Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Programme öffnen langsam. Security Manager zeigt Prozesse an, die nicht im System auffindbar sind. (https://www.trojaner-board.de/138332-programme-oeffnen-langsam-security-manager-zeigt-prozesse-system-auffindbar.html)

Sabrinalie 16.07.2013 19:36
Programme öffnen langsam. Security Manager zeigt Prozesse an, die nicht im System auffindbar sind.
 
Hallöchen Ihr Lieben,

Ich bin Sabrina und habe ich mich angemeldet um eventuell
Hilfe von euch zu bekommen.

Mein PC hat Windows 7 als Betriebssystem.

Seid einiger Zeit läuft mein Pc ziemlich langsam.
Programme lassen sich sehr langsam öffnen.

AntiVir ist installiert und findet keine Viren.
Avast hat auch keine gefunden.
CC Cleaner habe ich mehrmals durchlaufen lassen.

Durch Internet-Recherche habe ich herausgefunden dass der
" Security Task Manager" eine große Hilfe sein soll.
Dieser meldet auch einige Prozesse mit "hoher Bewertung"
Ich habe euch einmal ein Screen-Shot angehängt.

In diesem könnt ihr sehen, dass verschiedene Prozesse/ Programme
aufgeführt werden. Wenn ich zb. smss.exe mit Rechtsklick auf Eigenschaften
gehe, wird immer eine Fehlermeldung angezeigt die besagt
dass die Datei nicht zu finden ist (Siehe Anhang = Screenshot)

Eure Checkliste bin ich soweit durchgegangen, und hänge euch die Dateien mal an :crazy:

Ich hoffe so sehr das ihr mir weiterhelfen könnt!

Liebste Grüße, Danke im voraus und ich drück die Daumen, dass jetzt endlich der Sommer kommt und bleibt :daumenhoc

Sabrinalie 16.07.2013 19:45
Liste der Anhänge anzeigen (Anzahl: 1)
Sorrry, leider habe ich die Anhänge vergessen.
Die Gmer.txt - Datei ist leider zu lang!

Wie kann ich diese noch einfügen?

Gruß
Sabrina

Sabrinalie 16.07.2013 21:46
wer lesen kann ist klar im Vorteil :pfeiff::pfeiff:

Habe die gmer-Datei noch mal als Zip verpackt!

:dankeschoen:

cosinus 17.07.2013 02:16
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Sabrinalie 17.07.2013 09:03
Juten Morgen :)

Antivir und Malware sind wohl schon einmal fündig geworden.

Antivir:

Code:
Exportierte Ereignisse:

09.07.2013 11:11 [Echtzeit-Scanner] Malware gefunden
      In der Datei 'C:\Windows\Temp\_avast5_\unp234972340.tmp'
      wurde ein Virus oder unerwünschtes Programm 'EXP/FLASH.Straconn.Gen' [exploit]
      gefunden.
      Ausgeführte Aktion: Zugriff verweigern
Malware:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.14.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Bina :: BINA-PC [Administrator]

14.07.2013 23:26:38
mbam-log-2013-07-14 (23-26-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 213271
Laufzeit: 11 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 6
HKCU\SOFTWARE\H3O8CABBPI (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Bina\AppData\Roaming\data.dat (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Kann ich euch noch irgendwie behilflich sein?

Grüße
Sabrina

cosinus 17.07.2013 14:27
Zitat:
(Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
Sowas geht auf keinen Fall. Man darf immer nur einen Virenscanner verwenden. Deinstalliere einen der beiden, am besten du behälst Avast

Anschhließend bitte ein frisches Log mit FRST machen:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Sabrinalie 17.07.2013 18:02
Super, Anti-Vir habe ich gelöscht!
Anbei die nun die Logdateien!

Man bin ich gespannt :singsing:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by Bina (administrator) on 17-07-2013 18:57:52
Running from C:\Users\Bina\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [PowerDVD12DMREngine] - "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [501544 2012-01-02] (CyberLink)
HKLM-x32\...\Run: [PowerDVD12Agent] - "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [371256 2012-01-12] (CyberLink Corp.)
AppInit_DLLs:    [0 ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN30675354332663635&UM=2&ctid=CT3297265
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
URLSearchHook: (No Name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} -  No File
URLSearchHook: (No Name) - {6dad39c6-f4ac-4984-8e9b-f666269b9eb1} -  No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {F92E1E8B-855D-408B-8DFF-4765E3AE7BE9} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {F92E1E8B-855D-408B-8DFF-4765E3AE7BE9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297265&CUI=UN30675354332663635&UM=2
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - {F92E1E8B-855D-408B-8DFF-4765E3AE7BE9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3297265&CUI=UN30675354332663635&UM=2
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: No Name - {6dad39c6-f4ac-4984-8e9b-f666269b9eb1} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {6dad39c6-f4ac-4984-8e9b-f666269b9eb1} -  No File
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} -  No File
Toolbar: HKCU - No Name - {6DAD39C6-F4AC-4984-8E9B-F666269B9EB1} -  No File
DPF: HKLM-x32 {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Bina\AppData\Roaming\Mozilla\Firefox\Profiles\3xc856kd.default
FF SelectedSearchEngine: DivX Browser Bar DE Customized Web Search
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3297265&ctid=CT3297265&SearchSource=2&CUI=UN13355325333199033&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: No Name - C:\Users\Bina\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Visualisateur 3D de 20-20 - C:\Users\Bina\AppData\Roaming\Mozilla\Firefox\Profiles\3xc856kd.default\Extensions\2020Player@2020Technologies.com
FF Extension: nasanightlaunch - C:\Users\Bina\AppData\Roaming\Mozilla\Firefox\Profiles\3xc856kd.default\Extensions\nasanightlaunch@example.com.xpi
FF Extension: No Name - C:\Users\Bina\AppData\Roaming\Mozilla\Firefox\Profiles\3xc856kd.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
S2 Rezip; C:\windows\SysWOW64\Rezip.exe [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-14] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-14] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-14] ()
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-09-29] (Windows (R) 2003 DDK 3790 provider)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-09-29] (Windows (R) 2003 DDK 3790 provider)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-01-11] (CyberLink Corp.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-01-11] (CyberLink Corp.)
S4 sptd; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-17 18:57 - 2013-07-17 18:57 - 00000000 ____D C:\FRST
2013-07-17 18:56 - 2013-07-17 18:57 - 01778209 _____ (Farbar) C:\Users\Bina\Downloads\FRST64.exe
2013-07-17 18:51 - 2013-07-17 18:51 - 00000338 _____ C:\windows\PFRO.log
2013-07-17 09:51 - 2013-07-17 09:53 - 00000596 _____ C:\Users\Bina\Desktop\Ereignisse_antivir.txt
2013-07-17 00:09 - 2013-07-17 00:09 - 00575575 _____ C:\Users\Bina\Downloads\anatomy8.rar
2013-07-16 23:08 - 2013-07-16 23:08 - 00000000 ____D C:\Users\Bina\AppData\Local\MediaShow
2013-07-16 23:04 - 2013-07-16 23:04 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2013-07-16 23:04 - 2013-07-16 23:04 - 00000000 ____D C:\Users\Bina\AppData\Local\MediaServer
2013-07-16 23:04 - 2013-07-16 23:04 - 00000000 ____D C:\ProgramData\PDVD
2013-07-16 23:03 - 2013-07-16 23:03 - 00002188 _____ C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
2013-07-16 23:03 - 2013-07-16 23:03 - 00000000 ____D C:\Users\Bina\AppData\Local\CyberLink
2013-07-16 22:56 - 2013-07-16 22:56 - 00000000 ____D C:\ProgramData\install_clap
2013-07-16 22:45 - 2013-07-16 22:45 - 00007774 _____ C:\Users\Bina\Desktop\gmer.zip
2013-07-16 22:40 - 2013-07-16 22:40 - 00000000 ____D C:\Program Files\7-Zip
2013-07-16 22:39 - 2013-07-16 22:39 - 01110476 _____ C:\Users\Bina\Downloads\7z920.exe
2013-07-16 20:43 - 2013-07-16 20:43 - 00120494 _____ C:\Users\Bina\Desktop\gmer2.txt
2013-07-16 20:29 - 2013-07-16 20:29 - 00120494 _____ C:\Users\Bina\Desktop\gmer.log
2013-07-16 19:46 - 2013-07-16 19:46 - 00377856 _____ C:\Users\Bina\Desktop\gmer_2.1.19163.exe
2013-07-16 19:42 - 2013-07-16 19:43 - 00076672 _____ C:\Users\Bina\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2013-07-16 19:42 - 2013-07-16 19:43 - 00000000 ____D C:\Users\Bina\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board-Dateien
2013-07-16 19:41 - 2013-07-16 19:41 - 00084006 _____ C:\Users\Bina\Desktop\Extras.Txt
2013-07-16 19:37 - 2013-07-16 19:37 - 00086810 _____ C:\Users\Bina\Desktop\OTL.Txt
2013-07-16 19:03 - 2013-07-16 19:03 - 00602112 _____ (OldTimer Tools) C:\Users\Bina\Desktop\OTL.exe
2013-07-16 18:58 - 2013-07-16 19:02 - 00000522 _____ C:\Users\Bina\Downloads\defogger_disable.log
2013-07-16 18:58 - 2013-07-16 18:58 - 00000020 _____ C:\Users\Bina\defogger_reenable
2013-07-16 18:57 - 2013-07-16 18:57 - 00050477 _____ C:\Users\Bina\Desktop\Defogger.exe
2013-07-14 23:25 - 2013-07-14 23:25 - 00000000 ____D C:\Users\Bina\AppData\Roaming\Malwarebytes
2013-07-14 23:24 - 2013-07-16 20:33 - 00000958 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-14 23:24 - 2013-07-14 23:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-14 23:24 - 2013-07-14 23:24 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-14 23:24 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-07-14 23:23 - 2013-07-14 23:23 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bina\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-14 23:20 - 2013-07-14 23:20 - 00793536 _____ C:\Users\Bina\Downloads\ZipOpenerSetup.exe
2013-07-14 23:08 - 2013-07-14 23:08 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-07-14 23:07 - 2013-07-17 18:46 - 00004184 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-07-14 23:07 - 2013-07-14 23:07 - 05701712 _____ C:\Users\Bina\Downloads\bitdefender_14isecurity.exe
2013-07-14 23:07 - 2013-07-14 23:07 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-07-14 23:07 - 2013-07-14 23:07 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-07-14 23:07 - 2013-07-14 23:07 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-14 23:07 - 2013-07-14 23:07 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-14 23:07 - 2013-07-14 23:07 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-14 23:07 - 2013-05-09 10:59 - 00072016 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2013-07-14 23:07 - 2013-05-09 10:59 - 00065336 _____ C:\windows\system32\Drivers\aswRvrt.sys
2013-07-14 22:56 - 2013-07-17 18:52 - 00000840 _____ C:\windows\setupact.log
2013-07-14 22:56 - 2013-07-14 22:56 - 00291864 _____ C:\windows\Minidump\071413-29140-01.dmp
2013-07-14 22:56 - 2013-07-14 22:56 - 00000000 ____D C:\windows\Minidump
2013-07-14 22:56 - 2013-07-14 22:56 - 00000000 _____ C:\windows\setuperr.log
2013-07-14 22:55 - 2013-07-14 22:55 - 579095703 _____ C:\windows\MEMORY.DMP
2013-07-14 22:33 - 2013-07-14 22:33 - 00001456 _____ C:\Users\Bina\Desktop\TaskMan.exe - Verknüpfung.lnk
2013-07-14 22:19 - 2013-07-14 22:33 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2013-07-14 22:15 - 2013-07-14 22:15 - 00007630 _____ C:\Users\Bina\AppData\Local\Resmon.ResmonCfg
2013-07-14 21:50 - 2013-07-14 21:50 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-07-14 21:50 - 2013-07-14 21:50 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-07-14 21:50 - 2013-07-14 21:50 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-07-14 21:50 - 2013-07-14 21:50 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-14 21:47 - 2013-07-14 21:48 - 31714728 _____ (Oracle Corporation) C:\Users\Bina\Downloads\jre-7u25-windows-i586.exe
2013-07-14 17:46 - 2013-07-14 17:46 - 00001614 _____ C:\Users\Bina\Documents\cc_20130714_174651.reg
2013-07-14 15:48 - 2013-07-14 15:48 - 00042022 _____ C:\Users\Bina\Documents\cc_20130714_154837.reg
2013-07-14 12:55 - 2013-07-14 12:55 - 00000000 ____D C:\Users\Bina\AppData\Local\DDMSettings
2013-07-14 12:12 - 2013-07-14 12:12 - 00001607 _____ C:\Users\Bina\Desktop\DivX Movies.lnk
2013-07-14 12:11 - 2013-07-14 12:11 - 00001112 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-07-14 12:08 - 2013-07-14 12:08 - 00001152 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-14 11:56 - 2013-07-14 11:56 - 00000000 ____D C:\Program Files (x86)\DivX_Browser_Bar_DE
2013-07-14 11:47 - 2013-07-14 11:47 - 00081768 _____ (Conduit) C:\ministub.exe
2013-07-14 11:47 - 2013-07-14 11:47 - 00000000 ____D C:\ProgramData\Conduit
2013-07-14 11:45 - 2013-07-14 11:58 - 00000009 _____ C:\END
2013-07-14 11:19 - 2013-07-14 11:19 - 00000000 ____D C:\Users\Bina\Desktop\Maik
2013-07-11 23:08 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-11 23:08 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-11 23:08 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-11 23:08 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-11 23:08 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-11 23:08 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-11 23:08 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-11 23:08 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-11 23:08 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-11 23:08 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2013-07-11 23:08 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-11 23:08 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-11 23:08 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-11 23:08 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-11 23:08 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-11 23:08 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-11 23:08 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-11 23:08 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-11 23:08 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-11 23:08 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-11 23:08 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-11 23:08 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-11 23:08 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-11 23:08 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-11 23:08 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-11 23:08 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-11 23:08 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-11 23:08 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 23:08 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-11 23:08 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-11 23:08 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-11 22:04 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-07-11 22:04 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-07-11 22:04 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-11 22:04 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-07-11 22:02 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-07-11 22:00 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-07-11 22:00 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-06-27 18:50 - 2013-06-28 19:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-07-17 18:57 - 2013-07-17 18:57 - 00000000 ____D C:\FRST
2013-07-17 18:57 - 2013-07-17 18:56 - 01778209 _____ (Farbar) C:\Users\Bina\Downloads\FRST64.exe
2013-07-17 18:52 - 2013-07-14 22:56 - 00000840 _____ C:\windows\setupact.log
2013-07-17 18:52 - 2009-07-14 07:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-07-17 18:51 - 2013-07-17 18:51 - 00000338 _____ C:\windows\PFRO.log
2013-07-17 18:51 - 2010-08-04 04:27 - 01698974 _____ C:\windows\WindowsUpdate.log
2013-07-17 18:51 - 2009-07-14 06:45 - 00014144 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 18:51 - 2009-07-14 06:45 - 00014144 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-17 18:46 - 2013-07-14 23:07 - 00004184 _____ C:\windows\System32\Tasks\avast! Emergency Update
2013-07-17 13:26 - 2012-06-11 23:23 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-07-17 13:24 - 2013-01-07 23:28 - 00000000 ____D C:\Users\Bina\AppData\Roaming\UseNeXT
2013-07-17 13:15 - 2013-01-07 23:28 - 00000000 ____D C:\Users\Bina\Documents\UseNeXT
2013-07-17 09:53 - 2013-07-17 09:51 - 00000596 _____ C:\Users\Bina\Desktop\Ereignisse_antivir.txt
2013-07-17 00:09 - 2013-07-17 00:09 - 00575575 _____ C:\Users\Bina\Downloads\anatomy8.rar
2013-07-16 23:08 - 2013-07-16 23:08 - 00000000 ____D C:\Users\Bina\AppData\Local\MediaShow
2013-07-16 23:05 - 2010-12-26 20:21 - 00000000 ____D C:\Users\Bina\Documents\CyberLink
2013-07-16 23:05 - 2010-12-26 20:21 - 00000000 ____D C:\Users\Bina\AppData\Roaming\CyberLink
2013-07-16 23:04 - 2013-07-16 23:04 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2013-07-16 23:04 - 2013-07-16 23:04 - 00000000 ____D C:\Users\Bina\AppData\Local\MediaServer
2013-07-16 23:04 - 2013-07-16 23:04 - 00000000 ____D C:\ProgramData\PDVD
2013-07-16 23:04 - 2010-08-04 04:31 - 00000000 ____D C:\ProgramData\CyberLink
2013-07-16 23:03 - 2013-07-16 23:03 - 00002188 _____ C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
2013-07-16 23:03 - 2013-07-16 23:03 - 00000000 ____D C:\Users\Bina\AppData\Local\CyberLink
2013-07-16 23:03 - 2010-12-21 00:59 - 00000000 ____D C:\Users\Public\CyberLink
2013-07-16 23:01 - 2010-08-04 04:31 - 00000000 ____D C:\Program Files (x86)\CyberLink
2013-07-16 22:56 - 2013-07-16 22:56 - 00000000 ____D C:\ProgramData\install_clap
2013-07-16 22:56 - 2010-08-04 04:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-16 22:45 - 2013-07-16 22:45 - 00007774 _____ C:\Users\Bina\Desktop\gmer.zip
2013-07-16 22:40 - 2013-07-16 22:40 - 00000000 ____D C:\Program Files\7-Zip
2013-07-16 22:39 - 2013-07-16 22:39 - 01110476 _____ C:\Users\Bina\Downloads\7z920.exe
2013-07-16 20:48 - 2010-08-04 20:46 - 00654400 _____ C:\windows\system32\perfh007.dat
2013-07-16 20:48 - 2010-08-04 20:46 - 00130240 _____ C:\windows\system32\perfc007.dat
2013-07-16 20:48 - 2009-07-14 07:13 - 01498742 _____ C:\windows\system32\PerfStringBackup.INI
2013-07-16 20:43 - 2013-07-16 20:43 - 00120494 _____ C:\Users\Bina\Desktop\gmer2.txt
2013-07-16 20:33 - 2013-07-14 23:24 - 00000958 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-07-16 20:29 - 2013-07-16 20:29 - 00120494 _____ C:\Users\Bina\Desktop\gmer.log
2013-07-16 19:46 - 2013-07-16 19:46 - 00377856 _____ C:\Users\Bina\Desktop\gmer_2.1.19163.exe
2013-07-16 19:43 - 2013-07-16 19:42 - 00076672 _____ C:\Users\Bina\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
2013-07-16 19:43 - 2013-07-16 19:42 - 00000000 ____D C:\Users\Bina\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board-Dateien
2013-07-16 19:41 - 2013-07-16 19:41 - 00084006 _____ C:\Users\Bina\Desktop\Extras.Txt
2013-07-16 19:37 - 2013-07-16 19:37 - 00086810 _____ C:\Users\Bina\Desktop\OTL.Txt
2013-07-16 19:03 - 2013-07-16 19:03 - 00602112 _____ (OldTimer Tools) C:\Users\Bina\Desktop\OTL.exe
2013-07-16 19:02 - 2013-07-16 18:58 - 00000522 _____ C:\Users\Bina\Downloads\defogger_disable.log
2013-07-16 18:58 - 2013-07-16 18:58 - 00000020 _____ C:\Users\Bina\defogger_reenable
2013-07-16 18:58 - 2010-12-15 13:33 - 00000000 ____D C:\Users\Bina
2013-07-16 18:57 - 2013-07-16 18:57 - 00050477 _____ C:\Users\Bina\Desktop\Defogger.exe
2013-07-16 18:43 - 2011-01-02 21:48 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-07-14 23:25 - 2013-07-14 23:25 - 00000000 ____D C:\Users\Bina\AppData\Roaming\Malwarebytes
2013-07-14 23:24 - 2013-07-14 23:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-14 23:24 - 2013-07-14 23:24 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-14 23:23 - 2013-07-14 23:23 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Bina\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-14 23:20 - 2013-07-14 23:20 - 00793536 _____ C:\Users\Bina\Downloads\ZipOpenerSetup.exe
2013-07-14 23:17 - 2012-12-21 16:48 - 00000000 ____D C:\Users\Bina\AppData\Local\Torch
2013-07-14 23:08 - 2013-07-14 23:08 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-07-14 23:07 - 2013-07-14 23:07 - 05701712 _____ C:\Users\Bina\Downloads\bitdefender_14isecurity.exe
2013-07-14 23:07 - 2013-07-14 23:07 - 01030952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2013-07-14 23:07 - 2013-07-14 23:07 - 00189936 _____ C:\windows\system32\Drivers\aswVmm.sys
2013-07-14 23:07 - 2013-07-14 23:07 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-14 23:07 - 2013-07-14 23:07 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-14 23:07 - 2013-07-14 23:07 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-14 23:07 - 2011-01-03 14:09 - 00378944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2013-07-14 23:07 - 2011-01-03 14:09 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-07-14 22:56 - 2013-07-14 22:56 - 00291864 _____ C:\windows\Minidump\071413-29140-01.dmp
2013-07-14 22:56 - 2013-07-14 22:56 - 00000000 ____D C:\windows\Minidump
2013-07-14 22:56 - 2013-07-14 22:56 - 00000000 _____ C:\windows\setuperr.log
2013-07-14 22:55 - 2013-07-14 22:55 - 579095703 _____ C:\windows\MEMORY.DMP
2013-07-14 22:33 - 2013-07-14 22:33 - 00001456 _____ C:\Users\Bina\Desktop\TaskMan.exe - Verknüpfung.lnk
2013-07-14 22:33 - 2013-07-14 22:19 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2013-07-14 22:30 - 2009-07-14 06:45 - 00433848 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-14 22:15 - 2013-07-14 22:15 - 00007630 _____ C:\Users\Bina\AppData\Local\Resmon.ResmonCfg
2013-07-14 21:50 - 2013-07-14 21:50 - 00263592 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2013-07-14 21:50 - 2013-07-14 21:50 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2013-07-14 21:50 - 2013-07-14 21:50 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2013-07-14 21:50 - 2013-07-14 21:50 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-14 21:50 - 2013-01-27 19:41 - 00867240 _____ (Oracle Corporation) C:\windows\SysWOW64\npDeployJava1.dll
2013-07-14 21:50 - 2012-05-23 09:58 - 00789416 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2013-07-14 21:48 - 2013-07-14 21:47 - 31714728 _____ (Oracle Corporation) C:\Users\Bina\Downloads\jre-7u25-windows-i586.exe
2013-07-14 21:47 - 2011-05-04 16:38 - 00000000 ____D C:\Users\Bina\AppData\Local\Conduit
2013-07-14 17:54 - 2012-05-23 09:58 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-14 17:46 - 2013-07-14 17:46 - 00001614 _____ C:\Users\Bina\Documents\cc_20130714_174651.reg
2013-07-14 15:48 - 2013-07-14 15:48 - 00042022 _____ C:\Users\Bina\Documents\cc_20130714_154837.reg
2013-07-14 15:39 - 2012-12-21 18:38 - 00000000 ____D C:\Users\Bina\Documents\Calibre Bibliothek
2013-07-14 13:29 - 2010-12-15 13:41 - 00114384 _____ C:\Users\Bina\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-14 12:55 - 2013-07-14 12:55 - 00000000 ____D C:\Users\Bina\AppData\Local\DDMSettings
2013-07-14 12:52 - 2012-12-21 18:38 - 00000960 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2013-07-14 12:52 - 2012-12-21 18:37 - 00000000 ____D C:\Program Files (x86)\Calibre2
2013-07-14 12:12 - 2013-07-14 12:12 - 00001607 _____ C:\Users\Bina\Desktop\DivX Movies.lnk
2013-07-14 12:12 - 2010-12-15 14:32 - 00000000 ____D C:\Program Files (x86)\DivX
2013-07-14 12:12 - 2010-12-15 14:31 - 00000000 ____D C:\ProgramData\DivX
2013-07-14 12:11 - 2013-07-14 12:11 - 00001112 _____ C:\Users\Public\Desktop\DivX Plus Player.lnk
2013-07-14 12:10 - 2010-12-15 14:32 - 00000000 ____D C:\Program Files\DivX
2013-07-14 12:08 - 2013-07-14 12:08 - 00001152 _____ C:\Users\Public\Desktop\DivX Plus Converter.lnk
2013-07-14 11:58 - 2013-07-14 11:45 - 00000009 _____ C:\END
2013-07-14 11:56 - 2013-07-14 11:56 - 00000000 ____D C:\Program Files (x86)\DivX_Browser_Bar_DE
2013-07-14 11:47 - 2013-07-14 11:47 - 00081768 _____ (Conduit) C:\ministub.exe
2013-07-14 11:47 - 2013-07-14 11:47 - 00000000 ____D C:\ProgramData\Conduit
2013-07-14 11:40 - 2012-03-25 20:29 - 00000000 ____D C:\Users\Bina\AppData\Roaming\Orbit
2013-07-14 11:20 - 2012-11-11 13:33 - 00000000 ____D C:\Users\Bina\Desktop\Studium
2013-07-14 11:19 - 2013-07-14 11:19 - 00000000 ____D C:\Users\Bina\Desktop\Maik
2013-07-12 09:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-12 09:48 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-12 09:47 - 2013-03-18 00:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-12 09:47 - 2013-03-18 00:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 09:47 - 2010-08-04 20:33 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 23:10 - 2012-12-07 22:17 - 78185248 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-07-11 23:10 - 2012-01-04 00:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-30 20:43 - 2012-04-29 10:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-28 19:12 - 2013-06-27 18:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
C:\ProgramData\0tbpw.pad

