll
MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/06/12 16:43:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/07 20:30:32 | 000,636,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/05/09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/05/09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/05/09 10:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/05/09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/04/11 19:45:49 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/08/11 03:09:38 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
DRV - [2009/09/28 11:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://search.certified-toolbar.com?si=42102&bs=true&tid=2876&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{675597AF-B154-48B3-8BA2-FD1E91F918E0}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://search.certified-toolbar.com?si=42102&bs=true&tid=2876&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_deDE404
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"user_pref("browser.search.order.1", "Web Search");
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..keyword.URL: "hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/23 16:31:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/06 17:45:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\videosaver@videosaver.net: C:\Program Files\VideoSaver\FF\ [2013/05/12 19:27:26 | 000,000,000 | ---D | M]
 
[2012/04/06 17:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ManuK\AppData\Roaming\mozilla\Extensions
[2013/05/24 20:40:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ManuK\AppData\Roaming\mozilla\Firefox\Profiles\lenb5pdu.default\extensions
[2013/05/12 19:27:34 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\ManuK\AppData\Roaming\mozilla\Firefox\Profiles\lenb5pdu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2013/05/12 19:25:57 | 000,000,000 | ---D | M] (OutBrowse Toolbar) -- C:\Users\ManuK\AppData\Roaming\mozilla\Firefox\Profiles\lenb5pdu.default\extensions\{abba8887-5879-4072-969e-b2a6a2cca1bc}
[2012/10/29 20:03:59 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ManuK\AppData\Roaming\mozilla\Firefox\Profiles\lenb5pdu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013/05/12 19:25:52 | 000,003,269 | ---- | M] () -- C:\Users\ManuK\AppData\Roaming\mozilla\firefox\profiles\lenb5pdu.default\searchplugins\Web Search.xml
[2013/06/03 12:23:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/09/18 17:07:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/31 14:23:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/06/03 12:23:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}
[2012/03/13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/03/13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/03/13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/05/12 19:25:52 | 000,003,269 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Web Search.xml
[2012/03/13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/03/13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\windows\system32\npdeployJava1.dll
CHR - Extension: PriceGong = C:\Users\ManuK\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.11_0\
CHR - Extension: VideoSaver = C:\Users\ManuK\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifjgookacnmjghjfagggbkpebmndnbib\1.114_0\
CHR - Extension: OutBrowse Toolbar = C:\Users\ManuK\AppData\Local\Google\Chrome\User Data\Default\Extensions\npldjlebaajpmaipffkcmdllphdglkko\1.5_0\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PriceGong - Price Comparison) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.11\PriceGongIE.dll (PriceGong)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (OutBrowse Toolbar) - {ceefadbd-a0ce-4422-a760-3b9167344e06} - C:\Users\ManuK\AppData\Roaming\OutBrowseToolbar\OutBrowseToolbar.dll (Simplytech Ltd.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (VideoSaver) - {FCA0E497-33D1-4DBE-8FDB-7F9A597C8BC2} - C:\Program Files\VideoSaver\VideoSaver.dll (VideoSaver)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (OutBrowse Toolbar) - {ceefadbd-a0ce-4422-a760-3b9167344e06} - C:\Users\ManuK\AppData\Roaming\OutBrowseToolbar\OutBrowseToolbar.dll (Simplytech Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\ManuK\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ManuK\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files\PokerStars.EU\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.7.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.103.78 80.69.102.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40C7E3F9-2B52-4276-81CA-F9D8D9011798}: DhcpNameServer = 80.69.103.78 80.69.102.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A52D887-3E10-4FE3-8660-406CBA0DAA62}: DhcpNameServer = 129.70.240.53 129.70.182.24
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/13 11:11:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ManuK\Desktop\OTL.exe
[2013/06/12 14:33:23 | 000,000,000 | ---D | C] -- C:\Users\ManuK\Desktop\Emisoft Emergency Kit
[2013/06/12 11:12:23 | 000,000,000 | ---D | C] -- C:\Users\ManuK\Desktop\Run
[2013/06/10 14:36:40 | 000,000,000 | ---D | C] -- C:\Users\ManuK\Desktop\Konflikttheorien
[2013/06/03 13:10:18 | 000,000,000 | ---D | C] -- C:\Users\ManuK\Desktop\SS2013
[2013/05/30 12:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\ManuK\Desktop\*.tmp files -> C:\Users\ManuK\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/16 12:43:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/06/16 11:57:04 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/16 11:57:01 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/16 11:51:17 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/16 11:51:17 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/16 11:43:16 | 000,000,356 | ---- | M] () -- C:\windows\tasks\VideoSaver Update.job
[2013/06/16 11:41:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/06/16 11:41:39 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/15 16:36:55 | 000,654,610 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013/06/15 16:36:55 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/06/15 16:36:55 | 000,130,192 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013/06/15 16:36:55 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/06/13 11:14:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ManuK\Desktop\OTL.exe
[2013/06/12 15:13:08 | 000,148,293 | ---- | M] () -- C:\Users\ManuK\Desktop\Praktikumsbericht_tine.pdf
[2013/06/07 10:13:32 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/23 16:31:59 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2013/05/19 14:47:00 | 000,018,432 | -H-- | M] () -- C:\Users\ManuK\Desktop\photothumb.db
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\ManuK\Desktop\*.tmp files -> C:\Users\ManuK\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/12 15:13:00 | 000,148,293 | ---- | C] () -- C:\Users\ManuK\Desktop\Praktikumsbericht_tine.pdf
[2013/05/23 16:32:00 | 000,174,664 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys
[2013/05/23 16:31:59 | 000,049,376 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys
[2013/05/12 19:24:21 | 000,015,432 | ---- | C] () -- C:\windows\Launcher.exe
[2013/03/27 08:15:22 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2010/11/07 00:02:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/06 17:08:45 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/11/03 15:16:19 | 000,000,000 | ---D | M] -- C:\Users\ManuK\AppData\Roaming\Amazon
[2012/10/05 07:06:48 | 000,000,000 | ---D | M] -- C:\Users\ManuK\AppData\Roaming\Dropbox
[2012/10/29 21:47:58 | 000,000,000 | ---D | M] -- C:\Users\ManuK\AppData\Roaming\DVDVideoSoft
[2012/10/29 20:03:56 | 000,000,000 | ---D | M] -- C:\Users\ManuK\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/10/29 19:47:22 | 000,000,000 | ---D | M] -- C:\Users\ManuK\AppData\Roaming\OpenCandy
[2012/04/08 18:35:00 | 000,000,000 | ---D | M] -- C:\Users\ManuK\AppData\Roaming\OpenOffice.org
[2013/05/12 19:24:22 | 000,000,000 | ---D | M] -- C:\Users\ManuK\AppData\Roaming\OutBrowseToolbar
[2013/05/19 15:11:57 | 000,000,000 | ---D | M] -- C:\Users\ManuK\AppData\Roaming\PhotoScape
[2013/06/09 12:44:44 | 000,000,000 | ---D | M] -- C:\Users\ManuK\AppData\Roaming\SoftGrid Client
[2012/04/12 17:34:57 | 000,000,000 | ---D | M] -- C:\Users\ManuK\AppData\Roaming\TP
[2012/10/29 19:49:26 | 000,000,000 | ---D | M] -- C:\Users\ManuK\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010/11/06 17:55:27 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/11/07 00:04:03 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/05/24 20:40:51 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/10/31 14:24:20 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010/11/06 17:01:03 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013/06/16 12:48:55 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/07/10 09:16:49 | 000,000,000 | ---D | M] -- C:\temp
[2010/11/06 17:02:24 | 000,000,000 | R--D | M] -- C:\Users
[2013/05/23 16:31:35 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009/07/14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009/07/14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009/07/14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009/07/14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010/11/20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2009/07/14 06:53:46 | 000,032,640 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2012/04/06 17:55:26 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2012/04/29 13:11:54 | 000,001,092 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/04/29 13:11:56 | 000,001,096 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013/05/12 19:27:28 | 000,000,356 | ---- | C] () -- C:\windows\Tasks\VideoSaver Update.job
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012/04/11 19:45:49 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2010/11/06 17:54:26 | 000,000,147 | ---- | M] () -- C:\Users\ManuK\DiskScrP.txt
[2013/06/16 13:40:25 | 001,572,864 | -HS- | M] () -- C:\Users\ManuK\NTUSER.DAT
[2013/06/16 13:40:25 | 000,262,144 | -HS- | M] () -- C:\Users\ManuK\ntuser.dat.LOG1
[2010/11/06 17:02:24 | 000,000,000 | -HS- | M] () -- C:\Users\ManuK\ntuser.dat.LOG2
[2010/11/06 19:46:49 | 000,065,536 | -HS- | M] () -- C:\Users\ManuK\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/11/06 19:46:49 | 000,524,288 | -HS- | M] () -- C:\Users\ManuK\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/11/06 19:46:49 | 000,524,288 | -HS- | M] () -- C:\Users\ManuK\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012/04/20 17:31:02 | 000,065,536 | -HS- | M] () -- C:\Users\ManuK\NTUSER.DAT{d5442966-8ae4-11e1-ad71-e839df57575a}.TM.blf
[2012/04/20 17:31:01 | 000,524,288 | -HS- | M] () -- C:\Users\ManuK\NTUSER.DAT{d5442966-8ae4-11e1-ad71-e839df57575a}.TMContainer00000000000000000001.regtrans-ms
[2012/04/20 17:31:02 | 000,524,288 | -HS- | M] () -- C:\Users\ManuK\NTUSER.DAT{d5442966-8ae4-11e1-ad71-e839df57575a}.TMContainer00000000000000000002.regtrans-ms
[2010/11/06 17:02:25 | 000,000,020 | -HS- | M] () -- C:\Users\ManuK\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:798A3728

< End of report >
         
Extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 6/16/2013 12:40:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ManuK\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013.30 Mb Total Physical Memory | 546.35 Mb Available Physical Memory | 53.92% Memory free
1.99 Gb Paging File | 1.20 Gb Available in Paging File | 60.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.00 Gb Total Space | 31.94 Gb Free Space | 37.57% Space Free | Partition Type: NTFS
Drive D: | 127.79 Gb Total Space | 119.92 Gb Free Space | 93.84% Space Free | Partition Type: NTFS
 
Computer Name: MANUK-PC | User Name: ManuK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1763DB11-04E4-402A-9870-E220EF720095}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1A033828-8D55-4328-B427-7E37952318F7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{21820D24-750A-48DA-A76E-B1FCEFE7A3AC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{33412515-193F-4C0D-AC05-44C6E8E68F7B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{57E3CE5D-5AD8-4F01-A06F-53EE0EDEDD56}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{589ABC67-CE61-4D00-BA4B-5BA83DAACE5C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{6FF13FA4-03C8-45C1-8D9C-87C984B18755}" = rport=139 | protocol=6 | dir=out | app=system | 
"{850F70F5-8797-43F2-A5EF-500D3471F275}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ABA249F9-42A2-4806-8AD7-FF6BA350769E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BBFDAB80-6C50-43D6-B9E5-990C3687A9C6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C5BDFBDF-FA45-4739-B62D-03DF7FDFD474}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{ED36DE57-C031-4E4F-9F7D-87B9CA9ABD5E}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{077DE42D-F8A5-4403-BE46-345BD12A2BCF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{13A56120-87C6-45D2-A093-784F46A584D4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3E69CAC2-A400-40DC-A5E2-6818C95E4510}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6088A79A-0CF6-49F4-B340-DB287B09C783}" = protocol=58 | dir=in | app=system | 
"{7159269A-2141-446A-8151-0A23DB34C876}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{80BBC110-422B-428E-A3F7-0767AF373C84}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{86C0B10E-E969-463A-AFCE-CA822164BAC6}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{A6C29C00-FE00-405F-85FA-5DEB2F1A0A7B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D88ABDC4-06C5-4527-94AB-631918638132}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E9F250BC-5CB0-4A6B-84F6-F31FDE3CAE57}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{35EC07ED-9903-49D6-B7EA-2F5819AF3E55}C:\Program Files\Winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{9040CFA1-B152-4C36-9A7B-CFC3EE019153}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{6A644259-0B4A-4531-961A-4E38F3FD9632}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{C13BCD50-3855-4F19-A87A-EF571732C76B}C:\Program Files\Winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 45
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{45535A5E-1F81-4F35-BE1D-43D10A7D03B4}" = Easy Resolution Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{749BDD29-D756-4B9B-8022-3E666A24C13F}" = Samsung Support Center
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{8462c15f-5f80-45c3-85b2-7326ab68a508}_is1" = OutBrowse Toolbar
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F771F1D4-EDD4-4D68-82DC-811583C099CD}" = Easy Network Manager
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"avast" = avast! Free Antivirus
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Free Studio_is1" = Free Studio version 5.7.6.1015
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PhotoScape" = PhotoScape
"PokerStars.eu" = PokerStars.eu
"PriceGong" = PriceGong 2.6.11
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"videosaver@videosaver.net" = VideoSaver
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/20/2013 12:17:15 PM | Computer Name = ManuK-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 5/27/2013 12:23:17 PM | Computer Name = ManuK-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 5/28/2013 2:56:53 AM | Computer Name = ManuK-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 5/29/2013 3:25:40 AM | Computer Name = ManuK-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 5/30/2013 6:27:18 AM | Computer Name = ManuK-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 6/2/2013 3:00:34 AM | Computer Name = ManuK-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 6/3/2013 10:28:44 AM | Computer Name = ManuK-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 6/4/2013 10:52:38 AM | Computer Name = ManuK-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 6/4/2013 12:49:09 PM | Computer Name = ManuK-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 6/5/2013 7:15:03 AM | Computer Name = ManuK-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
[ System Events ]
Error - 11/22/2012 10:36:25 AM | Computer Name = ManuK-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11/24/2012 3:29:03 AM | Computer Name = ManuK-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 11/24/2012 6:32:09 AM | Computer Name = ManuK-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11/24/2012 7:37:11 AM | Computer Name = ManuK-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 11/25/2012 5:17:20 AM | Computer Name = ManuK-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 11/25/2012 5:38:13 AM | Computer Name = ManuK-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11/26/2012 4:18:05 AM | Computer Name = ManuK-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 11/26/2012 11:48:00 AM | Computer Name = ManuK-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11/27/2012 2:16:52 AM | Computer Name = ManuK-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 11/27/2012 3:53:49 AM | Computer Name = ManuK-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
__________________

Alt 16.06.2013, 19:11   #4
markusg
/// Malware-holic
 
Adserver Popup öffnet sich immer wieder - Standard

Adserver Popup öffnet sich immer wieder



Hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.06.2013, 09:01   #5
Manolo25
 