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-15 00:32

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02
Ran by Bina at 2013-07-17 18:58:48
Running from C:\Users\Bina\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
 Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x32)
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.42.34)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Atheros Client Installation Program (x32 Version: 1.0.5.0621)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
BatteryLifeExtender (x32 Version: 1.0.5)
Bonjour (Version: 3.0.0.10)
calibre (x32 Version: 0.9.39)
CyberLink DVD Suite (x32 Version: 6.0.2806)
CyberLink LabelPrint (x32 Version: 2.5.1916)
CyberLink Power2Go (x32 Version: 6.0.3108a)
CyberLink PowerDirector (x32 Version: 7.0.3213)
CyberLink PowerDVD 12 (x32 Version: 12.0.1312.54)
CyberLink PowerDVD 8 (x32 Version: 8.0.2815b)
CyberLink PowerProducer (x32 Version: 5.0.1.1812)
CyberLink YouCam (x32 Version: 2.0.3911)
D3DX10 (x32 Version: 15.4.2368.0902)
DivX Browser Bar DE Toolbar (x32 Version: 6.13.3.505)
DivX Converter (x32 Version: 7.1.0)
DivX Plus DirectShow Filters (x32)
DivX Plus Web Player (x32 Version: 2.0.0)
DivX-Setup (x32 Version: 2.6.1.44)
eaner (Version: 3.02)
Easy Display Manager (x32 Version: 3.2)
Easy Network Manager (x32 Version: 4.3.3)
Easy SpeedUp Manager (x32 Version: 3.0.0.5)
EasyBatteryManager (x32 Version: 4.0.0.4)
Free Mp3 Wma Converter V 2.2 (x32 Version: 2.2.0.0)
Free YouTube Download version 3.1.33.822 (x32 Version: 3.1.33.822)
Free YouTube to MP3 Converter version 3.11.32.918 (x32 Version: 3.11.32.918)
FreeMind (x32 Version: 0.9.0)
GIMP 2.6.10 (x32 Version: 2.6.10)
High Quality Photo Resizer 5.02 (x32)
HTC Driver Installer (x32 Version: 2.0.7.016)
HTC Sync (x32 Version: 2.0.28)
ImagXpress (x32 Version: 7.0.74.0)
ImgBurn (x32 Version: 2.5.5.0)
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software (Version: 13.02.0000)
Intel(R) Rapid Storage Technology (x32 Version: 9.6.3.1001)
Intel(R) Turbo Boost Technology Driver (x32 Version: 01.02.00.1002)
iTunes (Version: 11.0.2.26)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Light Image Resizer 4.0.8.2 (x32 Version: 4.0.8.2)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Marvell Miniport Driver (x32 Version: 11.22.3.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mp3tag v2.47b (x32 Version: v2.47b)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero Burning ROM 10 (x32 Version: 10.2.11000.12.100)
Nero Burning ROM 10 (x32 Version: 10.5.10300)
Nero BurningROM 10 Help (CHM) (x32 Version: 10.5.10100)
Nero BurnRights 10 (x32 Version: 4.2.10300.0.102)
Nero BurnRights 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Control Center 10 (x32 Version: 10.2.10600.0.6)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Core Components 10 (x32 Version: 2.0.17400.8.2)
Nero Update (x32 Version: 1.0.0018)
neroxml (x32 Version: 1.0.0)
NVIDIA Drivers (Version: 1.4)
PhotoLikr 1.0.8.12 (x32 Version: 1.0.8.12)
QuickTime (x32 Version: 7.73.80.64)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6003)
REALTEK Wireless LAN Software (x32 Version: 0133.09.1202)
Samsung Recovery Solution 4 (x32 Version: 4.0.0.6)
Samsung R-Series (x32 Version: 1.0)
Samsung Support Center (x32 Version: 1.0.2)
Samsung Update Plus (x32 Version: 2.0)
Skype Toolbars (x32 Version: 5.0.4137)
Skype™ 5.10 (x32 Version: 5.10.116)
Synaptics Pointing Device Driver (Version: 15.0.10.0)
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
UseNeXT by Tangysoft (x32)
User Guide (x32 Version: 1.0)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
VirtualCloneDrive (x32)
VLC media player 1.1.5 (x32 Version: 1.1.5)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

16-07-2013 16:23:55 Datei in Quarantäne Ordner verschieben: Microsoft® Windows Live
16-07-2013 20:56:02 Installiert PowerDVD

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04D8D0CC-8B5E-43EE-99B5-284426B9932D} - System32\Tasks\task12672632 => C:\Users\Bina\AppData\Local\Temp\e.exe No File
Task: {05FACB47-A91F-420D-BCEC-FF600F302C99} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe No File
Task: {0B7DFB6C-E4D1-48B8-898B-4C7912F97612} - System32\Tasks\EasyBatteryManager => %ProgramFiles(x86)%\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe No File
Task: {12AD4683-D1E9-421E-A7F4-23A8CCA5DAEB} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: {226CBEF3-C14B-4D3E-9085-AAEF8FF18D69} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-06-01] (Samsung Electronics. Co. Ltd.)
Task: {604146E0-A7DE-4F58-84AC-2FF0DFBFE22A} - System32\Tasks\task6217841 => C:\Users\Bina\AppData\Local\Temp\e.exe No File
Task: {653FEC7F-8ED0-41BD-AB56-2AF118229ACE} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC)
Task: {6B0787FD-5BB1-4DC3-9A45-0BE7899928E9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7604BED2-C7BF-404D-84CA-1B76B68954DD} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {A2D4FC2D-4900-4F8F-8331-30A1397D1A06} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {BB939BB1-F6E3-4251-9DB5-0064B9F67F48} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {C669F786-748E-4936-9946-0DF9F64787DF} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {D9D83B46-6A6E-45CA-AED6-5CC18F7079DA} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {F61F6EF1-4B7D-4235-A63E-9D1A37BD484D} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-06-08] (Samsung Electronics Co., Ltd.)
Task: {FC8801BB-D0C9-48A7-B692-FE243C37E441} - System32\Tasks\SamsungSupportCenter => %programfiles(x86)%\Samsung\Samsung Support Center\SSCKbdHk.exe No File
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2013 10:27:57 PM) (Source: Wininit) (User: )
Description: Ein kritischer Systemprozess C:\windows\system32\lsm.exe ist fehlgeschlagen mit den Statuscode 00000000. Der Computer muss neu gestartet werden.