Adserver Popup öffnet sich immer wieder - Standard

Adserver Popup öffnet sich immer wieder



Code:
ATTFilter
08:55:39.0375 4196  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:55:41.0447 4196  ============================================================
08:55:41.0447 4196  Current date / time: 2013/06/17 08:55:41.0447
08:55:41.0447 4196  SystemInfo:
08:55:41.0448 4196  
08:55:41.0448 4196  OS Version: 6.1.7601 ServicePack: 1.0
08:55:41.0448 4196  Product type: Workstation
08:55:41.0449 4196  ComputerName: MANUK-PC
08:55:41.0449 4196  UserName: ManuK
08:55:41.0449 4196  Windows directory: C:\windows
08:55:41.0449 4196  System windows directory: C:\windows
08:55:41.0450 4196  Processor architecture: Intel x86
08:55:41.0450 4196  Number of processors: 2
08:55:41.0450 4196  Page size: 0x1000
08:55:41.0450 4196  Boot type: Normal boot
08:55:41.0450 4196  ============================================================
08:55:45.0088 4196  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:55:45.0327 4196  ============================================================
08:55:45.0327 4196  \Device\Harddisk0\DR0:
08:55:45.0355 4196  MBR partitions:
08:55:45.0355 4196  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
08:55:45.0355 4196  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0xAA00000
08:55:45.0387 4196  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xD233000, BlocksNum 0xFF92000
08:55:45.0387 4196  ============================================================
08:55:45.0459 4196  C: <-> \Device\Harddisk0\DR0\Partition2
08:55:45.0594 4196  D: <-> \Device\Harddisk0\DR0\Partition3
08:55:45.0702 4196  ============================================================
08:55:45.0702 4196  Initialize success
08:55:45.0702 4196  ============================================================
08:56:13.0205 5572  ============================================================
08:56:13.0205 5572  Scan started
08:56:13.0206 5572  Mode: Manual; SigCheck; TDLFS; 
08:56:13.0206 5572  ============================================================
08:56:16.0523 5572  ================ Scan system memory ========================
08:56:16.0523 5572  System memory - ok
08:56:16.0525 5572  ================ Scan services =============================
08:56:17.0153 5572  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
08:56:17.0652 5572  1394ohci - ok
08:56:17.0730 5572  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\windows\system32\drivers\ACPI.sys
08:56:17.0808 5572  ACPI - ok
08:56:17.0855 5572  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
08:56:17.0964 5572  AcpiPmi - ok
08:56:18.0167 5572  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
08:56:18.0245 5572  AdobeARMservice - ok
08:56:18.0369 5572  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:56:18.0494 5572  AdobeFlashPlayerUpdateSvc - ok
08:56:18.0572 5572  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
08:56:18.0681 5572  adp94xx - ok
08:56:18.0728 5572  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
08:56:18.0806 5572  adpahci - ok
08:56:18.0869 5572  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
08:56:18.0962 5572  adpu320 - ok
08:56:19.0009 5572  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
08:56:19.0134 5572  AeLookupSvc - ok
08:56:19.0212 5572  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\windows\system32\drivers\afd.sys
08:56:19.0352 5572  AFD - ok
08:56:19.0399 5572  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\windows\system32\drivers\agp440.sys
08:56:19.0477 5572  agp440 - ok
08:56:19.0539 5572  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\windows\system32\DRIVERS\djsvs.sys
08:56:19.0602 5572  aic78xx - ok
08:56:19.0649 5572  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\windows\System32\alg.exe
08:56:19.0758 5572  ALG - ok
08:56:19.0805 5572  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\windows\system32\drivers\aliide.sys
08:56:19.0883 5572  aliide - ok
08:56:19.0929 5572  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\windows\system32\drivers\amdagp.sys
08:56:20.0023 5572  amdagp - ok
08:56:20.0117 5572  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\windows\system32\drivers\amdide.sys
08:56:20.0195 5572  amdide - ok
08:56:20.0210 5572  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
08:56:20.0304 5572  AmdK8 - ok
08:56:20.0351 5572  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
08:56:20.0444 5572  AmdPPM - ok
08:56:20.0491 5572  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\windows\system32\drivers\amdsata.sys
08:56:20.0569 5572  amdsata - ok
08:56:20.0616 5572  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
08:56:20.0694 5572  amdsbs - ok
08:56:20.0725 5572  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\windows\system32\drivers\amdxata.sys
08:56:20.0803 5572  amdxata - ok
08:56:20.0865 5572  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\windows\system32\drivers\appid.sys
08:56:21.0053 5572  AppID - ok
08:56:21.0131 5572  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\windows\System32\appidsvc.dll
08:56:21.0287 5572  AppIDSvc - ok
08:56:21.0333 5572  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\windows\System32\appinfo.dll
08:56:21.0443 5572  Appinfo - ok
08:56:21.0505 5572  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\windows\system32\DRIVERS\arc.sys
08:56:21.0599 5572  arc - ok
08:56:21.0645 5572  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
08:56:21.0708 5572  arcsas - ok
08:56:21.0786 5572  [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk        C:\windows\system32\drivers\aswFsBlk.sys
08:56:22.0722 5572  aswFsBlk - ok
08:56:22.0815 5572  [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
08:56:22.0893 5572  aswMonFlt - ok
08:56:22.0987 5572  [ FFE9A993B3EC2908FECB1DF2C39148BB ] aswRdr          C:\windows\System32\Drivers\aswrdr2.sys
08:56:23.0065 5572  aswRdr - ok
08:56:23.0143 5572  [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
08:56:23.0221 5572  aswRvrt - ok
08:56:23.0393 5572  [ 6CAB0A5991C5C0FC63F5E66593E71D7E ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
08:56:23.0502 5572  aswSnx - ok
08:56:23.0736 5572  [ 99102F60F344BEBAF4F6114514FD28D3 ] aswSP           C:\windows\system32\drivers\aswSP.sys
08:56:23.0845 5572  aswSP - ok
08:56:24.0017 5572  [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi          C:\windows\system32\drivers\aswTdi.sys
08:56:24.0095 5572  aswTdi - ok
08:56:24.0344 5572  [ 16B8E3CD50A460EC32CA680C8210A0A9 ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
08:56:24.0469 5572  aswVmm - ok
08:56:24.0594 5572  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
08:56:24.0875 5572  AsyncMac - ok
08:56:24.0937 5572  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\windows\system32\drivers\atapi.sys
08:56:25.0031 5572  atapi - ok
08:56:25.0140 5572  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
08:56:25.0358 5572  AudioEndpointBuilder - ok
08:56:25.0405 5572  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\windows\System32\Audiosrv.dll
08:56:25.0577 5572  Audiosrv - ok
08:56:25.0811 5572  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:56:25.0889 5572  avast! Antivirus - ok
08:56:25.0951 5572  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\windows\System32\AxInstSV.dll
08:56:26.0154 5572  AxInstSV - ok
08:56:26.0216 5572  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\windows\system32\DRIVERS\bxvbdx.sys
08:56:26.0357 5572  b06bdrv - ok
08:56:26.0419 5572  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\windows\system32\DRIVERS\b57nd60x.sys
08:56:26.0544 5572  b57nd60x - ok
08:56:26.0840 5572  [ F4D388DC3FF004AEE886762D5CEC7783 ] BCM43XX         C:\windows\system32\DRIVERS\bcmwl6.sys
08:56:27.0199 5572  BCM43XX - ok
08:56:27.0261 5572  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\windows\System32\bdesvc.dll
08:56:27.0402 5572  BDESVC - ok
08:56:27.0464 5572  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\windows\system32\drivers\Beep.sys
08:56:27.0683 5572  Beep - ok
08:56:27.0839 5572  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\windows\System32\bfe.dll
08:56:28.0073 5572  BFE - ok
08:56:28.0166 5572  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\windows\System32\qmgr.dll
08:56:28.0400 5572  BITS - ok
08:56:28.0478 5572  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
08:56:28.0603 5572  blbdrive - ok
08:56:28.0665 5572  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
08:56:28.0759 5572  bowser - ok
08:56:28.0806 5572  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
08:56:28.0931 5572  BrFiltLo - ok
08:56:28.0977 5572  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
08:56:29.0118 5572  BrFiltUp - ok
08:56:29.0196 5572  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\windows\System32\browser.dll
08:56:29.0289 5572  Browser - ok
08:56:29.0430 5572  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\windows\System32\Drivers\Brserid.sys
08:56:29.0555 5572  Brserid - ok
08:56:29.0601 5572  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
08:56:29.0742 5572  BrSerWdm - ok
08:56:29.0773 5572  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
08:56:29.0867 5572  BrUsbMdm - ok
08:56:29.0898 5572  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
08:56:30.0007 5572  BrUsbSer - ok
08:56:30.0101 5572  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
08:56:30.0444 5572  BthEnum - ok
08:56:30.0491 5572  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
08:56:30.0615 5572  BTHMODEM - ok
08:56:30.0678 5572  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
08:56:30.0787 5572  BthPan - ok
08:56:30.0865 5572  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
08:56:30.0974 5572  BTHPORT - ok
08:56:31.0037 5572  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\windows\system32\bthserv.dll
08:56:31.0208 5572  bthserv - ok
08:56:31.0255 5572  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
08:56:31.0380 5572  BTHUSB - ok
08:56:31.0442 5572  [ 7061FE1715E5ADED120FE4C608609357 ] btwampfl        C:\windows\system32\drivers\btwampfl.sys
08:56:31.0520 5572  btwampfl - ok
08:56:31.0567 5572  [ A95B2FB3CA7B555B5CB306153F48CED8 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys
08:56:31.0629 5572  btwaudio - ok
08:56:31.0676 5572  [ 1F9CD885F1C548BE93962CCABDB632E4 ] btwavdt         C:\windows\system32\DRIVERS\btwavdt.sys
08:56:31.0739 5572  btwavdt - ok
08:56:31.0895 5572  [ 9634E2B260AA445EF6B83731AC6EE5AC ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
08:56:31.0988 5572  btwdins - ok
08:56:32.0051 5572  [ DE53089F0678CB5F0AFEB867ACB0FB05 ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys
08:56:32.0113 5572  btwl2cap - ok
08:56:32.0144 5572  [ A2D6C7B7B62A6C42DCB01204A6BD6FC2 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys
08:56:32.0222 5572  btwrchid - ok
08:56:32.0285 5572  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
08:56:32.0441 5572  cdfs - ok
08:56:32.0503 5572  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\windows\system32\drivers\cdrom.sys
08:56:32.0628 5572  cdrom - ok
08:56:32.0690 5572  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\windows\System32\certprop.dll
08:56:32.0846 5572  CertPropSvc - ok
08:56:32.0877 5572  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
08:56:32.0987 5572  circlass - ok
08:56:33.0033 5572  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\windows\system32\CLFS.sys
08:56:33.0127 5572  CLFS - ok
08:56:33.0236 5572  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:56:33.0314 5572  clr_optimization_v2.0.50727_32 - ok
08:56:33.0423 5572  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:56:33.0564 5572  clr_optimization_v4.0.30319_32 - ok
08:56:33.0595 5572  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
08:56:33.0720 5572  CmBatt - ok
08:56:33.0751 5572  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\windows\system32\drivers\cmdide.sys
08:56:33.0813 5572  cmdide - ok
08:56:33.0923 5572  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\windows\system32\Drivers\cng.sys
08:56:34.0047 5572  CNG - ok
08:56:34.0094 5572  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
08:56:34.0172 5572  Compbatt - ok
08:56:34.0219 5572  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
08:56:34.0313 5572  CompositeBus - ok
08:56:34.0344 5572  COMSysApp - ok
08:56:34.0391 5572  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
08:56:34.0469 5572  crcdisk - ok
08:56:34.0547 5572  [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc        C:\windows\system32\cryptsvc.dll
08:56:34.0640 5572  CryptSvc - ok
08:56:34.0765 5572  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
08:56:34.0890 5572  cvhsvc - ok
08:56:34.0999 5572  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\windows\system32\rpcss.dll
08:56:35.0186 5572  DcomLaunch - ok
08:56:35.0233 5572  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\windows\System32\defragsvc.dll
08:56:35.0405 5572  defragsvc - ok
08:56:35.0483 5572  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
08:56:35.0670 5572  DfsC - ok
08:56:35.0748 5572  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\windows\system32\dhcpcore.dll
08:56:35.0857 5572  Dhcp - ok
08:56:35.0919 5572  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\windows\system32\drivers\discache.sys
08:56:36.0075 5572  discache - ok
08:56:36.0122 5572  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\windows\system32\DRIVERS\disk.sys
08:56:36.0185 5572  Disk - ok
08:56:36.0247 5572  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\windows\System32\dnsrslvr.dll
08:56:36.0356 5572  Dnscache - ok
08:56:36.0450 5572  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\windows\System32\dot3svc.dll
08:56:36.0653 5572  dot3svc - ok
08:56:36.0715 5572  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\windows\system32\dps.dll
08:56:36.0933 5572  DPS - ok
08:56:36.0996 5572  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
08:56:37.0105 5572  drmkaud - ok
08:56:37.0292 5572  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
08:56:37.0433 5572  DXGKrnl - ok
08:56:37.0495 5572  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\windows\System32\eapsvc.dll
08:56:37.0667 5572  EapHost - ok
08:56:38.0181 5572  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\windows\system32\DRIVERS\evbdx.sys
08:56:38.0509 5572  ebdrv - ok
08:56:38.0587 5572  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\windows\System32\lsass.exe
08:56:38.0712 5572  EFS - ok
08:56:38.0821 5572  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
08:56:38.0915 5572  elxstor - ok
08:56:38.0977 5572  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\windows\system32\drivers\errdev.sys
08:56:39.0055 5572  ErrDev - ok
08:56:39.0164 5572  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\windows\system32\es.dll
08:56:39.0351 5572  EventSystem - ok
08:56:39.0429 5572  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\windows\system32\drivers\exfat.sys
08:56:39.0601 5572  exfat - ok
08:56:39.0648 5572  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\windows\system32\drivers\fastfat.sys
08:56:39.0819 5572  fastfat - ok
08:56:39.0897 5572  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\windows\system32\fxssvc.exe
08:56:40.0022 5572  Fax - ok
08:56:40.0100 5572  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\windows\system32\DRIVERS\fdc.sys
08:56:40.0178 5572  fdc - ok
08:56:40.0272 5572  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\windows\system32\fdPHost.dll
08:56:40.0428 5572  fdPHost - ok
08:56:40.0475 5572  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\windows\system32\fdrespub.dll
08:56:40.0646 5572  FDResPub - ok
08:56:40.0693 5572  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
08:56:40.0787 5572  FileInfo - ok
08:56:40.0818 5572  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
08:56:41.0052 5572  Filetrace - ok
08:56:41.0114 5572  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
08:56:41.0223 5572  flpydisk - ok
08:56:41.0255 5572  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
08:56:41.0333 5572  FltMgr - ok
08:56:41.0489 5572  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\windows\system32\FntCache.dll
08:56:41.0691 5572  FontCache - ok
08:56:41.0785 5572  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:56:41.0879 5572  FontCache3.0.0.0 - ok
08:56:41.0925 5572  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
08:56:42.0003 5572  FsDepends - ok
08:56:42.0066 5572  [ B74B0578FD1D3F897E95F2A2B69EA051 ] fssfltr         C:\windows\system32\DRIVERS\fssfltr.sys
08:56:42.0128 5572  fssfltr - ok
08:56:42.0347 5572  [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
08:56:42.0471 5572  fsssvc - ok
08:56:42.0534 5572  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
08:56:42.0612 5572  Fs_Rec - ok
08:56:42.0690 5572  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
08:56:42.0799 5572  fvevol - ok
08:56:42.0846 5572  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
08:56:42.0924 5572  gagp30kx - ok
08:56:43.0017 5572  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\windows\System32\gpsvc.dll
08:56:43.0205 5572  gpsvc - ok
08:56:43.0392 5572  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
08:56:43.0470 5572  gupdate - ok
08:56:43.0517 5572  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
08:56:43.0595 5572  gupdatem - ok
08:56:43.0673 5572  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
08:56:43.0782 5572  hcw85cir - ok
08:56:43.0875 5572  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
08:56:43.0985 5572  HdAudAddService - ok
08:56:44.0047 5572  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
08:56:44.0141 5572  HDAudBus - ok
08:56:44.0219 5572  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
08:56:44.0328 5572  HidBatt - ok
08:56:44.0359 5572  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
08:56:44.0468 5572  HidBth - ok
08:56:44.0499 5572  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
08:56:44.0609 5572  HidIr - ok
08:56:44.0640 5572  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\windows\system32\hidserv.dll
08:56:44.0811 5572  hidserv - ok
08:56:44.0889 5572  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
08:56:44.0999 5572  HidUsb - ok
08:56:45.0061 5572  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\windows\system32\kmsvc.dll
08:56:45.0217 5572  hkmsvc - ok
08:56:45.0279 5572  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
08:56:45.0404 5572  HomeGroupListener - ok
08:56:45.0451 5572  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
08:56:45.0576 5572  HomeGroupProvider - ok
08:56:45.0638 5572  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
08:56:45.0732 5572  HpSAMD - ok
08:56:45.0810 5572  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\windows\system32\drivers\HTTP.sys
08:56:45.0981 5572  HTTP - ok
08:56:46.0028 5572  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
08:56:46.0106 5572  hwpolicy - ok
08:56:46.0200 5572  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
08:56:46.0309 5572  i8042prt - ok
08:56:46.0403 5572  [ D483687EACE0C065EE772481A96E05F5 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
08:56:46.0512 5572  iaStor - ok
08:56:46.0559 5572  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
08:56:46.0683 5572  iaStorV - ok
08:56:46.0855 5572  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:56:46.0995 5572  idsvc - ok
08:56:47.0292 5572  [ 99469637D568076EA5664DAA8463C2E3 ] igfx            C:\windows\system32\DRIVERS\igdkmd32.sys
08:56:47.0729 5572  igfx - ok
08:56:47.0791 5572  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
08:56:47.0853 5572  iirsp - ok
08:56:47.0947 5572  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\windows\System32\ikeext.dll
08:56:48.0165 5572  IKEEXT - ok
08:56:48.0321 5572  [ F4427E5DF32CDE359B2E2E5512D18001 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
08:56:48.0649 5572  IntcAzAudAddService - ok
08:56:48.0711 5572  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\windows\system32\drivers\intelide.sys
08:56:48.0821 5572  intelide - ok
08:56:48.0883 5572  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
08:56:48.0977 5572  intelppm - ok
08:56:49.0023 5572  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\windows\system32\ipbusenum.dll
08:56:49.0211 5572  IPBusEnum - ok
08:56:49.0242 5572  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
08:56:49.0398 5572  IpFilterDriver - ok
08:56:49.0476 5572  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
08:56:49.0601 5572  iphlpsvc - ok
08:56:49.0663 5572  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
08:56:49.0757 5572  IPMIDRV - ok
08:56:49.0819 5572  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\windows\system32\drivers\ipnat.sys
08:56:50.0006 5572  IPNAT - ok
08:56:50.0053 5572  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\windows\system32\drivers\irenum.sys
08:56:50.0162 5572  IRENUM - ok
08:56:50.0193 5572  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\windows\system32\drivers\isapnp.sys
08:56:50.0318 5572  isapnp - ok
08:56:50.0412 5572  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
08:56:50.0505 5572  iScsiPrt - ok
08:56:50.0552 5572  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
08:56:50.0646 5572  kbdclass - ok
08:56:50.0693 5572  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
08:56:50.0802 5572  kbdhid - ok
08:56:50.0833 5572  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\windows\system32\lsass.exe
08:56:50.0911 5572  KeyIso - ok
08:56:50.0973 5572  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
08:56:51.0067 5572  KSecDD - ok
08:56:51.0145 5572  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
08:56:51.0239 5572  KSecPkg - ok