Error: (07/14/2013 05:55:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bca54
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000009970a
ID des fehlerhaften Prozesses: 0x1994
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3

Error: (07/14/2013 03:44:35 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: conhost.exe, Version: 6.1.7601.18015, Zeitstempel: 0x50b826c0
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000009970a
ID des fehlerhaften Prozesses: 0x1cb0
Startzeit der fehlerhaften Anwendung: 0xconhost.exe0
Pfad der fehlerhaften Anwendung: conhost.exe1
Pfad des fehlerhaften Moduls: conhost.exe2
Berichtskennung: conhost.exe3

Error: (07/14/2013 03:43:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: conhost.exe, Version: 6.1.7601.18015, Zeitstempel: 0x50b826c0
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000009970a
ID des fehlerhaften Prozesses: 0x19f4
Startzeit der fehlerhaften Anwendung: 0xconhost.exe0
Pfad der fehlerhaften Anwendung: conhost.exe1
Pfad des fehlerhaften Moduls: conhost.exe2
Berichtskennung: conhost.exe3

Error: (07/14/2013 00:59:10 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SearchProtocolHost.exe, Version: 7.0.7601.17610, Zeitstempel: 0x4dc0d006
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000009970a
ID des fehlerhaften Prozesses: 0x1aec
Startzeit der fehlerhaften Anwendung: 0xSearchProtocolHost.exe0
Pfad der fehlerhaften Anwendung: SearchProtocolHost.exe1
Pfad des fehlerhaften Moduls: SearchProtocolHost.exe2
Berichtskennung: SearchProtocolHost.exe3

Error: (07/14/2013 00:10:09 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/14/2013 00:10:07 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/14/2013 00:10:06 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/14/2013 11:57:29 AM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (07/14/2013 11:44:58 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WerFault.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc607
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000009970a
ID des fehlerhaften Prozesses: 0x1350
Startzeit der fehlerhaften Anwendung: 0xWerFault.exe0
Pfad der fehlerhaften Anwendung: WerFault.exe1
Pfad des fehlerhaften Moduls: WerFault.exe2
Berichtskennung: WerFault.exe3


System errors:
=============
Error: (07/17/2013 06:53:07 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Rezip" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/17/2013 06:45:51 PM) (Source: DCOM) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/17/2013 06:45:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (07/17/2013 06:45:50 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.

Error: (07/17/2013 06:43:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Rezip" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/17/2013 09:44:55 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Rezip" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/16/2013 11:04:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "CyberLink PowerDVD 12 Media Server Monitor Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/16/2013 11:04:31 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "CyberLink PowerDVD 12 Media Server Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (07/16/2013 08:32:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Rezip" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/16/2013 06:20:03 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-05-04 22:34:31.923
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-04 22:34:31.642
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-04 22:25:42.434
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-04 22:25:42.186
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-04 22:24:51.476
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-04 22:24:51.186
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-04 22:20:08.991
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-04 22:20:08.709
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-04 22:19:41.134
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-05-04 22:19:40.779
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3956.55 MB
Available physical RAM: 2174.91 MB
Total Pagefile: 7911.29 MB
Available Pagefile: 6160.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:179 GB) (Free:28.19 GB) NTFS (Disk=0 Partition=3)
Drive d: () (Fixed) (Total:266.66 GB) (Free:140.81 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 8C0FBFDC)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=179 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=267 GB) - (Type=OF Extended)

==================== End Of Log ============================

cosinus 18.07.2013 01:22
Da scheint einiges an Mist drauf zu sein...

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Sabrinalie 18.07.2013 19:43
Juhuuu...
also entweder bilde ich mir das ein oder der PC ist jetzt schon bisschen schneller:daumenhoc

Hier der Code :

Code:
ComboFix 13-07-18.02 - Bina 18.07.2013  20:25:18.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3957.2412 [GMT 2:00]
ausgeführt von:: c:\users\Bina\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
c:\programdata\FullRemove.exe
c:\programdata\GiGa lnc\GiGa Mini Crypter
c:\users\Bina\AppData\Roaming\Binalog.dat
c:\windows\Install
c:\windows\SysWow64\install
c:\windows\SysWow64\install\test2.exe
c:\windows\tmp
c:\windows\tmp\dd_vcredistMSI218A.txt
c:\windows\tmp\dd_vcredistUI218A.txt
c:\windows\tmp\qtsingleapp-koboex-7d5-1-lockfile
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-06-18 bis 2013-07-18  ))))))))))))))))))))))))))))))
.
.
2013-07-18 18:35 . 2013-07-18 18:35        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-07-18 18:25 . 2013-07-18 18:25        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A2EDD1E-C028-44E5-93B7-BB1627E392ED}\offreg.dll
2013-07-18 18:20 . 2013-07-15 01:34        9460976        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A2EDD1E-C028-44E5-93B7-BB1627E392ED}\mpengine.dll
2013-07-17 17:44 . 2013-07-17 17:44        --------        d-----w-        c:\program files\iPod
2013-07-17 17:44 . 2013-07-17 17:45        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-17 17:44 . 2013-07-17 17:45        --------        d-----w-        c:\program files\iTunes
2013-07-17 17:44 . 2013-07-17 17:45        --------        d-----w-        c:\program files (x86)\iTunes
2013-07-17 17:41 . 2009-09-04 15:29        1892184        ----a-w-        c:\windows\SysWow64\D3DX9_42.dll
2013-07-17 17:41 . 2006-09-28 14:05        2414360        ----a-w-        c:\windows\SysWow64\d3dx9_31.dll
2013-07-17 17:39 . 2013-07-17 17:39        --------        d-----w-        c:\program files\Winamp Detect
2013-07-17 17:39 . 2013-07-17 17:39        --------        d-----w-        c:\programdata\Winamp Toolbar
2013-07-17 17:39 . 2013-07-17 17:39        --------        d-----w-        c:\program files (x86)\Winamp Toolbar
2013-07-17 17:39 . 2013-07-17 17:39        --------        d-----w-        c:\program files (x86)\Common Files\Software Update Utility
2013-07-17 17:38 . 2013-07-17 21:34        --------        d-----w-        c:\users\Bina\AppData\Roaming\Winamp
2013-07-17 17:38 . 2013-07-17 17:41        --------        d-----w-        c:\program files\Winamp
2013-07-17 16:57 . 2013-07-17 16:57        --------        d-----w-        C:\FRST
2013-07-16 21:08 . 2013-07-16 21:08        --------        d-----w-        c:\users\Bina\AppData\Local\MediaShow
2013-07-16 21:04 . 2013-07-16 21:04        --------        d-----w-        c:\users\Bina\AppData\Local\MediaServer
2013-07-16 21:04 . 2013-07-16 21:04        --------        d-----w-        c:\programdata\PDVD
2013-07-16 21:03 . 2013-07-16 21:03        --------        d-----w-        c:\users\Bina\AppData\Local\CyberLink
2013-07-16 20:56 . 2013-07-16 20:56        --------        d-----w-        c:\programdata\install_clap
2013-07-16 20:40 . 2013-07-16 20:40        --------        d-----w-        c:\program files\7-Zip
2013-07-14 21:25 . 2013-07-14 21:25        --------        d-----w-        c:\users\Bina\AppData\Roaming\Malwarebytes
2013-07-14 21:24 . 2013-07-14 21:24        --------        d-----w-        c:\programdata\Malwarebytes
2013-07-14 21:24 . 2013-07-14 21:24        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-07-14 21:24 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-07-14 21:23 . 2013-07-14 21:23        --------        d-----w-        c:\users\Bina\AppData\Local\Programs
2013-07-14 21:08 . 2013-07-14 21:08        --------        d-----w-        c:\program files\Common Files\Bitdefender
2013-07-14 21:08 . 2013-07-14 21:08        --------        d-----w-        c:\program files (x86)\Common Files\Bitdefender
2013-07-14 21:07 . 2013-07-14 21:07        189936        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-07-14 21:07 . 2013-07-14 21:07        1030952        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2013-07-14 21:07 . 2013-05-09 08:59        72016        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2013-07-14 21:07 . 2013-05-09 08:59        65336        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2013-07-14 20:19 . 2013-07-14 20:33        --------        d-----w-        c:\program files (x86)\Security Task Manager
2013-07-14 19:51 . 2013-07-14 19:51        --------        d-----w-        c:\program files (x86)\Common Files\Java
2013-07-14 19:50 . 2013-07-14 19:50        96168        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-14 10:55 . 2013-07-14 10:55        --------        d-----w-        c:\users\Bina\AppData\Local\DDMSettings
2013-07-14 09:56 . 2013-07-14 09:56        --------        d-----w-        c:\program files (x86)\DivX_Browser_Bar_DE
2013-07-14 09:47 . 2013-07-14 09:47        81768        ----a-w-        C:\ministub.exe
2013-07-14 09:47 . 2013-07-14 09:47        --------        d-----w-        c:\programdata\Conduit
2013-07-11 20:04 . 2013-05-27 05:50        1011712        ----a-w-        c:\program files\Windows Defender\MpSvc.dll
2013-07-11 20:04 . 2013-05-27 05:50        571904        ----a-w-        c:\program files\Windows Defender\MpClient.dll
2013-07-11 20:04 . 2013-05-27 05:50        314880        ----a-w-        c:\program files\Windows Defender\MpCommu.dll
2013-07-11 20:04 . 2013-05-27 04:57        392704        ----a-w-        c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-11 20:04 . 2013-05-27 04:57        4608        ----a-w-        c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 20:04 . 2013-05-27 04:57        54784        ----a-w-        c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-11 20:04 . 2013-05-27 03:15        9216        ----a-w-        c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 20:04 . 2013-06-04 06:00        624128        ----a-w-        c:\windows\system32\qedit.dll
2013-07-11 20:04 . 2013-06-04 04:53        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2013-07-11 20:04 . 2013-05-06 06:03        1887744        ----a-w-        c:\windows\system32\WMVDECOD.DLL
2013-07-11 20:04 . 2013-05-06 04:56        1620480        ----a-w-        c:\windows\SysWow64\WMVDECOD.DLL
2013-07-11 20:02 . 2013-06-05 03:34        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-07-11 20:02 . 2013-04-10 05:48        1732608        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 20:02 . 2013-04-10 05:46        1393152        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 20:02 . 2013-04-10 05:46        1367040        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 20:02 . 2013-04-10 05:46        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 20:02 . 2013-04-10 05:03        936448        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 20:00 . 2013-04-09 23:34        1247744        ----a-w-        c:\windows\SysWow64\DWrite.dll
2013-07-11 20:00 . 2013-04-02 22:51        1643520        ----a-w-        c:\windows\system32\DWrite.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-14 21:07 . 2011-01-03 12:09        378944        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2013-07-14 19:50 . 2013-01-27 17:41        867240        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-07-14 19:50 . 2012-05-23 07:58        789416        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-07-11 21:10 . 2012-12-07 20:17        78185248        ----a-w-        c:\windows\system32\MRT.exe
2013-06-11 20:26 . 2012-06-11 21:23        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 20:26 . 2011-12-03 20:02        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-05 20:00 . 2013-06-05 20:00        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-06-05 20:00 . 2013-06-05 20:00        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-06-05 20:00 . 2013-06-05 20:00        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-06-05 20:00 . 2013-06-05 20:00        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-06-05 20:00 . 2013-06-05 20:00        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-06-05 20:00 . 2013-06-05 20:00        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-06-05 20:00 . 2013-06-05 20:00        138752        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-06-05 20:00 . 2013-06-05 20:00        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-05 20:00 . 2013-06-05 20:00        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-05 20:00 . 2013-06-05 20:00        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-06-05 20:00 . 2013-06-05 20:00        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-06-05 20:00 . 2013-06-05 20:00        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-06-05 20:00 . 2013-06-05 20:00        361984        ----a-w-        c:\windows\SysWow64\html.iec
2013-06-05 20:00 . 2013-06-05 20:00        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-06-05 20:00 . 2013-06-05 20:00        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-06-05 20:00 . 2013-06-05 20:00        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-06-05 20:00 . 2013-06-05 20:00        12800        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-06-05 20:00 . 2013-06-05 20:00        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-06-05 20:00 . 2013-06-05 20:00        97280        ----a-w-        c:\windows\system32\mshtmled.dll
2013-06-05 20:00 . 2013-06-05 20:00        92160        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2013-06-05 20:00 . 2013-06-05 20:00        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-06-05 20:00 . 2013-06-05 20:00        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-06-05 20:00 . 2013-06-05 20:00        762368        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-06-05 20:00 . 2013-06-05 20:00        62976        ----a-w-        c:\windows\system32\pngfilt.dll
2013-06-05 20:00 . 2013-06-05 20:00        599552        ----a-w-        c:\windows\system32\vbscript.dll
2013-06-05 20:00 . 2013-06-05 20:00        52224        ----a-w-        c:\windows\system32\msfeedsbs.dll
2013-06-05 20:00 . 2013-06-05 20:00        51200        ----a-w-        c:\windows\system32\imgutil.dll
2013-06-05 20:00 . 2013-06-05 20:00        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2013-06-05 20:00 . 2013-06-05 20:00        452096        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-06-05 20:00 . 2013-06-05 20:00        441856        ----a-w-        c:\windows\system32\html.iec
2013-06-05 20:00 . 2013-06-05 20:00        281600        ----a-w-        c:\windows\system32\dxtrans.dll
2013-06-05 20:00 . 2013-06-05 20:00        27648        ----a-w-        c:\windows\system32\licmgr10.dll
2013-06-05 20:00 . 2013-06-05 20:00        270848        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-06-05 20:00 . 2013-06-05 20:00        247296        ----a-w-        c:\windows\system32\webcheck.dll
2013-06-05 20:00 . 2013-06-05 20:00        235008        ----a-w-        c:\windows\system32\url.dll
2013-06-05 20:00 . 2013-06-05 20:00        216064        ----a-w-        c:\windows\system32\msls31.dll
2013-06-05 20:00 . 2013-06-05 20:00        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-06-05 20:00 . 2013-06-05 20:00        173568        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-06-05 20:00 . 2013-06-05 20:00        167424        ----a-w-        c:\windows\system32\iexpress.exe
2013-06-05 20:00 . 2013-06-05 20:00        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-06-05 20:00 . 2013-06-05 20:00        149504        ----a-w-        c:\windows\system32\occache.dll
2013-06-05 20:00 . 2013-06-05 20:00        144896        ----a-w-        c:\windows\system32\wextract.exe
2013-06-05 20:00 . 2013-06-05 20:00        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-06-05 20:00 . 2013-06-05 20:00        13824        ----a-w-        c:\windows\system32\mshta.exe
2013-06-05 20:00 . 2013-06-05 20:00        136192        ----a-w-        c:\windows\system32\iepeers.dll
2013-06-05 20:00 . 2013-06-05 20:00        135680        ----a-w-        c:\windows\system32\IEAdvpack.dll
2013-06-05 20:00 . 2013-06-05 20:00        12800        ----a-w-        c:\windows\system32\msfeedssync.exe
2013-06-05 20:00 . 2013-06-05 20:00        102912        ----a-w-        c:\windows\system32\inseng.dll
2013-06-05 20:00 . 2013-06-05 20:00        77312        ----a-w-        c:\windows\system32\tdc.ocx
2013-06-05 19:58 . 2013-06-05 19:58        9728        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        5632        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        522752        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2013-06-05 19:58 . 2013-06-05 19:58        465920        ----a-w-        c:\windows\system32\WMPhoto.dll
2013-06-05 19:58 . 2013-06-05 19:58        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll
2013-06-05 19:58 . 2013-06-05 19:58        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        4096        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        3928064        ----a-w-        c:\windows\system32\d2d1.dll
2013-06-05 19:58 . 2013-06-05 19:58        364544        ----a-w-        c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-05 19:58 . 2013-06-05 19:58        363008        ----a-w-        c:\windows\system32\dxgi.dll
2013-06-05 19:58 . 2013-06-05 19:58        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        3584        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        2776576        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2013-06-05 19:58 . 2013-06-05 19:58        2565120        ----a-w-        c:\windows\system32\d3d10warp.dll
2013-06-05 19:58 . 2013-06-05 19:58        2560        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        249856        ----a-w-        c:\windows\SysWow64\d3d10_1core.dll
2013-06-05 19:58 . 2013-06-05 19:58        2284544        ----a-w-        c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-05 19:58 . 2013-06-05 19:58        220160        ----a-w-        c:\windows\SysWow64\d3d10core.dll
2013-06-05 19:58 . 2013-06-05 19:58        207872        ----a-w-        c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-05 19:58 . 2013-06-05 19:58        1682432        ----a-w-        c:\windows\system32\XpsPrint.dll
2013-06-05 19:58 . 2013-06-05 19:58        161792        ----a-w-        c:\windows\SysWow64\d3d10_1.dll
2013-06-05 19:58 . 2013-06-05 19:58        1175552        ----a-w-        c:\windows\system32\FntCache.dll
2013-06-05 19:58 . 2013-06-05 19:58        1158144        ----a-w-        c:\windows\SysWow64\XpsPrint.dll
2013-06-05 19:58 . 2013-06-05 19:58        1080832        ----a-w-        c:\windows\SysWow64\d3d10.dll
2013-06-05 19:58 . 2013-06-05 19:58        10752        ---ha-w-        c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        10752        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-05 19:58 . 2013-06-05 19:58        648192        ----a-w-        c:\windows\system32\d3d10level9.dll
2013-06-05 19:58 . 2013-06-05 19:58        604160        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2013-06-05 19:58 . 2013-06-05 19:58        3419136        ----a-w-        c:\windows\SysWow64\d2d1.dll
2013-06-05 19:58 . 2013-06-05 19:58        333312        ----a-w-        c:\windows\system32\d3d10_1core.dll
2013-06-05 19:58 . 2013-06-05 19:58        296960        ----a-w-        c:\windows\system32\d3d10core.dll
2013-06-05 19:58 . 2013-06-05 19:58        293376        ----a-w-        c:\windows\SysWow64\dxgi.dll
2013-06-05 19:58 . 2013-06-05 19:58        245248        ----a-w-        c:\windows\system32\WindowsCodecsExt.dll
2013-06-05 19:58 . 2013-06-05 19:58        221184        ----a-w-        c:\windows\system32\UIAnimation.dll
2013-06-05 19:58 . 2013-06-05 19:58        1988096        ----a-w-        c:\windows\SysWow64\d3d10warp.dll
2013-06-05 19:58 . 2013-06-05 19:58        194560        ----a-w-        c:\windows\system32\d3d10_1.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"PowerDVD12DMREngine"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" [2012-01-02 501544]
"PowerDVD12Agent"="c:\program files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" [2012-01-12 371256]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-05-25 37888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe;c:\windows\SysWOW64\Rezip.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2013/07/16 23:04];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 20:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58        133840        ----a-w-        c:\program files\Alwil Software\Avast5\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN30675354332663635&UM=2&ctid=CT3297265
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Bina\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Bina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Bina\AppData\Roaming\Mozilla\Firefox\Profiles\3xc856kd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3297265&CUI=UN13355325333199033&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DivX Browser Bar DE Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3297265&ctid=CT3297265&SearchSource=2&CUI=UN13355325333199033&UM=2&q=
FF - ExtSQL: 2013-07-14 12:12; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-07-14 23:07; wrc@avast.com; c:\program files\Alwil Software\Avast5\WebRep\FF
FF - ExtSQL: 2013-07-17 19:39; {0b38152b-1b20-484d-a11f-5e04a9b0661f}; c:\users\Bina\AppData\Roaming\Mozilla\Firefox\Profiles\3xc856kd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)
URLSearchHooks-{6dad39c6-f4ac-4984-8e9b-f666269b9eb1} - (no file)
BHO-{6dad39c6-f4ac-4984-8e9b-f666269b9eb1} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{15X1GU84-3M4U-14YL-FNF1-WRFJ31M70HUO} - c:\windows\system32\install\oxcc.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{KW7UX1UI-885J-H100-NE11-HC88164WE34U} - c:\windows\system32\install\test2.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-18  20:40:08
ComboFix-quarantined-files.txt  2013-07-18 18:40
.
Vor Suchlauf: 9 Verzeichnis(se), 28.495.114.240 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 28.333.948.928 Bytes frei
.
- - End Of File - - A1FEF58103787701668C76A5BD1A08C0
D41D8CD98F00B204E9800998ECF8427E

Grüüüüüßßeee
Sabrina

cosinus 18.07.2013 21:04
Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



Anschließend bitte ein neuen Log mit GMER machen:

Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Sabrinalie 18.07.2013 23:17
Teil 1 : Mbar

Code:
Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.18.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Bina :: BINA-PC [administrator]

18.07.2013 22:28:58
mbar-log-2013-07-18 (22-28-58).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 259251
Time elapsed: 38 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Sabrinalie 18.07.2013 23:21
Teil 2 leider als Achriv-Datei!
Sorry!

Danke im voraus!:daumenhoc

cosinus 18.07.2013 23:27
Hat MBAR wirklich nichts gefunden oder hast du das Log mit den Funden vergessen?

Sabrinalie 19.07.2013 08:16
Guten morgen :)

ich meine er hat wirklich nichts gefunden!

das war zumindest der einzige log der danach gemacht wurde!

soll ich ihn lieber nochmal machen?

cosinus 19.07.2013 15:04
aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Sabrinalie 21.07.2013 23:07
Guten Abend!!
Tut mir leid dass ich mich jetzt erst melde!
Hier einmal diese aswMBR!
Der TDSS-Killer hat nichts gefunden!

Liebe Grüße

Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-21 23:37:20
-----------------------------
23:37:20.298    OS Version: Windows x64 6.1.7601 Service Pack 1
23:37:20.298    Number of processors: 4 586 0x2505
23:37:20.298    ComputerName: BINA-PC  UserName: Bina
23:37:42.357    Initialize success
23:37:47.895    AVAST engine defs: 13072101
23:38:28.798    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:38:28.814    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
23:38:28.938    Disk 0 MBR read successfully
23:38:28.938    Disk 0 MBR scan
23:38:28.954    Disk 0 unknown MBR code
23:38:28.985    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        20480 MB offset 2048
23:38:29.016    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 41945088
23:38:29.032    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      183296 MB offset 42149888
23:38:29.048    Disk 0 Partition - 00    0F Extended LBA            273062 MB offset 417540096
23:38:29.079    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      273061 MB offset 417542144
23:38:29.266    Disk 0 scanning C:\windows\system32\drivers
23:38:44.773    Service scanning
23:39:12.151    Modules scanning
23:39:12.665    Disk 0 trace - called modules:
23:39:12.712    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:39:12.712    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004796060]
23:39:12.728    3 CLASSPNP.SYS[fffff88001ba343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80044bd050]
23:39:13.711    AVAST engine scan C:\windows
23:39:17.252    AVAST engine scan C:\windows\system32
23:41:57.059    AVAST engine scan C:\windows\system32\drivers
23:42:12.675    AVAST engine scan C:\Users\Bina
23:53:16.846    AVAST engine scan C:\ProgramData
23:55:49.946    Scan finished successfully
23:59:49.361    Disk 0 MBR has been saved successfully to "C:\Users\Bina\Desktop\MBR.dat"
23:59:49.376    The log file has been saved successfully to "C:\Users\Bina\Desktop\aswMBR.txt"

cosinus 22.07.2013 00:32
Zitat:
Der TDSS-Killer hat nichts gefunden!
Du solltest doch die Logs immer posten...

Sabrinalie 22.07.2013 09:57
Sorry, dachte ich hätte irgendwo gelesen, dass man nur Logs mit
Fünden angeben soll ;)