08:56:51.0332 5572  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\windows\system32\msdtckrm.dll
08:56:51.0519 5572  KtmRm - ok
08:56:51.0613 5572  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\windows\system32\srvsvc.dll
08:56:51.0785 5572  LanmanServer - ok
08:56:51.0831 5572  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
08:56:52.0050 5572  LanmanWorkstation - ok
08:56:52.0128 5572  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
08:56:52.0315 5572  lltdio - ok
08:56:52.0362 5572  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\windows\System32\lltdsvc.dll
08:56:52.0549 5572  lltdsvc - ok
08:56:52.0580 5572  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\windows\System32\lmhsvc.dll
08:56:52.0752 5572  lmhosts - ok
08:56:52.0814 5572  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
08:56:52.0877 5572  LSI_FC - ok
08:56:52.0923 5572  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
08:56:53.0001 5572  LSI_SAS - ok
08:56:53.0048 5572  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
08:56:53.0126 5572  LSI_SAS2 - ok
08:56:53.0189 5572  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
08:56:53.0282 5572  LSI_SCSI - ok
08:56:53.0329 5572  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\windows\system32\drivers\luafv.sys
08:56:53.0485 5572  luafv - ok
08:56:53.0547 5572  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
08:56:53.0625 5572  megasas - ok
08:56:53.0672 5572  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
08:56:53.0750 5572  MegaSR - ok
08:56:53.0797 5572  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\windows\system32\mmcss.dll
08:56:53.0969 5572  MMCSS - ok
08:56:54.0015 5572  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\windows\system32\drivers\modem.sys
08:56:54.0171 5572  Modem - ok
08:56:54.0234 5572  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
08:56:54.0390 5572  monitor - ok
08:56:54.0437 5572  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
08:56:54.0499 5572  mouclass - ok
08:56:54.0546 5572  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
08:56:54.0655 5572  mouhid - ok
08:56:54.0702 5572  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
08:56:54.0780 5572  mountmgr - ok
08:56:54.0827 5572  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\windows\system32\drivers\mpio.sys
08:56:54.0920 5572  mpio - ok
08:56:54.0967 5572  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
08:56:55.0123 5572  mpsdrv - ok
08:56:55.0201 5572  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\windows\system32\mpssvc.dll
08:56:55.0388 5572  MpsSvc - ok
08:56:55.0466 5572  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
08:56:55.0622 5572  MRxDAV - ok
08:56:55.0685 5572  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
08:56:55.0778 5572  mrxsmb - ok
08:56:55.0825 5572  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
08:56:55.0919 5572  mrxsmb10 - ok
08:56:55.0965 5572  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
08:56:56.0059 5572  mrxsmb20 - ok
08:56:56.0106 5572  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\windows\system32\drivers\msahci.sys
08:56:56.0168 5572  msahci - ok
08:56:56.0215 5572  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\windows\system32\drivers\msdsm.sys
08:56:56.0293 5572  msdsm - ok
08:56:56.0340 5572  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\windows\System32\msdtc.exe
08:56:56.0449 5572  MSDTC - ok
08:56:56.0511 5572  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\windows\system32\drivers\Msfs.sys
08:56:56.0683 5572  Msfs - ok
08:56:56.0714 5572  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
08:56:56.0870 5572  mshidkmdf - ok
08:56:56.0933 5572  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
08:56:56.0995 5572  msisadrv - ok
08:56:57.0057 5572  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
08:56:57.0229 5572  MSiSCSI - ok
08:56:57.0245 5572  msiserver - ok
08:56:57.0307 5572  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
08:56:57.0463 5572  MSKSSRV - ok
08:56:57.0510 5572  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
08:56:57.0681 5572  MSPCLOCK - ok
08:56:57.0728 5572  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
08:56:57.0869 5572  MSPQM - ok
08:56:57.0900 5572  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
08:56:57.0978 5572  MsRPC - ok
08:56:58.0071 5572  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
08:56:58.0149 5572  mssmbios - ok
08:56:58.0196 5572  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
08:56:58.0321 5572  MSTEE - ok
08:56:58.0368 5572  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
08:56:58.0477 5572  MTConfig - ok
08:56:58.0508 5572  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\windows\system32\Drivers\mup.sys
08:56:58.0571 5572  Mup - ok
08:56:58.0664 5572  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\windows\system32\qagentRT.dll
08:56:58.0836 5572  napagent - ok
08:56:58.0898 5572  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
08:56:59.0023 5572  NativeWifiP - ok
08:56:59.0085 5572  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\windows\system32\drivers\ndis.sys
08:56:59.0210 5572  NDIS - ok
08:56:59.0273 5572  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
08:56:59.0429 5572  NdisCap - ok
08:56:59.0475 5572  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
08:56:59.0616 5572  NdisTapi - ok
08:56:59.0694 5572  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
08:56:59.0834 5572  Ndisuio - ok
08:56:59.0928 5572  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
08:57:00.0068 5572  NdisWan - ok
08:57:00.0131 5572  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
08:57:00.0287 5572  NDProxy - ok
08:57:00.0349 5572  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
08:57:00.0521 5572  NetBIOS - ok
08:57:00.0645 5572  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
08:57:00.0879 5572  NetBT - ok
08:57:00.0911 5572  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\windows\system32\lsass.exe
08:57:01.0004 5572  Netlogon - ok
08:57:01.0269 5572  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\windows\System32\netman.dll
08:57:01.0457 5572  Netman - ok
08:57:01.0581 5572  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\windows\System32\netprofm.dll
08:57:01.0815 5572  netprofm - ok
08:57:01.0893 5572  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:57:01.0956 5572  NetTcpPortSharing - ok
08:57:02.0034 5572  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
08:57:02.0112 5572  nfrd960 - ok
08:57:02.0174 5572  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\windows\System32\nlasvc.dll
08:57:02.0299 5572  NlaSvc - ok
08:57:02.0330 5572  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\windows\system32\drivers\Npfs.sys
08:57:02.0549 5572  Npfs - ok
08:57:02.0611 5572  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\windows\system32\nsisvc.dll
08:57:02.0814 5572  nsi - ok
08:57:02.0876 5572  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
08:57:03.0048 5572  nsiproxy - ok
08:57:03.0157 5572  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
08:57:03.0344 5572  Ntfs - ok
08:57:03.0407 5572  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\windows\system32\drivers\Null.sys
08:57:03.0563 5572  Null - ok
08:57:03.0656 5572  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\windows\system32\drivers\nvraid.sys
08:57:03.0734 5572  nvraid - ok
08:57:03.0797 5572  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\windows\system32\drivers\nvstor.sys
08:57:03.0875 5572  nvstor - ok
08:57:03.0906 5572  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
08:57:03.0984 5572  nv_agp - ok
08:57:04.0187 5572  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:57:04.0280 5572  odserv - ok
08:57:04.0343 5572  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
08:57:04.0467 5572  ohci1394 - ok
08:57:04.0545 5572  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:57:04.0639 5572  ose - ok
08:57:04.0935 5572  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:57:05.0513 5572  osppsvc - ok
08:57:05.0622 5572  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
08:57:05.0762 5572  p2pimsvc - ok
08:57:05.0856 5572  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\windows\system32\p2psvc.dll
08:57:06.0012 5572  p2psvc - ok
08:57:06.0090 5572  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\windows\system32\DRIVERS\parport.sys
08:57:06.0199 5572  Parport - ok
08:57:06.0246 5572  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\windows\system32\drivers\partmgr.sys
08:57:06.0324 5572  partmgr - ok
08:57:06.0355 5572  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\windows\system32\DRIVERS\parvdm.sys
08:57:06.0449 5572  Parvdm - ok
08:57:06.0495 5572  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\windows\System32\pcasvc.dll
08:57:06.0605 5572  PcaSvc - ok
08:57:06.0683 5572  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\windows\system32\drivers\pci.sys
08:57:06.0761 5572  pci - ok
08:57:06.0792 5572  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\windows\system32\drivers\pciide.sys
08:57:06.0870 5572  pciide - ok
08:57:06.0963 5572  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
08:57:07.0041 5572  pcmcia - ok
08:57:07.0088 5572  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\windows\system32\drivers\pcw.sys
08:57:07.0166 5572  pcw - ok
08:57:07.0229 5572  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\windows\system32\drivers\peauth.sys
08:57:07.0385 5572  PEAUTH - ok
08:57:07.0603 5572  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\windows\system32\pla.dll
08:57:07.0899 5572  pla - ok
08:57:07.0977 5572  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\windows\system32\umpnpmgr.dll
08:57:08.0087 5572  PlugPlay - ok
08:57:08.0133 5572  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
08:57:08.0289 5572  PNRPAutoReg - ok
08:57:08.0336 5572  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
08:57:08.0430 5572  PNRPsvc - ok
08:57:08.0523 5572  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
08:57:08.0679 5572  PolicyAgent - ok
08:57:08.0757 5572  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\windows\system32\umpo.dll
08:57:08.0898 5572  Power - ok
08:57:08.0945 5572  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
08:57:09.0116 5572  PptpMiniport - ok
08:57:09.0147 5572  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\windows\system32\DRIVERS\processr.sys
08:57:09.0241 5572  Processor - ok
08:57:09.0319 5572  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\windows\system32\profsvc.dll
08:57:09.0428 5572  ProfSvc - ok
08:57:09.0444 5572  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
08:57:09.0522 5572  ProtectedStorage - ok
08:57:09.0584 5572  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\windows\system32\DRIVERS\pacer.sys