Code:
00:03:14.0569 4980  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:03:15.0006 4980  ============================================================
00:03:15.0006 4980  Current date / time: 2013/07/22 00:03:15.0006
00:03:15.0006 4980  SystemInfo:
00:03:15.0006 4980 
00:03:15.0006 4980  OS Version: 6.1.7601 ServicePack: 1.0
00:03:15.0006 4980  Product type: Workstation
00:03:15.0006 4980  ComputerName: BINA-PC
00:03:15.0006 4980  UserName: Bina
00:03:15.0006 4980  Windows directory: C:\windows
00:03:15.0006 4980  System windows directory: C:\windows
00:03:15.0006 4980  Running under WOW64
00:03:15.0006 4980  Processor architecture: Intel x64
00:03:15.0006 4980  Number of processors: 4
00:03:15.0006 4980  Page size: 0x1000
00:03:15.0006 4980  Boot type: Normal boot
00:03:15.0006 4980  ============================================================
00:03:15.0755 4980  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:03:15.0770 4980  ============================================================
00:03:15.0770 4980  \Device\Harddisk0\DR0:
00:03:15.0786 4980  MBR partitions:
00:03:15.0786 4980  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
00:03:15.0786 4980  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x16600000
00:03:15.0817 4980  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x18E33000, BlocksNum 0x21552800
00:03:15.0817 4980  ============================================================
00:03:15.0864 4980  C: <-> \Device\Harddisk0\DR0\Partition2
00:03:15.0895 4980  D: <-> \Device\Harddisk0\DR0\Partition3
00:03:15.0895 4980  ============================================================
00:03:15.0895 4980  Initialize success
00:03:15.0895 4980  ============================================================
00:04:00.0262 4608  ============================================================
00:04:00.0262 4608  Scan started
00:04:00.0262 4608  Mode: Manual; SigCheck; TDLFS;
00:04:00.0262 4608  ============================================================
00:04:00.0979 4608  ================ Scan system memory ========================
00:04:00.0979 4608  System memory - ok
00:04:00.0979 4608  ================ Scan services =============================
00:04:01.0182 4608  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
00:04:01.0338 4608  1394ohci - ok
00:04:01.0385 4608  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
00:04:01.0432 4608  ACPI - ok
00:04:01.0479 4608  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\windows\system32\drivers\acpipmi.sys
00:04:01.0525 4608  AcpiPmi - ok
00:04:01.0666 4608  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:04:01.0697 4608  AdobeARMservice - ok
00:04:01.0869 4608  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:04:01.0900 4608  AdobeFlashPlayerUpdateSvc - ok
00:04:01.0962 4608  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\windows\system32\DRIVERS\adp94xx.sys
00:04:02.0009 4608  adp94xx - ok
00:04:02.0071 4608  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\windows\system32\DRIVERS\adpahci.sys
00:04:02.0118 4608  adpahci - ok
00:04:02.0134 4608  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\windows\system32\DRIVERS\adpu320.sys
00:04:02.0181 4608  adpu320 - ok
00:04:02.0212 4608  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\windows\System32\aelupsvc.dll
00:04:02.0337 4608  AeLookupSvc - ok
00:04:02.0399 4608  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\windows\system32\drivers\afd.sys
00:04:02.0461 4608  AFD - ok
00:04:02.0508 4608  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
00:04:02.0539 4608  agp440 - ok
00:04:02.0586 4608  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\windows\System32\alg.exe
00:04:02.0633 4608  ALG - ok
00:04:02.0680 4608  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
00:04:02.0711 4608  aliide - ok
00:04:02.0727 4608  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
00:04:02.0758 4608  amdide - ok
00:04:02.0805 4608  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\windows\system32\DRIVERS\amdk8.sys
00:04:02.0851 4608  AmdK8 - ok
00:04:02.0867 4608  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
00:04:02.0914 4608  AmdPPM - ok
00:04:02.0961 4608  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\windows\system32\drivers\amdsata.sys
00:04:02.0992 4608  amdsata - ok
00:04:03.0039 4608  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
00:04:03.0070 4608  amdsbs - ok
00:04:03.0101 4608  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\windows\system32\drivers\amdxata.sys
00:04:03.0132 4608  amdxata - ok
00:04:03.0179 4608  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\windows\system32\drivers\appid.sys
00:04:03.0273 4608  AppID - ok
00:04:03.0304 4608  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
00:04:03.0413 4608  AppIDSvc - ok
00:04:03.0460 4608  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo        C:\windows\System32\appinfo.dll
00:04:03.0522 4608  Appinfo - ok
00:04:03.0600 4608  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:04:03.0631 4608  Apple Mobile Device - ok
00:04:03.0709 4608  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\windows\system32\DRIVERS\arc.sys
00:04:03.0741 4608  arc - ok
00:04:03.0756 4608  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
00:04:03.0787 4608  arcsas - ok
00:04:03.0834 4608  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\windows\system32\drivers\aswFsBlk.sys
00:04:03.0881 4608  aswFsBlk - ok
00:04:03.0928 4608  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt      C:\windows\system32\drivers\aswMonFlt.sys
00:04:03.0959 4608  aswMonFlt - ok
00:04:03.0990 4608  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\windows\System32\Drivers\aswrdr2.sys
00:04:04.0021 4608  aswRdr - ok
00:04:04.0099 4608  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt        C:\windows\system32\drivers\aswRvrt.sys
00:04:04.0115 4608  aswRvrt - ok
00:04:04.0193 4608  [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
00:04:04.0287 4608  aswSnx - ok
00:04:04.0318 4608  [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP          C:\windows\system32\drivers\aswSP.sys
00:04:04.0365 4608  aswSP - ok
00:04:04.0380 4608  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\windows\system32\drivers\aswTdi.sys
00:04:04.0411 4608  aswTdi - ok
00:04:04.0489 4608  [ 22F521108881DC59837F6FC614E0568F ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
00:04:04.0521 4608  aswVmm - ok
00:04:04.0567 4608  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
00:04:04.0677 4608  AsyncMac - ok
00:04:04.0723 4608  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\windows\system32\drivers\atapi.sys
00:04:04.0755 4608  atapi - ok
00:04:04.0833 4608  [ 2C0BB386E86670BB1B1A57CAAEF3E50D ] athr            C:\windows\system32\DRIVERS\athrx.sys
00:04:04.0942 4608  athr - ok
00:04:05.0020 4608  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
00:04:05.0160 4608  AudioEndpointBuilder - ok
00:04:05.0191 4608  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
00:04:05.0301 4608  AudioSrv - ok
00:04:05.0379 4608  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
00:04:05.0410 4608  avast! Antivirus - ok
00:04:05.0472 4608  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
00:04:05.0535 4608  AxInstSV - ok
00:04:05.0597 4608  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\windows\system32\DRIVERS\bxvbda.sys
00:04:05.0659 4608  b06bdrv - ok
00:04:05.0722 4608  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
00:04:05.0784 4608  b57nd60a - ok
00:04:05.0831 4608  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
00:04:05.0878 4608  BDESVC - ok
00:04:05.0893 4608  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
00:04:06.0003 4608  Beep - ok
00:04:06.0096 4608  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\windows\System32\bfe.dll
00:04:06.0221 4608  BFE - ok
00:04:06.0283 4608  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\system32\qmgr.dll
00:04:06.0439 4608  BITS - ok
00:04:06.0486 4608  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
00:04:06.0533 4608  blbdrive - ok
00:04:06.0642 4608  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:04:06.0673 4608  Bonjour Service - ok
00:04:06.0736 4608  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
00:04:06.0783 4608  bowser - ok
00:04:06.0814 4608  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
00:04:06.0861 4608  BrFiltLo - ok
00:04:06.0892 4608  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
00:04:06.0939 4608  BrFiltUp - ok
00:04:07.0001 4608  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
00:04:07.0110 4608  BridgeMP - ok
00:04:07.0157 4608  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\windows\System32\browser.dll
00:04:07.0219 4608  Browser - ok
00:04:07.0266 4608  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\windows\System32\Drivers\Brserid.sys
00:04:07.0297 4608  Brserid - ok
00:04:07.0329 4608  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
00:04:07.0375 4608  BrSerWdm - ok
00:04:07.0407 4608  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
00:04:07.0453 4608  BrUsbMdm - ok
00:04:07.0469 4608  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
00:04:07.0516 4608  BrUsbSer - ok
00:04:07.0594 4608  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum        C:\windows\system32\drivers\BthEnum.sys
00:04:07.0656 4608  BthEnum - ok
00:04:07.0672 4608  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
00:04:07.0734 4608  BTHMODEM - ok
00:04:07.0765 4608  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
00:04:07.0828 4608  BthPan - ok
00:04:07.0890 4608  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT        C:\windows\System32\Drivers\BTHport.sys
00:04:07.0953 4608  BTHPORT - ok
00:04:07.0999 4608  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\windows\system32\bthserv.dll
00:04:08.0109 4608  bthserv - ok
00:04:08.0140 4608  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
00:04:08.0187 4608  BTHUSB - ok
00:04:08.0249 4608  catchme - ok
00:04:08.0296 4608  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
00:04:08.0421 4608  cdfs - ok
00:04:08.0467 4608  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\windows\system32\DRIVERS\cdrom.sys
00:04:08.0514 4608  cdrom - ok
00:04:08.0577 4608  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\windows\System32\certprop.dll
00:04:08.0686 4608  CertPropSvc - ok
00:04:08.0733 4608  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\DRIVERS\circlass.sys
00:04:08.0795 4608  circlass - ok
00:04:08.0842 4608  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
00:04:08.0889 4608  CLFS - ok
00:04:09.0045 4608  [ 4C6406CF07D4EBB70C5774D55C6688FB ] CLHNServiceForPowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
00:04:09.0060 4608  CLHNServiceForPowerDVD12 - ok
00:04:09.0154 4608  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:04:09.0185 4608  clr_optimization_v2.0.50727_32 - ok
00:04:09.0232 4608  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:04:09.0263 4608  clr_optimization_v2.0.50727_64 - ok
00:04:09.0341 4608  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:04:09.0388 4608  clr_optimization_v4.0.30319_32 - ok
00:04:09.0435 4608  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:04:09.0466 4608  clr_optimization_v4.0.30319_64 - ok
00:04:09.0513 4608  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
00:04:09.0544 4608  CmBatt - ok
00:04:09.0575 4608  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
00:04:09.0606 4608  cmdide - ok
00:04:09.0669 4608  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\windows\system32\Drivers\cng.sys
00:04:09.0762 4608  CNG - ok
00:04:09.0809 4608  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
00:04:09.0840 4608  Compbatt - ok
00:04:09.0887 4608  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
00:04:09.0949 4608  CompositeBus - ok
00:04:09.0965 4608  COMSysApp - ok
00:04:09.0996 4608  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\windows\system32\DRIVERS\crcdisk.sys
00:04:10.0012 4608  crcdisk - ok
00:04:10.0090 4608  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\windows\system32\cryptsvc.dll
00:04:10.0168 4608  CryptSvc - ok
00:04:10.0230 4608  [ EA22BCA708B37B82ADEBC822A171B92E ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
00:04:10.0261 4608  CyberLink PowerDVD 12 Media Server Monitor Service - ok
00:04:10.0308 4608  [ 3168D2F171A64590E7A11355CAE60A1E ] CyberLink PowerDVD 12 Media Server Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
00:04:10.0339 4608  CyberLink PowerDVD 12 Media Server Service - ok
00:04:10.0402 4608  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
00:04:10.0558 4608  DcomLaunch - ok
00:04:10.0573 4608  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\windows\System32\defragsvc.dll
00:04:10.0698 4608  defragsvc - ok
00:04:10.0761 4608  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
00:04:10.0870 4608  DfsC - ok
00:04:10.0932 4608  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
00:04:10.0979 4608  Dhcp - ok
00:04:10.0995 4608  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
00:04:11.0119 4608  discache - ok
00:04:11.0166 4608  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\DRIVERS\disk.sys
00:04:11.0197 4608  Disk - ok
00:04:11.0229 4608  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
00:04:11.0291 4608  Dnscache - ok
00:04:11.0322 4608  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\windows\System32\dot3svc.dll
00:04:11.0447 4608  dot3svc - ok
00:04:11.0478 4608  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\windows\system32\dps.dll
00:04:11.0603 4608  DPS - ok
00:04:11.0650 4608  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\windows\system32\drivers\drmkaud.sys
00:04:11.0712 4608  drmkaud - ok
00:04:11.0775 4608  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl        C:\windows\System32\drivers\dxgkrnl.sys
00:04:11.0868 4608  DXGKrnl - ok
00:04:11.0899 4608  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\windows\System32\eapsvc.dll
00:04:12.0009 4608  EapHost - ok
00:04:12.0133 4608  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\windows\system32\DRIVERS\evbda.sys
00:04:12.0305 4608  ebdrv - ok
00:04:12.0352 4608  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\windows\System32\lsass.exe
00:04:12.0399 4608  EFS - ok
00:04:12.0477 4608  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\windows\ehome\ehRecvr.exe
00:04:12.0555 4608  ehRecvr - ok
00:04:12.0586 4608  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\windows\ehome\ehsched.exe
00:04:12.0648 4608  ehSched - ok
00:04:12.0695 4608  [ 9A47AC3DFCF81D30922CDAAF1C2D579F ] ElbyCDIO        C:\windows\system32\Drivers\ElbyCDIO.sys
00:04:12.0726 4608  ElbyCDIO - ok
00:04:12.0804 4608  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\windows\system32\DRIVERS\elxstor.sys
00:04:12.0851 4608  elxstor - ok
00:04:12.0882 4608  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
00:04:12.0913 4608  ErrDev - ok
00:04:12.0976 4608  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\windows\system32\es.dll
00:04:13.0116 4608  EventSystem - ok
00:04:13.0163 4608  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\windows\system32\drivers\exfat.sys
00:04:13.0288 4608  exfat - ok
00:04:13.0319 4608  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\windows\system32\drivers\fastfat.sys
00:04:13.0428 4608  fastfat - ok
00:04:13.0491 4608  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\windows\system32\fxssvc.exe
00:04:13.0584 4608  Fax - ok
00:04:13.0615 4608  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\windows\system32\DRIVERS\fdc.sys
00:04:13.0662 4608  fdc - ok
00:04:13.0709 4608  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\windows\system32\fdPHost.dll
00:04:13.0818 4608  fdPHost - ok
00:04:13.0834 4608  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
00:04:13.0943 4608  FDResPub - ok
00:04:13.0990 4608  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
00:04:14.0021 4608  FileInfo - ok
00:04:14.0052 4608  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\windows\system32\drivers\filetrace.sys
00:04:14.0177 4608  Filetrace - ok
00:04:14.0208 4608  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
00:04:14.0255 4608  flpydisk - ok
00:04:14.0302 4608  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
00:04:14.0349 4608  FltMgr - ok
00:04:14.0427 4608  [ C4C183E6551084039EC862DA1C945E3D ] FontCache      C:\windows\system32\FntCache.dll
00:04:14.0505 4608  FontCache - ok
00:04:14.0567 4608  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:04:14.0598 4608  FontCache3.0.0.0 - ok
00:04:14.0614 4608  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\windows\system32\drivers\FsDepends.sys
00:04:14.0645 4608  FsDepends - ok
00:04:14.0707 4608  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr        C:\windows\system32\DRIVERS\fssfltr.sys
00:04:14.0739 4608  fssfltr - ok
00:04:14.0832 4608  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:04:14.0941 4608  fsssvc - ok
00:04:14.0988 4608  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
00:04:15.0019 4608  Fs_Rec - ok
00:04:15.0066 4608  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
00:04:15.0113 4608  fvevol - ok
00:04:15.0144 4608  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
00:04:15.0175 4608  gagp30kx - ok
00:04:15.0238 4608  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM    C:\windows\system32\DRIVERS\GEARAspiWDM.sys
00:04:15.0253 4608  GEARAspiWDM - ok
00:04:15.0316 4608  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\windows\System32\gpsvc.dll
00:04:15.0472 4608  gpsvc - ok
00:04:15.0503 4608  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
00:04:15.0550 4608  hcw85cir - ok
00:04:15.0612 4608  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
00:04:15.0659 4608  HdAudAddService - ok
00:04:15.0721 4608  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
00:04:15.0768 4608  HDAudBus - ok
00:04:15.0784 4608  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\windows\system32\DRIVERS\HidBatt.sys
00:04:15.0815 4608  HidBatt - ok
00:04:15.0846 4608  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
00:04:15.0893 4608  HidBth - ok
00:04:15.0924 4608  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\windows\system32\DRIVERS\hidir.sys
00:04:15.0971 4608  HidIr - ok
00:04:16.0002 4608  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\windows\System32\hidserv.dll
00:04:16.0111 4608  hidserv - ok
00:04:16.0158 4608  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\drivers\hidusb.sys
00:04:16.0189 4608  HidUsb - ok
00:04:16.0236 4608  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
00:04:16.0345 4608  hkmsvc - ok
00:04:16.0392 4608  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
00:04:16.0439 4608  HomeGroupListener - ok
00:04:16.0486 4608  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
00:04:16.0533 4608  HomeGroupProvider - ok
00:04:16.0564 4608  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
00:04:16.0595 4608  HpSAMD - ok
00:04:16.0657 4608  [ CF44B25AE808765D7308F412AD492DDB ] HTCAND64        C:\windows\system32\Drivers\ANDROIDUSB.sys
00:04:16.0689 4608  HTCAND64 - ok
00:04:16.0767 4608  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
00:04:16.0891 4608  HTTP - ok
00:04:16.0938 4608  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
00:04:16.0954 4608  hwpolicy - ok
00:04:17.0016 4608  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
00:04:17.0047 4608  i8042prt - ok
00:04:17.0094 4608  [ A5F72BB0D024E7E463344105BE613AE4 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
00:04:17.0125 4608  iaStor - ok
00:04:17.0188 4608  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\windows\system32\drivers\iaStorV.sys
00:04:17.0235 4608  iaStorV - ok
00:04:17.0313 4608  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:04:17.0391 4608  idsvc - ok
00:04:17.0609 4608  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
00:04:17.0905 4608  igfx - ok
00:04:17.0937 4608  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\windows\system32\DRIVERS\iirsp.sys
00:04:17.0968 4608  iirsp - ok
00:04:18.0015 4608  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
00:04:18.0171 4608  IKEEXT - ok
00:04:18.0217 4608  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd          C:\windows\system32\DRIVERS\Impcd.sys
00:04:18.0264 4608  Impcd - ok
00:04:18.0373 4608  [ 801946CE25DD2179FE68599826B0BB88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
00:04:18.0514 4608  IntcAzAudAddService - ok
00:04:18.0561 4608  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
00:04:18.0592 4608  intelide - ok
00:04:18.0639 4608  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
00:04:18.0685 4608  intelppm - ok
00:04:18.0717 4608  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\windows\system32\ipbusenum.dll
00:04:18.0841 4608  IPBusEnum - ok
00:04:18.0888 4608  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
00:04:18.0997 4608  IpFilterDriver - ok
00:04:19.0075 4608  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
00:04:19.0138 4608  iphlpsvc - ok
00:04:19.0153 4608  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\windows\system32\drivers\IPMIDrv.sys
00:04:19.0200 4608  IPMIDRV - ok
00:04:19.0231 4608  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\windows\system32\drivers\ipnat.sys
00:04:19.0341 4608  IPNAT - ok
00:04:19.0434 4608  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
00:04:19.0481 4608  iPod Service - ok
00:04:19.0543 4608  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
00:04:19.0606 4608  IRENUM - ok
00:04:19.0653 4608  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
00:04:19.0684 4608  isapnp - ok
00:04:19.0715 4608  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
00:04:19.0762 4608  iScsiPrt - ok
00:04:19.0809 4608  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
00:04:19.0840 4608  kbdclass - ok
00:04:19.0887 4608  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
00:04:19.0918 4608  kbdhid - ok
00:04:19.0965 4608  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
00:04:19.0996 4608  KeyIso - ok
00:04:20.0043 4608  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
00:04:20.0074 4608  KSecDD - ok
00:04:20.0121 4608  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\windows\system32\Drivers\ksecpkg.sys
00:04:20.0152 4608  KSecPkg - ok
00:04:20.0199 4608  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\windows\system32\drivers\ksthunk.sys
00:04:20.0308 4608  ksthunk - ok
00:04:20.0339 4608  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\windows\system32\msdtckrm.dll
00:04:20.0464 4608  KtmRm - ok
00:04:20.0542 4608  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\System32\srvsvc.dll
00:04:20.0667 4608  LanmanServer - ok
00:04:20.0729 4608  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
00:04:20.0838 4608  LanmanWorkstation - ok
00:04:20.0885 4608  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
00:04:21.0010 4608  lltdio - ok
00:04:21.0041 4608  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\windows\System32\lltdsvc.dll
00:04:21.0166 4608  lltdsvc - ok
00:04:21.0197 4608  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\windows\System32\lmhsvc.dll
00:04:21.0306 4608  lmhosts - ok
00:04:21.0353 4608  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
00:04:21.0384 4608  LSI_FC - ok
00:04:21.0415 4608  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\windows\system32\DRIVERS\lsi_sas.sys
00:04:21.0447 4608  LSI_SAS - ok
00:04:21.0462 4608  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
00:04:21.0493 4608  LSI_SAS2 - ok
00:04:21.0509 4608  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
00:04:21.0556 4608  LSI_SCSI - ok
00:04:21.0571 4608  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\windows\system32\drivers\luafv.sys
00:04:21.0665 4608  luafv - ok
00:04:21.0727 4608  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\windows\system32\Mcx2Svc.dll
00:04:21.0759 4608  Mcx2Svc - ok
00:04:21.0774 4608  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\windows\system32\DRIVERS\megasas.sys
00:04:21.0805 4608  megasas - ok
00:04:21.0837 4608  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
00:04:21.0868 4608  MegaSR - ok
00:04:21.0977 4608  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
00:04:22.0008 4608  Microsoft Office Groove Audit Service - ok
00:04:22.0024 4608  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\windows\system32\mmcss.dll
00:04:22.0149 4608  MMCSS - ok
00:04:22.0164 4608  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\windows\system32\drivers\modem.sys
00:04:22.0273 4608  Modem - ok
00:04:22.0320 4608  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\windows\system32\DRIVERS\monitor.sys
00:04:22.0367 4608  monitor - ok
00:04:22.0429 4608  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\drivers\mouclass.sys
00:04:22.0461 4608  mouclass - ok
00:04:22.0507 4608  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
00:04:22.0554 4608  mouhid - ok
00:04:22.0601 4608  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
00:04:22.0632 4608  mountmgr - ok
00:04:22.0726 4608  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:04:22.0757 4608  MozillaMaintenance - ok
00:04:22.0788 4608  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
00:04:22.0819 4608  mpio - ok
00:04:22.0851 4608  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
00:04:22.0960 4608  mpsdrv - ok
00:04:23.0022 4608  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
00:04:23.0194 4608  MpsSvc - ok
00:04:23.0241 4608  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
00:04:23.0287 4608  MRxDAV - ok
00:04:23.0319 4608  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
00:04:23.0365 4608  mrxsmb - ok
00:04:23.0397 4608  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
00:04:23.0459 4608  mrxsmb10 - ok
00:04:23.0475 4608  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
00:04:23.0521 4608  mrxsmb20 - ok
00:04:23.0537 4608  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
00:04:23.0568 4608  msahci - ok
00:04:23.0599 4608  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\windows\system32\drivers\msdsm.sys
00:04:23.0631 4608  msdsm - ok
00:04:23.0662 4608  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\windows\System32\msdtc.exe
00:04:23.0693 4608  MSDTC - ok
00:04:23.0724 4608  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
00:04:23.0833 4608  Msfs - ok
00:04:23.0865 4608  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\windows\System32\drivers\mshidkmdf.sys
00:04:23.0958 4608  mshidkmdf - ok
00:04:23.0989 4608  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
00:04:24.0021 4608  msisadrv - ok
00:04:24.0052 4608  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\windows\system32\iscsiexe.dll
00:04:24.0161 4608  MSiSCSI - ok
00:04:24.0161 4608  msiserver - ok
00:04:24.0208 4608  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\windows\system32\drivers\MSKSSRV.sys
00:04:24.0317 4608  MSKSSRV - ok
00:04:24.0348 4608  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
00:04:24.0457 4608  MSPCLOCK - ok
00:04:24.0473 4608  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\windows\system32\drivers\MSPQM.sys
00:04:24.0582 4608  MSPQM - ok
00:04:24.0613 4608  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\windows\system32\drivers\MsRPC.sys
00:04:24.0660 4608  MsRPC - ok
00:04:24.0691 4608  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
00:04:24.0723 4608  mssmbios - ok
00:04:24.0769 4608  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\windows\system32\drivers\MSTEE.sys
00:04:24.0879 4608  MSTEE - ok
00:04:24.0894 4608  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
00:04:24.0925 4608  MTConfig - ok
00:04:24.0957 4608  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\windows\system32\Drivers\mup.sys
00:04:24.0988 4608  Mup - ok
00:04:25.0035 4608  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
00:04:25.0144 4608  napagent - ok
00:04:25.0191 4608  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\windows\system32\DRIVERS\nwifi.sys
00:04:25.0253 4608  NativeWifiP - ok
00:04:25.0347 4608  [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
00:04:25.0378 4608  NAUpdate - ok
00:04:25.0456 4608  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
00:04:25.0534 4608  NDIS - ok
00:04:25.0581 4608  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\windows\system32\DRIVERS\ndiscap.sys
00:04:25.0690 4608  NdisCap - ok
00:04:25.0737 4608  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
00:04:25.0846 4608  NdisTapi - ok
00:04:25.0908 4608  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\windows\system32\DRIVERS\ndisuio.sys
00:04:26.0017 4608  Ndisuio - ok
00:04:26.0080 4608  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\windows\system32\DRIVERS\ndiswan.sys
00:04:26.0189 4608  NdisWan - ok
00:04:26.0220 4608  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\windows\system32\drivers\NDProxy.sys
00:04:26.0329 4608  NDProxy - ok
00:04:26.0376 4608  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\windows\system32\DRIVERS\netbios.sys
00:04:26.0485 4608  NetBIOS - ok
00:04:26.0532 4608  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\windows\system32\DRIVERS\netbt.sys
00:04:26.0657 4608  NetBT - ok
00:04:26.0704 4608  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
00:04:26.0735 4608  Netlogon - ok
00:04:26.0797 4608  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
00:04:26.0907 4608  Netman - ok
00:04:26.0938 4608  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
00:04:27.0063 4608  netprofm - ok
00:04:27.0094 4608  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:04:27.0125 4608  NetTcpPortSharing - ok
00:04:27.0156 4608  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\windows\system32\DRIVERS\nfrd960.sys
00:04:27.0187 4608  nfrd960 - ok
00:04:27.0234 4608  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
00:04:27.0281 4608  NlaSvc - ok
00:04:27.0297 4608  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
00:04:27.0390 4608  Npfs - ok
00:04:27.0437 4608  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\windows\system32\nsisvc.dll
00:04:27.0531 4608  nsi - ok
00:04:27.0546 4608  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
00:04:27.0655 4608  nsiproxy - ok
00:04:27.0733 4608  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
00:04:27.0858 4608  Ntfs - ok
00:04:27.0921 4608  [ EAAC965642EF5F818AED508CADF83E4B ] ntk_PowerDVD12  C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
00:04:27.0936 4608  ntk_PowerDVD12 - ok
00:04:27.0967 4608  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
00:04:28.0077 4608  Null - ok
00:04:28.0123 4608  [ CB599955CE2CE9694721562F9481CD84 ] NVHDA          C:\windows\system32\drivers\nvhda64v.sys
00:04:28.0155 4608  NVHDA - ok
00:04:28.0498 4608  [ A518A34F345ABF771E66AC48932FFEA8 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
00:04:29.0122 4608  nvlddmkm - ok
00:04:29.0169 4608  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
00:04:29.0200 4608  nvraid - ok
00:04:29.0231 4608  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
00:04:29.0278 4608  nvstor - ok
00:04:29.0325 4608  [ 5FDEB48CD1A35C6754F6E345308B99D5 ] nvsvc          C:\windows\system32\nvvsvc.exe
00:04:29.0371 4608  nvsvc - ok
00:04:29.0418 4608  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
00:04:29.0449 4608  nv_agp - ok
00:04:29.0559 4608  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:04:29.0605 4608  odserv - ok
00:04:29.0637 4608  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
00:04:29.0683 4608  ohci1394 - ok
00:04:29.0746 4608  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:04:29.0777 4608  ose - ok
00:04:29.0824 4608  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
00:04:29.0886 4608  p2pimsvc - ok
00:04:29.0917 4608  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
00:04:29.0980 4608  p2psvc - ok
00:04:30.0011 4608  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\windows\system32\DRIVERS\parport.sys
00:04:30.0058 4608  Parport - ok
00:04:30.0105 4608  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\windows\system32\drivers\partmgr.sys
00:04:30.0136 4608  partmgr - ok
00:04:30.0167 4608  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
00:04:30.0214 4608  PcaSvc - ok
00:04:30.0245 4608  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\windows\system32\drivers\pci.sys
00:04:30.0292 4608  pci - ok
00:04:30.0323 4608  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys
00:04:30.0354 4608  pciide - ok
00:04:30.0401 4608  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
00:04:30.0432 4608  pcmcia - ok
00:04:30.0448 4608  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\windows\system32\drivers\pcw.sys
00:04:30.0479 4608  pcw - ok
00:04:30.0510 4608  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
00:04:30.0635 4608  PEAUTH - ok
00:04:30.0729 4608  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
00:04:30.0775 4608  PerfHost - ok
00:04:30.0869 4608  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\windows\system32\pla.dll
00:04:31.0041 4608  pla - ok
00:04:31.0087 4608  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
00:04:31.0150 4608  PlugPlay - ok
00:04:31.0181 4608  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\windows\system32\pnrpauto.dll
00:04:31.0228 4608  PNRPAutoReg - ok
00:04:31.0259 4608  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\windows\system32\pnrpsvc.dll
00:04:31.0306 4608  PNRPsvc - ok
00:04:31.0353 4608  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\windows\System32\ipsecsvc.dll
00:04:31.0477 4608  PolicyAgent - ok
00:04:31.0509 4608  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\windows\system32\umpo.dll
00:04:31.0633 4608  Power - ok
00:04:31.0680 4608  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
00:04:31.0774 4608  PptpMiniport - ok
00:04:31.0805 4608  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\windows\system32\DRIVERS\processr.sys
00:04:31.0867 4608  Processor - ok
00:04:31.0914 4608  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\windows\system32\profsvc.dll
00:04:31.0961 4608  ProfSvc - ok
00:04:31.0977 4608  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
00:04:32.0008 4608  ProtectedStorage - ok
00:04:32.0070 4608  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
00:04:32.0179 4608  Psched - ok
00:04:32.0242 4608  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
00:04:32.0351 4608  ql2300 - ok
00:04:32.0382 4608  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
00:04:32.0429 4608  ql40xx - ok
00:04:32.0460 4608  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\windows\system32\qwave.dll
00:04:32.0507 4608  QWAVE - ok
00:04:32.0538 4608  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
00:04:32.0601 4608  QWAVEdrv - ok
00:04:32.0616 4608  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
00:04:32.0710 4608  RasAcd - ok
00:04:32.0757 4608  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\windows\system32\DRIVERS\AgileVpn.sys
00:04:32.0850 4608  RasAgileVpn - ok
00:04:32.0881 4608  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\windows\System32\rasauto.dll
00:04:32.0991 4608  RasAuto - ok
00:04:33.0037 4608  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\windows\system32\DRIVERS\rasl2tp.sys
00:04:33.0147 4608  Rasl2tp - ok
00:04:33.0193 4608  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
00:04:33.0303 4608  RasMan - ok
00:04:33.0349 4608  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
00:04:33.0459 4608  RasPppoe - ok
00:04:33.0505 4608  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\windows\system32\DRIVERS\rassstp.sys
00:04:33.0615 4608  RasSstp - ok
00:04:33.0661 4608  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\windows\system32\DRIVERS\rdbss.sys
00:04:33.0786 4608  rdbss - ok
00:04:33.0817 4608  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
00:04:33.0864 4608  rdpbus - ok
00:04:33.0895 4608  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
00:04:34.0005 4608  RDPCDD - ok
00:04:34.0036 4608  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
00:04:34.0129 4608  RDPENCDD - ok
00:04:34.0176 4608  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
00:04:34.0270 4608  RDPREFMP - ok
00:04:34.0317 4608  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\windows\system32\drivers\RDPWD.sys
00:04:34.0363 4608  RDPWD - ok
00:04:34.0426 4608  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
00:04:34.0457 4608  rdyboost - ok
00:04:34.0488 4608  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
00:04:34.0597 4608  RemoteAccess - ok
00:04:34.0644 4608  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
00:04:34.0738 4608  RemoteRegistry - ok
00:04:34.0753 4608  Rezip - ok
00:04:34.0816 4608  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
00:04:34.0863 4608  RFCOMM - ok
00:04:34.0941 4608  [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo      C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
00:04:34.0972 4608  RichVideo - ok
00:04:34.0987 4608  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
00:04:35.0097 4608  RpcEptMapper - ok
00:04:35.0128 4608  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
00:04:35.0175 4608  RpcLocator - ok
00:04:35.0221 4608  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\windows\system32\rpcss.dll
00:04:35.0331 4608  RpcSs - ok
00:04:35.0393 4608  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
00:04:35.0502 4608  rspndr - ok
00:04:35.0549 4608  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167        C:\windows\system32\DRIVERS\Rt64win7.sys
00:04:35.0596 4608  RTL8167 - ok
00:04:35.0674 4608  [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport          C:\windows\SysWOW64\drivers\rtport.sys
00:04:35.0689 4608  rtport - ok
00:04:35.0736 4608  [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI            C:\windows\system32\Drivers\SABI.sys
00:04:35.0783 4608  SABI - ok
00:04:35.0799 4608  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\windows\system32\lsass.exe
00:04:35.0830 4608  SamSs - ok
00:04:35.0877 4608  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
00:04:35.0908 4608  sbp2port - ok
00:04:35.0939 4608  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
00:04:36.0064 4608  SCardSvr - ok
00:04:36.0111 4608  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
00:04:36.0204 4608  scfilter - ok
00:04:36.0267 4608  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
00:04:36.0423 4608  Schedule - ok
00:04:36.0469 4608  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\windows\System32\certprop.dll
00:04:36.0563 4608  SCPolicySvc - ok
00:04:36.0610 4608  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
00:04:36.0657 4608  SDRSVC - ok
00:04:36.0703 4608  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
00:04:36.0813 4608  secdrv - ok
00:04:36.0844 4608  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
00:04:36.0937 4608  seclogon - ok
00:04:36.0969 4608  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\system32\sens.dll
00:04:37.0093 4608  SENS - ok
00:04:37.0109 4608  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
00:04:37.0156 4608  SensrSvc - ok
00:04:37.0203 4608  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\windows\system32\DRIVERS\serenum.sys
00:04:37.0234 4608  Serenum - ok
00:04:37.0265 4608  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\DRIVERS\serial.sys
00:04:37.0312 4608  Serial - ok
00:04:37.0343 4608  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
00:04:37.0390 4608  sermouse - ok
00:04:37.0437 4608  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
00:04:37.0546 4608  SessionEnv - ok
00:04:37.0577 4608  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\windows\system32\drivers\sffdisk.sys
00:04:37.0624 4608  sffdisk - ok
00:04:37.0639 4608  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
00:04:37.0671 4608  sffp_mmc - ok
00:04:37.0686 4608  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\windows\system32\drivers\sffp_sd.sys
00:04:37.0733 4608  sffp_sd - ok
00:04:37.0795 4608  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\windows\system32\DRIVERS\sfloppy.sys
00:04:37.0827 4608  sfloppy - ok
00:04:37.0858 4608  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
00:04:37.0983 4608  SharedAccess - ok
00:04:38.0029 4608  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
00:04:38.0154 4608  ShellHWDetection - ok
00:04:38.0170 4608  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
00:04:38.0201 4608  SiSRaid2 - ok
00:04:38.0232 4608  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
00:04:38.0263 4608  SiSRaid4 - ok
00:04:38.0357 4608  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
00:04:38.0388 4608  SkypeUpdate - ok
00:04:38.0419 4608  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\windows\system32\DRIVERS\smb.sys
00:04:38.0529 4608  Smb - ok
00:04:38.0591 4608  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
00:04:38.0653 4608  SNMPTRAP - ok
00:04:38.0669 4608  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\windows\system32\drivers\spldr.sys
00:04:38.0700 4608  spldr - ok
00:04:38.0731 4608  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\windows\System32\spoolsv.exe
00:04:38.0809 4608  Spooler - ok
00:04:38.0934 4608  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
00:04:39.0184 4608  sppsvc - ok
00:04:39.0215 4608  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\windows\system32\sppuinotify.dll
00:04:39.0293 4608  sppuinotify - ok
00:04:39.0340 4608  sptd - ok
00:04:39.0371 4608  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\windows\system32\DRIVERS\srv.sys
00:04:39.0418 4608  srv - ok
00:04:39.0465 4608  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
00:04:39.0527 4608  srv2 - ok
00:04:39.0543 4608  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
00:04:39.0589 4608  srvnet - ok
00:04:39.0652 4608  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\windows\System32\ssdpsrv.dll
00:04:39.0777 4608  SSDPSRV - ok
00:04:39.0792 4608  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\windows\system32\sstpsvc.dll
00:04:39.0917 4608  SstpSvc - ok
00:04:39.0933 4608  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
00:04:39.0964 4608  stexstor - ok
00:04:40.0026 4608  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
00:04:40.0104 4608  stisvc - ok
00:04:40.0135 4608  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
00:04:40.0167 4608  swenum - ok
00:04:40.0198 4608  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\windows\System32\swprv.dll
00:04:40.0338 4608  swprv - ok
00:04:40.0401 4608  [ 3C80203C725C28CEA5713D1AB242880A ] SynTP          C:\windows\system32\DRIVERS\SynTP.sys
00:04:40.0432 4608  SynTP - ok
00:04:40.0510 4608  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\windows\system32\sysmain.dll
00:04:40.0650 4608  SysMain - ok
00:04:40.0697 4608  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
00:04:40.0744 4608  TabletInputService - ok
00:04:40.0806 4608  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\windows\System32\tapisrv.dll
00:04:40.0931 4608  TapiSrv - ok
00:04:40.0947 4608  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\windows\System32\tbssvc.dll
00:04:41.0056 4608  TBS - ok
00:04:41.0149 4608  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip          C:\windows\system32\drivers\tcpip.sys
00:04:41.0290 4608  Tcpip - ok
00:04:41.0399 4608  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
00:04:41.0508 4608  TCPIP6 - ok
00:04:41.0555 4608  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
00:04:41.0586 4608  tcpipreg - ok
00:04:41.0633 4608  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
00:04:41.0680 4608  TDPIPE - ok
00:04:41.0727 4608  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\windows\system32\drivers\tdtcp.sys
00:04:41.0758 4608  TDTCP - ok
00:04:41.0805 4608  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\windows\system32\DRIVERS\tdx.sys
00:04:41.0898 4608  tdx - ok
00:04:41.0961 4608  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
00:04:41.0992 4608  TermDD - ok
00:04:42.0039 4608  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\windows\System32\termsrv.dll
00:04:42.0163 4608  TermService - ok
00:04:42.0210 4608  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
00:04:42.0273 4608  Themes - ok
00:04:42.0304 4608  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\windows\system32\mmcss.dll
00:04:42.0397 4608  THREADORDER - ok
00:04:42.0429 4608  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
00:04:42.0538 4608  TrkWks - ok
00:04:42.0616 4608  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
00:04:42.0709 4608  TrustedInstaller - ok
00:04:42.0756 4608  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
00:04:42.0850 4608  tssecsrv - ok
00:04:42.0912 4608  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
00:04:42.0943 4608  TsUsbFlt - ok
00:04:42.0990 4608  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
00:04:43.0099 4608  tunnel - ok
00:04:43.0131 4608  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
00:04:43.0162 4608  uagp35 - ok
00:04:43.0209 4608  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
00:04:43.0318 4608  udfs - ok
00:04:43.0365 4608  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\windows\system32\UI0Detect.exe
00:04:43.0396 4608  UI0Detect - ok
00:04:43.0443 4608  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
00:04:43.0474 4608  uliagpkx - ok
00:04:43.0521 4608  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\windows\system32\drivers\umbus.sys
00:04:43.0552 4608  umbus - ok
00:04:43.0614 4608  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
00:04:43.0645 4608  UmPass - ok
00:04:43.0692 4608  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
00:04:43.0817 4608  upnphost - ok
00:04:43.0879 4608  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64      C:\windows\system32\Drivers\usbaapl64.sys
00:04:43.0911 4608  USBAAPL64 - ok
00:04:43.0942 4608  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\windows\system32\DRIVERS\usbccgp.sys
00:04:43.0973 4608  usbccgp - ok
00:04:44.0004 4608  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
00:04:44.0051 4608  usbcir - ok
00:04:44.0098 4608  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\windows\system32\drivers\usbehci.sys
00:04:44.0145 4608  usbehci - ok
00:04:44.0191 4608  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
00:04:44.0238 4608  usbhub - ok
00:04:44.0269 4608  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\windows\system32\drivers\usbohci.sys
00:04:44.0316 4608  usbohci - ok
00:04:44.0347 4608  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
00:04:44.0410 4608  usbprint - ok
00:04:44.0457 4608  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\windows\system32\DRIVERS\USBSTOR.SYS
00:04:44.0488 4608  USBSTOR - ok
00:04:44.0550 4608  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\windows\system32\drivers\usbuhci.sys
00:04:44.0581 4608  usbuhci - ok
00:04:44.0644 4608  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
00:04:44.0691 4608  usbvideo - ok
00:04:44.0769 4608  [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx      C:\windows\system32\drivers\usb8023x.sys
00:04:44.0815 4608  usb_rndisx - ok
00:04:44.0847 4608  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\windows\System32\uxsms.dll
00:04:44.0971 4608  UxSms - ok
00:04:44.0987 4608  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
00:04:45.0018 4608  VaultSvc - ok
00:04:45.0081 4608  [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone          C:\windows\system32\DRIVERS\VClone.sys
00:04:45.0112 4608  VClone - ok
00:04:45.0159 4608  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
00:04:45.0190 4608  vdrvroot - ok
00:04:45.0237 4608  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\windows\System32\vds.exe
00:04:45.0377 4608  vds - ok
00:04:45.0393 4608  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\windows\system32\DRIVERS\vgapnp.sys
00:04:45.0439 4608  vga - ok
00:04:45.0455 4608  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\windows\System32\drivers\vga.sys
00:04:45.0564 4608  VgaSave - ok
00:04:45.0595 4608  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\windows\system32\drivers\vhdmp.sys
00:04:45.0642 4608  vhdmp - ok
00:04:45.0689 4608  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
00:04:45.0720 4608  viaide - ok
00:04:45.0767 4608  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
00:04:45.0798 4608  volmgr - ok
00:04:45.0845 4608  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\windows\system32\drivers\volmgrx.sys
00:04:45.0892 4608  volmgrx - ok
00:04:45.0939 4608  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\windows\system32\drivers\volsnap.sys
00:04:45.0970 4608  volsnap - ok
00:04:46.0001 4608  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\windows\system32\DRIVERS\vsmraid.sys
00:04:46.0032 4608  vsmraid - ok
00:04:46.0110 4608  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\windows\system32\vssvc.exe
00:04:46.0297 4608  VSS - ok
00:04:46.0313 4608  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
00:04:46.0344 4608  vwifibus - ok
00:04:46.0391 4608  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
00:04:46.0453 4608  vwififlt - ok
00:04:46.0516 4608  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\windows\system32\w32time.dll
00:04:46.0625 4608  W32Time - ok
00:04:46.0656 4608  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
00:04:46.0703 4608  WacomPen - ok
00:04:46.0750 4608  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
00:04:46.0859 4608  WANARP - ok
00:04:46.0890 4608  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
00:04:46.0984 4608  Wanarpv6 - ok
00:04:47.0077 4608  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc    C:\windows\system32\Wat\WatAdminSvc.exe
00:04:47.0171 4608  WatAdminSvc - ok
00:04:47.0249 4608  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
00:04:47.0358 4608  wbengine - ok
00:04:47.0374 4608  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
00:04:47.0452 4608  WbioSrvc - ok
00:04:47.0499 4608  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\windows\System32\wcncsvc.dll
00:04:47.0561 4608  wcncsvc - ok
00:04:47.0577 4608  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
00:04:47.0623 4608  WcsPlugInService - ok
00:04:47.0655 4608  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\DRIVERS\wd.sys
00:04:47.0686 4608  Wd - ok
00:04:47.0733 4608  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
00:04:47.0811 4608  Wdf01000 - ok
00:04:47.0826 4608  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
00:04:47.0889 4608  WdiServiceHost - ok
00:04:47.0904 4608  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\windows\system32\wdi.dll
00:04:47.0951 4608  WdiSystemHost - ok
00:04:47.0998 4608  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\windows\System32\webclnt.dll
00:04:48.0076 4608  WebClient - ok
00:04:48.0107 4608  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
00:04:48.0216 4608  Wecsvc - ok
00:04:48.0247 4608  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\windows\System32\wercplsupport.dll
00:04:48.0357 4608  wercplsupport - ok
00:04:48.0403 4608  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
00:04:48.0513 4608  WerSvc - ok
00:04:48.0575 4608  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
00:04:48.0669 4608  WfpLwf - ok
00:04:48.0684 4608  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
00:04:48.0715 4608  WIMMount - ok
00:04:48.0747 4608  WinDefend - ok
00:04:48.0762 4608  WinHttpAutoProxySvc - ok
00:04:48.0825 4608  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\windows\system32\wbem\WMIsvc.dll
00:04:48.0949 4608  Winmgmt - ok
00:04:49.0027 4608  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\windows\system32\WsmSvc.dll
00:04:49.0215 4608  WinRM - ok
00:04:49.0277 4608  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
00:04:49.0324 4608  WinUsb - ok
00:04:49.0371 4608  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\windows\System32\wlansvc.dll
00:04:49.0480 4608  Wlansvc - ok
00:04:49.0605 4608  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:04:49.0761 4608  wlidsvc - ok
00:04:49.0807 4608  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\windows\system32\drivers\wmiacpi.sys
00:04:49.0839 4608  WmiAcpi - ok
00:04:49.0870 4608  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
00:04:49.0932 4608  wmiApSrv - ok
00:04:49.0979 4608  WMPNetworkSvc - ok
00:04:50.0041 4608  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
00:04:50.0073 4608  WPCSvc - ok
00:04:50.0119 4608  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
00:04:50.0166 4608  WPDBusEnum - ok
00:04:50.0197 4608  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\windows\system32\drivers\ws2ifsl.sys
00:04:50.0307 4608  ws2ifsl - ok
00:04:50.0338 4608  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\system32\wscsvc.dll
00:04:50.0385 4608  wscsvc - ok
00:04:50.0400 4608  WSearch - ok
00:04:50.0494 4608  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
00:04:50.0665 4608  wuauserv - ok
00:04:50.0728 4608  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
00:04:50.0775 4608  WudfPf - ok
00:04:50.0821 4608  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
00:04:50.0868 4608  WUDFRd - ok
00:04:50.0884 4608  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\windows\System32\WUDFSvc.dll
00:04:50.0946 4608  wudfsvc - ok
00:04:50.0977 4608  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc        C:\windows\System32\wwansvc.dll
00:04:51.0024 4608  WwanSvc - ok
00:04:51.0071 4608  [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7        C:\windows\system32\DRIVERS\yk62x64.sys
00:04:51.0133 4608  yukonw7 - ok
00:04:51.0243 4608  [ 74983ADDCA2D9618512C088D856D6615 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
00:04:51.0274 4608  {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
00:04:51.0352 4608  ================ Scan global ===============================
00:04:51.0383 4608  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
00:04:51.0430 4608  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
00:04:51.0445 4608  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
00:04:51.0477 4608  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
00:04:51.0508 4608  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
00:04:51.0523 4608  [Global] - ok
00:04:51.0523 4608  ================ Scan MBR ==================================
00:04:51.0539 4608  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
00:04:52.0132 4608  \Device\Harddisk0\DR0 - ok
00:04:52.0132 4608  ================ Scan VBR ==================================
00:04:52.0132 4608  [ 377D7E08FDF136635779511095F2CA43 ] \Device\Harddisk0\DR0\Partition1
00:04:52.0132 4608  \Device\Harddisk0\DR0\Partition1 - ok
00:04:52.0163 4608  [ 3069FB983A4801A399A31386BA809A9B ] \Device\Harddisk0\DR0\Partition2
00:04:52.0163 4608  \Device\Harddisk0\DR0\Partition2 - ok
00:04:52.0194 4608  [ 2FD2E4AD3141AE8A480693156560974E ] \Device\Harddisk0\DR0\Partition3
00:04:52.0194 4608  \Device\Harddisk0\DR0\Partition3 - ok
00:04:52.0194 4608  ============================================================
00:04:52.0194 4608  Scan finished
00:04:52.0194 4608  ============================================================
00:04:52.0210 5052  Detected object count: 0
00:04:52.0210 5052  Actual detected object count: 0
00:05:14.0128 2840  Deinitialize success