08:57:09.0756 5572  Psched - ok
08:57:09.0943 5572  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
08:57:10.0146 5572  ql2300 - ok
08:57:10.0208 5572  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
08:57:10.0286 5572  ql40xx - ok
08:57:10.0349 5572  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\windows\system32\qwave.dll
08:57:10.0505 5572  QWAVE - ok
08:57:10.0536 5572  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
08:57:10.0645 5572  QWAVEdrv - ok
08:57:10.0676 5572  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
08:57:10.0832 5572  RasAcd - ok
08:57:10.0863 5572  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
08:57:11.0019 5572  RasAgileVpn - ok
08:57:11.0066 5572  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\windows\System32\rasauto.dll
08:57:11.0253 5572  RasAuto - ok
08:57:11.0300 5572  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
08:57:11.0441 5572  Rasl2tp - ok
08:57:11.0534 5572  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\windows\System32\rasmans.dll
08:57:11.0690 5572  RasMan - ok
08:57:11.0721 5572  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
08:57:11.0862 5572  RasPppoe - ok
08:57:11.0924 5572  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
08:57:12.0065 5572  RasSstp - ok
08:57:12.0127 5572  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
08:57:12.0299 5572  rdbss - ok
08:57:12.0330 5572  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
08:57:12.0439 5572  rdpbus - ok
08:57:12.0486 5572  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
08:57:12.0642 5572  RDPCDD - ok
08:57:12.0704 5572  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
08:57:12.0860 5572  RDPENCDD - ok
08:57:12.0907 5572  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
08:57:13.0063 5572  RDPREFMP - ok
08:57:13.0141 5572  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
08:57:13.0235 5572  RDPWD - ok
08:57:13.0297 5572  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
08:57:13.0391 5572  rdyboost - ok
08:57:13.0453 5572  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\windows\System32\mprdim.dll
08:57:13.0609 5572  RemoteAccess - ok
08:57:13.0671 5572  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\windows\system32\regsvc.dll
08:57:13.0843 5572  RemoteRegistry - ok
08:57:13.0890 5572  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
08:57:13.0983 5572  RFCOMM - ok
08:57:14.0046 5572  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
08:57:14.0217 5572  RpcEptMapper - ok
08:57:14.0311 5572  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\windows\system32\locator.exe
08:57:14.0420 5572  RpcLocator - ok
08:57:14.0483 5572  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\windows\system32\rpcss.dll
08:57:14.0639 5572  RpcSs - ok
08:57:14.0701 5572  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
08:57:14.0841 5572  rspndr - ok
08:57:14.0888 5572  [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167         C:\windows\system32\DRIVERS\Rt86win7.sys
08:57:14.0982 5572  RTL8167 - ok
08:57:15.0044 5572  [ 41CE6B172542A9A227E34A45881E1D2A ] rtport          C:\windows\system32\drivers\rtport.sys
08:57:15.0091 5572  rtport - ok
08:57:15.0153 5572  [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI            C:\windows\system32\Drivers\SABI.sys
08:57:15.0231 5572  SABI - ok
08:57:15.0278 5572  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\windows\system32\lsass.exe
08:57:15.0356 5572  SamSs - ok
08:57:15.0419 5572  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
08:57:15.0497 5572  sbp2port - ok
08:57:15.0575 5572  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\windows\System32\SCardSvr.dll
08:57:15.0762 5572  SCardSvr - ok
08:57:15.0824 5572  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
08:57:15.0949 5572  scfilter - ok
08:57:16.0105 5572  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\windows\system32\schedsvc.dll
08:57:16.0339 5572  Schedule - ok
08:57:16.0370 5572  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\windows\System32\certprop.dll
08:57:16.0526 5572  SCPolicySvc - ok
08:57:16.0573 5572  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\windows\System32\SDRSVC.dll
08:57:16.0667 5572  SDRSVC - ok
08:57:16.0713 5572  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\windows\system32\drivers\secdrv.sys
08:57:16.0869 5572  secdrv - ok
08:57:16.0932 5572  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\windows\system32\seclogon.dll
08:57:17.0150 5572  seclogon - ok
08:57:17.0213 5572  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\windows\System32\sens.dll
08:57:17.0384 5572  SENS - ok
08:57:17.0431 5572  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
08:57:17.0509 5572  Serenum - ok
08:57:17.0556 5572  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\windows\system32\DRIVERS\serial.sys
08:57:17.0634 5572  Serial - ok
08:57:17.0696 5572  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
08:57:17.0790 5572  sermouse - ok
08:57:17.0868 5572  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\windows\system32\sessenv.dll
08:57:18.0071 5572  SessionEnv - ok
08:57:18.0133 5572  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
08:57:18.0227 5572  sffdisk - ok
08:57:18.0273 5572  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
08:57:18.0383 5572  sffp_mmc - ok
08:57:18.0414 5572  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
08:57:18.0507 5572  sffp_sd - ok
08:57:18.0554 5572  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
08:57:18.0648 5572  sfloppy - ok
08:57:18.0710 5572  [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
08:57:18.0804 5572  Sftfs - ok
08:57:18.0882 5572  [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
08:57:18.0975 5572  sftlist - ok
08:57:19.0022 5572  [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
08:57:19.0085 5572  Sftplay - ok
08:57:19.0131 5572  [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
08:57:19.0209 5572  Sftredir - ok
08:57:19.0241 5572  [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
08:57:19.0319 5572  Sftvol - ok
08:57:19.0397 5572  [ A5812F0281CA5081BF696626F9BF324D ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
08:57:19.0459 5572  sftvsa - ok
08:57:19.0537 5572  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\windows\System32\ipnathlp.dll
08:57:19.0709 5572  SharedAccess - ok
08:57:19.0802 5572  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
08:57:19.0989 5572  ShellHWDetection - ok
08:57:20.0052 5572  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\windows\system32\drivers\sisagp.sys
08:57:20.0130 5572  sisagp - ok
08:57:20.0192 5572  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
08:57:20.0255 5572  SiSRaid2 - ok
08:57:20.0301 5572  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
08:57:20.0379 5572  SiSRaid4 - ok
08:57:20.0473 5572  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
08:57:20.0535 5572  SkypeUpdate - ok
08:57:20.0567 5572  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\windows\system32\DRIVERS\smb.sys
08:57:20.0707 5572  Smb - ok
08:57:20.0801 5572  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
08:57:20.0910 5572  SNMPTRAP - ok
08:57:20.0972 5572  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\windows\system32\drivers\spldr.sys
08:57:21.0050 5572  spldr - ok
08:57:21.0128 5572  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\windows\System32\spoolsv.exe
08:57:21.0222 5572  Spooler - ok
08:57:21.0581 5572  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\windows\system32\sppsvc.exe
08:57:22.0111 5572  sppsvc - ok
08:57:22.0189 5572  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\windows\system32\sppuinotify.dll
08:57:22.0361 5572  sppuinotify - ok
08:57:22.0548 5572  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\windows\system32\Drivers\sptd.sys
08:57:22.0548 5572  Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
08:57:22.0563 5572  sptd ( LockedFile.Multi.Generic ) - warning
08:57:22.0563 5572  sptd - detected LockedFile.Multi.Generic (1)
08:57:22.0657 5572  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\windows\system32\DRIVERS\srv.sys
08:57:22.0766 5572  srv - ok
08:57:22.0813 5572  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\windows\system32\DRIVERS\srv2.sys
08:57:22.0922 5572  srv2 - ok
08:57:22.0969 5572  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
08:57:23.0125 5572  srvnet - ok
08:57:23.0219 5572  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
08:57:23.0406 5572  SSDPSRV - ok
08:57:23.0437 5572  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\windows\system32\sstpsvc.dll
08:57:23.0687 5572  SstpSvc - ok
08:57:23.0749 5572  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
08:57:23.0843 5572  stexstor - ok
08:57:23.0921 5572  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\windows\System32\wiaservc.dll
08:57:24.0108 5572  StiSvc - ok
08:57:24.0186 5572  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\windows\system32\drivers\swenum.sys
08:57:24.0248 5572  swenum - ok
08:57:24.0326 5572  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\windows\System32\swprv.dll
08:57:24.0513 5572  swprv - ok
08:57:24.0576 5572  [ 069E5728E565BD401347CB94732C4733 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
08:57:24.0654 5572  SynTP - ok
08:57:24.0825 5572  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\windows\system32\sysmain.dll
08:57:25.0013 5572  SysMain - ok
08:57:25.0059 5572  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
08:57:25.0200 5572  TabletInputService - ok
08:57:25.0262 5572  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\windows\System32\tapisrv.dll
08:57:25.0449 5572  TapiSrv - ok
08:57:25.0496 5572  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\windows\System32\tbssvc.dll
08:57:25.0668 5572  TBS - ok
08:57:25.0761 5572  [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip           C:\windows\system32\drivers\tcpip.sys
08:57:25.0902 5572  Tcpip - ok
08:57:25.0995 5572  [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
08:57:26.0151 5572  TCPIP6 - ok
08:57:26.0229 5572  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
08:57:26.0323 5572  tcpipreg - ok
08:57:26.0401 5572  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
08:57:26.0479 5572  TDPIPE - ok
08:57:26.0526 5572  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
08:57:26.0619 5572  TDTCP - ok
08:57:26.0697 5572  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
08:57:26.0885 5572  tdx - ok
08:57:26.0916 5572  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\windows\system32\drivers\termdd.sys
08:57:27.0009 5572  TermDD - ok
08:57:27.0165 5572  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\windows\System32\termsrv.dll
08:57:27.0353 5572  TermService - ok
08:57:27.0399 5572  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\windows\system32\themeservice.dll