cosinus 22.07.2013 23:04
Zitat:
00:04:00.0262 4608 Mode: Manual; SigCheck; TDLFS;
U.a. darum geht es im Log, würde da nur "mode manuel" stehen, wäre der tdsskiller mit "falschen" Optionen gestartet

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

Sabrinalie 23.07.2013 10:21
Junkware
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Home Premium x64
Ran by Bina on 23.07.2013 at 10:42:00,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\winamptbserver.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\winamp toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\winamp toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\searchqutoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2431245
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3297265
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F92E1E8B-855D-408B-8DFF-4765E3AE7BE9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.xpt"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.xpt"
Successfully deleted: [File] "C:\end"
Successfully deleted: [File] "C:\windows\syswow64\conduitengine.tmp"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\ProgramData\winamp toolbar"
Successfully deleted: [Folder] "C:\Users\Bina\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Bina\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Bina\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\Bina\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Bina\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Bina\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Bina\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Bina\appdata\locallow\searchquband"
Successfully deleted: [Folder] "C:\Program Files (x86)\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\winamp toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
Successfully deleted: [Empty Folder] C:\Users\Bina\appdata\local\{43A40377-517B-42E7-AC2E-BF62120C097C}
Successfully deleted: [Empty Folder] C:\Users\Bina\appdata\local\{48BD4254-9BFD-4E98-8627-AAF7C48516CE}
Successfully deleted: [Empty Folder] C:\Users\Bina\appdata\local\{6C0DC9BA-9B4D-4CA3-B901-F24EB153B260}
Successfully deleted: [Empty Folder] C:\Users\Bina\appdata\local\{D3DBCE07-72B1-4146-BB8A-2F29494331FB}
Successfully deleted: [Empty Folder] C:\Users\Bina\appdata\local\{DD49C1F1-C3BD-4985-B936-5F537EA3D29B}