08:57:27.0540 5572  Themes - ok
08:57:27.0571 5572  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\windows\system32\mmcss.dll
08:57:27.0727 5572  THREADORDER - ok
08:57:27.0789 5572  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\windows\System32\trkwks.dll
08:57:27.0977 5572  TrkWks - ok
08:57:28.0070 5572  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
08:57:28.0226 5572  TrustedInstaller - ok
08:57:28.0304 5572  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
08:57:28.0476 5572  tssecsrv - ok
08:57:28.0569 5572  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
08:57:28.0663 5572  TsUsbFlt - ok
08:57:28.0741 5572  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
08:57:28.0881 5572  tunnel - ok
08:57:28.0928 5572  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
08:57:29.0006 5572  uagp35 - ok
08:57:29.0084 5572  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\windows\system32\DRIVERS\udfs.sys
08:57:29.0225 5572  udfs - ok
08:57:29.0303 5572  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\windows\system32\UI0Detect.exe
08:57:29.0412 5572  UI0Detect - ok
08:57:29.0474 5572  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
08:57:29.0537 5572  uliagpkx - ok
08:57:29.0615 5572  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\windows\system32\drivers\umbus.sys
08:57:29.0708 5572  umbus - ok
08:57:29.0739 5572  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
08:57:29.0817 5572  UmPass - ok
08:57:29.0911 5572  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\windows\System32\upnphost.dll
08:57:30.0098 5572  upnphost - ok
08:57:30.0176 5572  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
08:57:30.0254 5572  usbccgp - ok
08:57:30.0301 5572  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\windows\system32\drivers\usbcir.sys
08:57:30.0395 5572  usbcir - ok
08:57:30.0473 5572  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\windows\system32\drivers\usbehci.sys
08:57:30.0566 5572  usbehci - ok
08:57:30.0629 5572  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
08:57:30.0722 5572  usbhub - ok
08:57:30.0800 5572  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\windows\system32\drivers\usbohci.sys
08:57:30.0894 5572  usbohci - ok
08:57:30.0941 5572  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
08:57:31.0019 5572  usbprint - ok
08:57:31.0081 5572  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
08:57:31.0175 5572  USBSTOR - ok
08:57:31.0221 5572  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
08:57:31.0331 5572  usbuhci - ok
08:57:31.0393 5572  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
08:57:31.0487 5572  usbvideo - ok
08:57:31.0533 5572  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\windows\System32\uxsms.dll
08:57:31.0689 5572  UxSms - ok
08:57:31.0736 5572  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\windows\system32\lsass.exe
08:57:31.0830 5572  VaultSvc - ok
08:57:31.0877 5572  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
08:57:31.0939 5572  vdrvroot - ok
08:57:32.0048 5572  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\windows\System32\vds.exe
08:57:32.0235 5572  vds - ok
08:57:32.0282 5572  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
08:57:32.0391 5572  vga - ok
08:57:32.0423 5572  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\windows\System32\drivers\vga.sys
08:57:32.0579 5572  VgaSave - ok
08:57:32.0688 5572  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
08:57:32.0750 5572  vhdmp - ok
08:57:32.0813 5572  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\windows\system32\drivers\viaagp.sys
08:57:32.0875 5572  viaagp - ok
08:57:32.0922 5572  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\windows\system32\DRIVERS\viac7.sys
08:57:33.0015 5572  ViaC7 - ok
08:57:33.0047 5572  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\windows\system32\drivers\viaide.sys
08:57:33.0125 5572  viaide - ok
08:57:33.0187 5572  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\windows\system32\drivers\volmgr.sys
08:57:33.0265 5572  volmgr - ok
08:57:33.0343 5572  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
08:57:33.0452 5572  volmgrx - ok
08:57:33.0499 5572  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\windows\system32\drivers\volsnap.sys
08:57:33.0577 5572  volsnap - ok
08:57:33.0624 5572  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
08:57:33.0717 5572  vsmraid - ok
08:57:33.0873 5572  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\windows\system32\vssvc.exe
08:57:34.0092 5572  VSS - ok
08:57:34.0123 5572  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
08:57:34.0232 5572  vwifibus - ok
08:57:34.0279 5572  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
08:57:34.0373 5572  vwififlt - ok
08:57:34.0466 5572  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\windows\system32\w32time.dll
08:57:34.0638 5572  W32Time - ok
08:57:34.0685 5572  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
08:57:34.0763 5572  WacomPen - ok
08:57:34.0841 5572  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
08:57:34.0981 5572  WANARP - ok
08:57:35.0012 5572  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
08:57:35.0153 5572  Wanarpv6 - ok
08:57:35.0340 5572  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\windows\system32\wbengine.exe
08:57:35.0558 5572  wbengine - ok
08:57:35.0605 5572  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
08:57:35.0730 5572  WbioSrvc - ok
08:57:35.0808 5572  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\windows\System32\wcncsvc.dll
08:57:35.0933 5572  wcncsvc - ok
08:57:35.0995 5572  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
08:57:36.0135 5572  WcsPlugInService - ok
08:57:36.0182 5572  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\windows\system32\DRIVERS\wd.sys
08:57:36.0260 5572  Wd - ok
08:57:36.0385 5572  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
08:57:36.0494 5572  Wdf01000 - ok
08:57:36.0525 5572  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\windows\system32\wdi.dll
08:57:36.0650 5572  WdiServiceHost - ok
08:57:36.0666 5572  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\windows\system32\wdi.dll
08:57:36.0806 5572  WdiSystemHost - ok
08:57:36.0884 5572  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\windows\System32\webclnt.dll
08:57:37.0025 5572  WebClient - ok
08:57:37.0087 5572  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\windows\system32\wecsvc.dll
08:57:37.0259 5572  Wecsvc - ok
08:57:37.0337 5572  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\windows\System32\wercplsupport.dll
08:57:37.0508 5572  wercplsupport - ok
08:57:37.0571 5572  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\windows\System32\WerSvc.dll
08:57:37.0742 5572  WerSvc - ok
08:57:37.0805 5572  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
08:57:37.0961 5572  WfpLwf - ok
08:57:38.0023 5572  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\windows\system32\drivers\wimmount.sys
08:57:38.0101 5572  WIMMount - ok
08:57:38.0304 5572  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
08:57:38.0429 5572  WinDefend - ok
08:57:38.0460 5572  WinHttpAutoProxySvc - ok
08:57:38.0600 5572  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
08:57:38.0756 5572  Winmgmt - ok
08:57:38.0928 5572  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\windows\system32\WsmSvc.dll
08:57:39.0162 5572  WinRM - ok
08:57:39.0287 5572  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
08:57:39.0427 5572  WinUsb - ok
08:57:39.0552 5572  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\windows\System32\wlansvc.dll
08:57:39.0708 5572  Wlansvc - ok
08:57:39.0755 5572  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
08:57:39.0879 5572  WmiAcpi - ok
08:57:39.0957 5572  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
08:57:40.0051 5572  wmiApSrv - ok
08:57:40.0254 5572  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
08:57:40.0394 5572  WMPNetworkSvc - ok
08:57:40.0457 5572  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\windows\System32\wpcsvc.dll
08:57:40.0566 5572  WPCSvc - ok
08:57:40.0613 5572  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
08:57:40.0753 5572  WPDBusEnum - ok
08:57:40.0815 5572  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
08:57:40.0987 5572  ws2ifsl - ok
08:57:41.0034 5572  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\windows\System32\wscsvc.dll
08:57:41.0159 5572  wscsvc - ok
08:57:41.0174 5572  WSearch - ok
08:57:41.0471 5572  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\windows\system32\wuaueng.dll
08:57:41.0720 5572  wuauserv - ok
08:57:41.0798 5572  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
08:57:41.0892 5572  WudfPf - ok
08:57:41.0970 5572  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
08:57:42.0063 5572  WUDFRd - ok
08:57:42.0141 5572  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
08:57:42.0251 5572  wudfsvc - ok
08:57:42.0313 5572  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\windows\System32\wwansvc.dll
08:57:42.0422 5572  WwanSvc - ok
08:57:42.0500 5572  [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7         C:\windows\system32\DRIVERS\yk62x86.sys
08:57:42.0625 5572  yukonw7 - ok
08:57:42.0672 5572  ================ Scan global ===============================
08:57:42.0734 5572  [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
08:57:42.0812 5572  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
08:57:42.0859 5572  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll
08:57:42.0906 5572  [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
08:57:42.0984 5572  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
08:57:43.0015 5572  [Global] - ok
08:57:43.0015 5572  ================ Scan MBR ==================================
08:57:43.0031 5572  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
08:57:44.0435 5572  \Device\Harddisk0\DR0 - ok
08:57:44.0435 5572  ================ Scan VBR ==================================
08:57:44.0466 5572  [ 397AF1304F88ED1E0CEC4254FA39777F ] \Device\Harddisk0\DR0\Partition1
08:57:44.0544 5572  \Device\Harddisk0\DR0\Partition1 - ok
08:57:44.0575 5572  [ 46E6F9D50FDE53EEB7DA85DF6357B7AC ] \Device\Harddisk0\DR0\Partition2
08:57:44.0606 5572  \Device\Harddisk0\DR0\Partition2 - ok
08:57:44.0653 5572  [ 375F0584E56E557E10ABF03466B19320 ] \Device\Harddisk0\DR0\Partition3
08:57:44.0715 5572  \Device\Harddisk0\DR0\Partition3 - ok
08:57:44.0715 5572  ============================================================
08:57:44.0715 5572  Scan finished
08:57:44.0715 5572  ============================================================
08:57:44.0762 5140  Detected object count: 1
08:57:44.0762 5140  Actual detected object count: 1
08:59:31.0369 5140  sptd ( LockedFile.Multi.Generic ) - skipped by user
08:59:31.0369 5140  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
         


Alt 17.06.2013, 14:43   #6
markusg
/// Malware-holic
 
Adserver Popup öffnet sich immer wieder - Standard

Adserver Popup öffnet sich immer wieder



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Adserver Popup öffnet sich immer wieder

Alt 18.06.2013, 10:24   #7
Manolo25
 
Adserver Popup öffnet sich immer wieder - Standard

Adserver Popup öffnet sich immer wieder



Code:
ATTFilter
ComboFix 13-06-17.01 - ManuK 18.06.2013   9:53.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1013.394 [GMT 2:00]
ausgeführt von:: c:\users\ManuK\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-18 bis 2013-06-18  ))))))))))))))))))))))))))))))
.
.
2013-06-18 08:13 . 2013-06-18 08:14	--------	d-----w-	c:\users\ManuK\AppData\Local\temp
2013-06-18 08:13 . 2013-06-18 08:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-12 15:48 . 2013-05-16 22:16	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-06-12 15:48 . 2013-05-16 23:34	149656	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 15:48 . 2013-05-16 22:20	420864	----a-w-	c:\windows\system32\vbscript.dll
2013-06-12 13:03 . 2013-05-10 03:20	24576	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-12 13:02 . 2013-04-26 04:55	492544	----a-w-	c:\windows\system32\win32spl.dll
2013-06-12 13:02 . 2013-05-13 03:08	903168	----a-w-	c:\windows\system32\certutil.exe
2013-06-12 13:02 . 2013-05-13 04:45	1160192	----a-w-	c:\windows\system32\crypt32.dll
2013-06-12 13:02 . 2013-05-13 04:45	103936	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-12 13:02 . 2013-05-13 04:45	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-12 13:02 . 2013-05-13 03:08	43008	----a-w-	c:\windows\system32\certenc.dll
2013-06-12 13:02 . 2013-05-06 05:06	3913576	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-06-12 13:02 . 2013-05-06 05:06	3968872	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-06-12 13:02 . 2013-05-08 05:38	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-30 10:55 . 2013-05-30 10:55	--------	d-----w-	c:\program files\Common Files\Java
2013-05-30 10:54 . 2013-05-30 10:54	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-05-23 14:32 . 2013-05-09 08:59	174664	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-05-23 14:31 . 2013-05-09 08:59	49376	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 14:43 . 2012-04-06 15:55	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-12 14:43 . 2011-10-18 14:06	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-30 10:53 . 2012-09-18 15:07	866720	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-05-30 10:53 . 2012-04-08 16:24	788896	----a-w-	c:\windows\system32\deployJava1.dll
2013-05-09 08:59 . 2012-04-29 11:11	368944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2012-04-29 11:11	61680	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-04-29 11:11	56080	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-04-29 11:11	765736	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2012-04-29 11:11	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2012-04-29 11:11	29816	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2012-04-29 11:08	41664	----a-w-	c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-04-29 11:08	229648	----a-w-	c:\windows\system32\aswBoot.exe
2013-04-26 20:12 . 2013-04-26 20:12	0	----a-w-	c:\windows\system32\shoCFCD.tmp
2013-04-13 04:45 . 2013-05-16 07:54	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 07:54	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-25 11:17	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-16 07:54	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-16 07:54	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-16 07:54	2347520	----a-w-	c:\windows\system32\win32k.sys
2012-03-13 04:38 . 2012-04-06 15:45	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ceefadbd-a0ce-4422-a760-3b9167344e06}]
2012-09-24 09:21	1030728	----a-w-	c:\users\ManuK\AppData\Roaming\OutBrowseToolbar\OutBrowseToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ceefadbd-a0ce-4422-a760-3b9167344e06}"= "c:\users\ManuK\AppData\Roaming\OutBrowseToolbar\OutBrowseToolbar.dll" [2012-09-24 1030728]
.
[HKEY_CLASSES_ROOT\clsid\{ceefadbd-a0ce-4422-a760-3b9167344e06}]
[HKEY_CLASSES_ROOT\wtb.Band.1]
[HKEY_CLASSES_ROOT\TypeLib\{c8b9442b-56bf-4644-861f-5cb2158aae27}]
[HKEY_CLASSES_ROOT\wtb.Band]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	121968	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
"APLangApp"="c:\program files\AnyPC Client\APLangApp.exe" [2009-11-20 13312]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2012-06-20 74752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\ManuK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-7 828704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-04-11 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-06 286248]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 33320]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 07:58	1165776	----a-w-	c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 14:43]
.
2013-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-29 11:11]
.
2013-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-29 11:11]
.
2013-06-18 c:\windows\Tasks\VideoSaver Update.job
- c:\program files\VideoSaver\vdsvrur.exe [2013-06-08 18:16]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=
mStart Page = hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876
mSearch Bar = hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\ManuK\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\ManuK\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files\PokerStars.EU\PokerStarsUpdate.exe
IE: {{f6f7c35d-1f19-402b-8f96-1a0ca3efbcab} - {ceefadbd-a0ce-4422-a760-3b9167344e06} - c:\users\ManuK\AppData\Roaming\OutBrowseToolbar\OutBrowseToolbar.dll
TCP: DhcpNameServer = 80.69.103.78 80.69.102.158
FF - ProfilePath - c:\users\ManuK\AppData\Roaming\Mozilla\Firefox\Profiles\lenb5pdu.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876
FF - prefs.js: browser.search.selectedEngine - Web Search);user_pref(browser.search.order.1, Web Search
FF - prefs.js: keyword.URL - hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.autoDisableScopes - 0 
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-18  10:20:20
ComboFix-quarantined-files.txt  2013-06-18 08:20
.
Vor Suchlauf: 6 Verzeichnis(se), 36.121.333.760 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 36.739.833.856 Bytes frei
.
- - End Of File - - 7E7F6C6F25A18A13FAE781E16BB3D47A
2E5DEBB2116B3417023E0D6562D7ED07
         

Alt 18.06.2013, 12:41   #8
markusg
/// Malware-holic
 
Adserver Popup öffnet sich immer wieder - Standard

Adserver Popup öffnet sich immer wieder



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.06.2013, 10:22   #9
Manolo25
 
Adserver Popup öffnet sich immer wieder - Standard

Adserver Popup öffnet sich immer wieder



Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.19.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
ManuK :: MANUK-PC [Administrator]

Schutz: Aktiviert

19.06.2013 07:56:44
mbam-log-2013-06-19 (07-56-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 331514
Laufzeit: 1 Stunde(n), 57 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 6
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=42102&home=true&tid=2876) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=42102&tid=2876&bs=true&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Alt 19.06.2013, 19:07   #10
markusg
/// Malware-holic
 
Adserver Popup öffnet sich immer wieder - Standard

Adserver Popup öffnet sich immer wieder



Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 27.06.2013, 07:02   #11
Manolo25
 
Adserver Popup öffnet sich immer wieder - Standard

Adserver Popup öffnet sich immer wieder



Hi,kurze Frage zwischendurch:
Sollte ich meine Dateien und Dokumente (darunter einige Unisachen) vorher sichern? Oder sind die eventuell auch irgendwie befallen?

Alt 04.07.2013, 15:24   #12
markusg
/// Malware-holic
 
Adserver Popup öffnet sich immer wieder - Standard

Adserver Popup öffnet sich immer wieder



man sichert seine Daten immer regelmäßig, das ist eig keine Frage :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.07.2013, 09:37   #13
Manolo25
 
Adserver Popup öffnet sich immer wieder - Standard

Adserver Popup öffnet sich immer wieder



Die Frage ist, ob ich mir irgendwelche Viren oder sonstiges mit auf den USB-Stick ziehe, wenn ich meine wichtigen Dateien darauf kopiere (was anderes als ein USB-Stick habe ich im Moment nicht da)?

Alt 08.07.2013, 13:16   #14
markusg
/// Malware-holic
 
Adserver Popup öffnet sich immer wieder - Standard

Adserver Popup öffnet sich immer wieder



bkannst du gefahrlos sichern.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Adserver Popup öffnet sich immer wieder
ahnung, fenster, freue, immer wieder, manolo, popup, tagen, troja, trojaner, viren, wenig, wenig ahnung, würde, öffnet, öffnet sich ständig



Ähnliche Themen: Adserver Popup öffnet sich immer wieder


  1. Tab öffnet sich selbständig immer wieder
    Log-Analyse und Auswertung - 16.08.2014 (15)
  2. websearches öffnet sich immer wieder!
    Plagegeister aller Art und deren Bekämpfung - 14.06.2014 (10)
  3. iexplorer.exe öffnet sich immer wieder
    Log-Analyse und Auswertung - 24.07.2012 (1)
  4. Fenster öffnet sich immer wieder mit Werbung
    Plagegeister aller Art und deren Bekämpfung - 12.10.2010 (2)
  5. Internet Explorer öffnet sich immer wieder automatisch
    Log-Analyse und Auswertung - 30.08.2010 (3)
  6. Computer verseucht. Werbefenster öffnet sich immer wieder.
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (2)
  7. internet explorer öffnet sich immer wieder
    Log-Analyse und Auswertung - 25.04.2010 (2)
  8. Internet Explorer öffnet sich immer wieder
    Log-Analyse und Auswertung - 10.04.2010 (6)
  9. schlimmer virus, explorer öffnet sich immer wieder...
    Log-Analyse und Auswertung - 31.03.2010 (8)
  10. Internet Explorer öffnet sich immer wieder
    Log-Analyse und Auswertung - 03.02.2010 (1)
  11. Google öffnet falsche Seiten, Spybot öffnet sich nicht und PC geht immer wieder aus
    Plagegeister aller Art und deren Bekämpfung - 26.08.2009 (8)
  12. CID: Popup öffnet sich immer
    Log-Analyse und Auswertung - 15.06.2009 (5)
  13. IE Öffnet sich immer wieder, Popups alle 2-5min!
    Plagegeister aller Art und deren Bekämpfung - 05.02.2009 (2)
  14. Media Player öffnet sich selbstständig immer und immer wieder
    Log-Analyse und Auswertung - 30.10.2008 (0)
  15. Seite öffnet sich immer wieder!
    Log-Analyse und Auswertung - 02.08.2007 (5)
  16. Outlook Express öffnet sich immer wieder von selbst
    Log-Analyse und Auswertung - 17.03.2005 (6)
  17. CD-ROM Laufwerk öffnet und schleißt sich immer wieder automatisch!!!
    Plagegeister aller Art und deren Bekämpfung - 07.12.2004 (6)

Zum Thema Adserver Popup öffnet sich immer wieder - Hallo, seit ein paar Tagen öffnet sich ständig ein Fenster von ad.adserver oder ad.yieldmanager. Ich hab leider wenig Ahnung davon, wie man Viren, Trojaner usw. los wird, darum würde ich - Adserver Popup öffnet sich immer wieder...
Archiv
Du betrachtest: Adserver Popup öffnet sich immer wieder auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.