~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\Bina\AppData\Roaming\mozilla\firefox\profiles\3xc856kd.default\user.js
Successfully deleted: [Folder] C:\Users\Bina\AppData\Roaming\mozilla\firefox\profiles\3xc856kd.default\smartbar
Successfully deleted: [Folder] C:\Users\Bina\AppData\Roaming\mozilla\firefox\profiles\3xc856kd.default\winamptoolbardata
Successfully deleted the following from C:\Users\Bina\AppData\Roaming\mozilla\firefox\profiles\3xc856kd.default\prefs.js

user_pref("CT3297265.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3297265.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3297265.FF19Solved", "true");
user_pref("CT3297265.FirstTime", "true");
user_pref("CT3297265.FirstTimeFF3", "true");
user_pref("CT3297265.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3297265&ctid=CT3297265&SearchSource=2&CUI=UN13355325333199033&UM=2&q=");
user_pref("CT3297265.UserID", "UN13355325333199033");
user_pref("CT3297265.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3297265.autoDisableScopes", -1);
user_pref("CT3297265.browser.search.defaultthis.engineName", "true");
user_pref("CT3297265.countryCode", "DE");
user_pref("CT3297265.defaultSearch", "true");
user_pref("CT3297265.enableAlerts", "true");
user_pref("CT3297265.enableFix404ByUser", "TRUE");
user_pref("CT3297265.enableSearchFromAddressBar", "true");
user_pref("CT3297265.firstTimeDialogOpened", "true");
user_pref("CT3297265.fixPageNotFoundError", "true");
user_pref("CT3297265.fixPageNotFoundErrorByUser", "true");
user_pref("CT3297265.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3297265.fixUrls", true);
user_pref("CT3297265.fullUserID", "UN13355325333199033.IN.20130714114941");
user_pref("CT3297265.homepageuserchanged", true);
user_pref("CT3297265.installDate", "14/07/2013 11:49:42");
user_pref("CT3297265.installId", "stub.exe");
user_pref("CT3297265.installSessionId", "{A01D4E7A-FCB0-4B89-81F0-4976747380A6}");
user_pref("CT3297265.installSp", "true");
user_pref("CT3297265.installType", "conduitnsisintegration");
user_pref("CT3297265.installUsage", "2013-07-14T15:51:44.3809533+03:00");
user_pref("CT3297265.installUsageEarly", "2013-07-14T13:03:13.0855268+03:00");
user_pref("CT3297265.installerVersion", "1.4.3.3");
user_pref("CT3297265.isCheckedStartAsHidden", true);
user_pref("CT3297265.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3297265.isFirstTimeToolbarLoading", "false");
user_pref("CT3297265.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3297265.keyword", "true");
user_pref("CT3297265.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3297265&octid=CT3297265&SearchSource=15&CUI=UN1335532533319903
user_pref("CT3297265.lastVersion", "10.16.4.19");
user_pref("CT3297265.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
user_pref("CT3297265.migrateAppsAndComponents", true);
user_pref("CT3297265.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.chip.de%2Fdownloads%2Fc1_downloads_hs_getfile_v1_33182961.html%3Ft%3D1373835747%26v%3D3
user_pref("CT3297265.openThankYouPage", "false");
user_pref("CT3297265.openUninstallPage", "true");
user_pref("CT3297265.originalHomepage", "hxxp://www.google.de");
user_pref("CT3297265.originalSearchAddressUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");
user_pref("CT3297265.originalSearchEngine", "Google");
user_pref("CT3297265.originalSearchEngineName", "Search Results");
user_pref("CT3297265.revertSettingsEnabled", "false");
user_pref("CT3297265.search.searchAppId", "130102701223206401");
user_pref("CT3297265.search.searchCount", "0");
user_pref("CT3297265.searchFromAddressBarEnabledByUser", "true");
user_pref("CT3297265.searchInNewTabEnabledByUser", "true");
user_pref("CT3297265.searchInNewTabEnabledInHidden", "true");
user_pref("CT3297265.searchRevert", "false");
user_pref("CT3297265.searchSuggestEnabledByUser", "true");
user_pref("CT3297265.searchUserMode", "2");
user_pref("CT3297265.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3297265.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3297265.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3297265.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3297265\"}");
user_pref("CT3297265.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DivXBrowserBarDE.OurToolbar.com//xpi\"}");
user_pref("CT3297265.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DivX Browser Bar DE\"}");
user_pref("CT3297265.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3297265.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT3297265.serviceLayer_services_Configuration_lastUpdate", "1373796194128");
user_pref("CT3297265.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1373806303677");
user_pref("CT3297265.serviceLayer_services_appsMetadata_lastUpdate", "1373806303299");
user_pref("CT3297265.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1373806303136");
user_pref("CT3297265.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1373796194003");
user_pref("CT3297265.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1373806302946");
user_pref("CT3297265.serviceLayer_services_login_10.16.4.19_lastUpdate", "1373823844858");
user_pref("CT3297265.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1373806303325");
user_pref("CT3297265.serviceLayer_services_searchAPI_lastUpdate", "1373796193693");
user_pref("CT3297265.serviceLayer_services_serviceMap_lastUpdate", "1373795593554");
user_pref("CT3297265.serviceLayer_services_toolbarContextMenu_lastUpdate", "1373806302996");
user_pref("CT3297265.serviceLayer_services_toolbarSettings_lastUpdate", "1373828033744");
user_pref("CT3297265.serviceLayer_services_translation_lastUpdate", "1373806303612");
user_pref("CT3297265.settingsINI", true);
user_pref("CT3297265.shouldFirstTimeDialog", "false");
user_pref("CT3297265.showToolbarPermission", "false");
user_pref("CT3297265.smartbar.CTID", "CT3297265");
user_pref("CT3297265.smartbar.Uninstall", "0");
user_pref("CT3297265.smartbar.homepage", "true");
user_pref("CT3297265.smartbar.isHidden", true);
user_pref("CT3297265.smartbar.toolbarName", "DivX Browser Bar DE ");
user_pref("CT3297265.startPage", "true");
user_pref("CT3297265.toolbarBornServerTime", "14-7-2013");
user_pref("CT3297265.toolbarCurrentServerTime", "14-7-2013");
user_pref("CT3297265.toolbarLoginClientTime", "Sun Jul 14 2013 14:51:42 GMT+0200");
user_pref("CT3297265.versionFromInstaller", "10.16.4.19");
user_pref("CT3297265_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1373835657778,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList", "DivX Browser Bar DE Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3297265&ctid=CT3297265&SearchSource=2&CUI=UN13355325333199033&UM=2&q=");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3297265");
user_pref("browser.search.defaultenginename", "Search Results");
user_pref("browser.search.defaultthis.engineName", "DivX Browser Bar DE Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3297265&CUI=UN13355325333199033&UM=2&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Search Results");
user_pref("browser.search.selectedEngine", "DivX Browser Bar DE Customized Web Search");
user_pref("extensions.vshare@toolbar.update.enabled", false);
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3297265&ctid=CT3297265&SearchSource=2&CUI=UN13355325333199033&UM=2&q=");
user_pref("plugin.state.npconduitfirefoxplugin", 0);
user_pref("smartbar.addressBarOwnerCTID", "CT3297265");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3297265&CUI=UN13355325333199033&UM=2&SearchSource=13,hxxp://search.conduit.com/?octid=CT3297265&ct
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3297265&SearchSource=2&CUI=UN13355325333199033&UM=2&q=,hxxp://search.condui
user_pref("smartbar.defaultSearchOwnerCTID", "CT3297265");
user_pref("smartbar.homePageOwnerCTID", "CT3297265");
user_pref("smartbar.machineId", "XVXKPX8GB4TCUWNXP7LR/7HQ3PBQP0GSVZXZ+WI7XPNF3ONPCWS7/ONI2QDRYETAN6CVUHOJRQ4STKHFM1P8EQ");
user_pref("vshare.install.date", "1300147200000");
user_pref("vshare.install.dumpFileCount", 0);
user_pref("vshare.install.dumpFileDisabled", false);
user_pref("vshare.install.finished", "1.0.0");
user_pref("vshare.install.guid", "{4699f18d-22bf-4c0b-a483-edf5f2f755f7}");
user_pref("vshare.install.isHidden", true);
user_pref("vshare.install.istoolbarhp", true);
user_pref("vshare.install.istoolbarsearch", true);
user_pref("vshare.install.laststatreq", "1301961600000");
user_pref("vshare.install.newtab", true);
user_pref("vshare.install.overlayVersion", 1);
user_pref("vshare.install.userHPSettings", "hxxp://www.facebook.com/home.php?");
user_pref("vshare.install.userSPSettings", "Google");
Emptied folder: C:\Users\Bina\AppData\Roaming\mozilla\firefox\profiles\3xc856kd.default\minidumps [190 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2013 at 10:50:44,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ADW

Code:
# AdwCleaner v2.306 - Datei am 23/07/2013 um 10:52:15 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Bina - BINA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Bina\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\DivX_Browser_Bar_DE
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Bina\AppData\LocalLow\DivX_Browser_Bar_DE
Ordner Gelöscht : C:\Users\Bina\AppData\Roaming\Mozilla\Firefox\Profiles\3xc856kd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DivX_Browser_Bar_DE
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\Software\DivX_Browser_Bar_DE
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F663448B-1B58-43EA-8EF6-A410B6E82DEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F663448B-1B58-43EA-8EF6-A410B6E82DEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{301EEA78-FF7D-40A3-85F6-803F08AEBAE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE2B31D0-77F8-4BC0-888E-CE930360874A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DAD39C6-F4AC-4984-8E9B-F666269B9EB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DivX_Browser_Bar_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{6DAD39C6-F4AC-4984-8E9B-F666269B9EB1}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Bina\AppData\Roaming\Mozilla\Firefox\Profiles\3xc856kd.default\prefs.js

Gelöscht : user_pref("CT3297265.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3297265.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT3297265.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3297265.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT3297265.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Gelöscht : user_pref("CT3297265.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.chip.de%2Fdo[...]
Gelöscht : user_pref("CT3297265.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3297265.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT3297265.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT3297265.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT3297265.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3297265.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3297265.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT3297265.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT3297265_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("show.CT3297265", false);

*************************

AdwCleaner[S1].txt - [10465 octets] - [23/07/2013 10:52:15]

########## EOF - C:\AdwCleaner[S1].txt - [10526 octets] ##########
otl1
Code:
OTL logfile created on: 7/23/2013 11:01:13 AM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Bina\Desktop\Trojan Board
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 67.10% Memory free
7.73 Gb Paging File | 6.40 Gb Available in Paging File | 82.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 35.03 Gb Free Space | 19.57% Space Free | Partition Type: NTFS
Drive D: | 266.66 Gb Total Space | 123.74 Gb Free Space | 46.40% Space Free | Partition Type: NTFS
 
Computer Name: BINA-PC | User Name: Bina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bina\Desktop\Trojan Board\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\subsys\DLNA\DMS\_PyDMSCtrl.pyd ()
MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\CLNetMediaDMA.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd ()
MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\koan\_ctypes.pyd ()
MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd ()
MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink)
SRV - (CLHNServiceForPowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.)
SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (sptd) -- C:\windows\SysNative\drivers\sptd.sys.vir (Duplex Secure Ltd.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys ()
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (ntk_PowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys (Cyberlink Corp.)
DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/07/14 12:12:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/07/14 23:07:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/27 18:50:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/23 10:45:38 | 000,000,000 | ---D | M]
 
[2013/07/14 21:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bina\AppData\Roaming\mozilla\Extensions
[2013/07/23 10:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bina\AppData\Roaming\mozilla\Firefox\Profiles\3xc856kd.default\extensions
[2011/05/29 23:38:58 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Bina\AppData\Roaming\mozilla\Firefox\Profiles\3xc856kd.default\extensions\2020Player@2020Technologies.com
[2013/06/18 15:40:14 | 002,494,702 | ---- | M] () (No name found) -- C:\Users\Bina\AppData\Roaming\mozilla\firefox\profiles\3xc856kd.default\extensions\nasanightlaunch@example.com.xpi
[2012/12/12 11:59:01 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Bina\AppData\Roaming\mozilla\firefox\profiles\3xc856kd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/07/14 21:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/06/27 18:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013/06/27 18:50:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/05/25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2013/07/18 20:35:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Bina\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Bina\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F96EEFF-043E-470A-85AA-1D0C59A2263E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92071B0F-B1C4-4A63-AA34-2BC15A05C928}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D72B9451-1AC0-4A8F-A8DD-9ACB3D910F52}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/23 10:41:56 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/07/23 10:39:01 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Bina\Desktop\JRT.exe
[2013/07/22 00:01:35 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bina\Desktop\tdsskiller.exe
[2013/07/19 19:27:01 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Bina\Desktop\aswMBR.exe
[2013/07/18 22:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/07/18 22:26:39 | 000,000,000 | ---D | C] -- C:\Users\Bina\Desktop\mbar-1.06.0.1004
[2013/07/18 22:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2013/07/18 22:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3tag
[2013/07/18 21:17:20 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2013/07/18 21:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/07/18 21:14:06 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/07/18 21:13:50 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/07/18 21:13:50 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/07/18 21:13:50 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/18 20:44:28 | 000,000,000 | ---D | C] -- C:\Users\Bina\Desktop\Trojan Board
[2013/07/18 20:44:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/18 20:23:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/07/18 20:23:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/07/18 20:23:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/07/18 20:23:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/18 20:22:47 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/07/18 20:18:29 | 005,089,814 | R--- | C] (Swearware) -- C:\Users\Bina\Desktop\ComboFix.exe
[2013/07/17 19:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/07/17 19:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/07/17 19:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/07/17 19:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/07/17 19:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/07/17 19:41:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2013/07/17 19:41:14 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_42.dll
[2013/07/17 19:41:12 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_31.dll
[2013/07/17 19:39:42 | 000,000,000 | ---D | C] -- C:\Users\Bina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
[2013/07/17 19:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2013/07/17 19:38:25 | 000,000,000 | ---D | C] -- C:\Users\Bina\AppData\Roaming\Winamp
[2013/07/17 19:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2013/07/17 19:14:27 | 000,000,000 | ---D | C] -- C:\Users\Bina\Desktop\MP3 Juni
[2013/07/17 18:57:43 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/16 23:08:06 | 000,000,000 | ---D | C] -- C:\Users\Bina\AppData\Local\MediaShow
[2013/07/16 23:04:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2013/07/16 23:04:31 | 000,000,000 | ---D | C] -- C:\Users\Bina\AppData\Local\MediaServer
[2013/07/16 23:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD
[2013/07/16 23:03:47 | 000,000,000 | ---D | C] -- C:\Users\Bina\AppData\Local\CyberLink
[2013/07/16 23:03:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
[2013/07/16 22:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2013/07/16 22:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/07/14 23:25:14 | 000,000,000 | ---D | C] -- C:\Users\Bina\AppData\Roaming\Malwarebytes
[2013/07/14 23:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/14 23:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/14 23:24:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/07/14 23:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/14 23:23:48 | 000,000,000 | ---D | C] -- C:\Users\Bina\AppData\Local\Programs
[2013/07/14 23:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013/07/14 23:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2013/07/14 23:07:35 | 001,030,952 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/07/14 23:07:35 | 000,072,016 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/07/14 22:56:03 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013/07/14 22:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2013/07/14 12:55:38 | 000,000,000 | ---D | C] -- C:\Users\Bina\AppData\Local\DDMSettings
[2013/07/14 12:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013/07/14 11:47:12 | 000,081,768 | ---- | C] (Conduit) -- C:\ministub.exe
[2013/07/14 11:19:19 | 000,000,000 | ---D | C] -- C:\Users\Bina\Desktop\Maik
[2013/07/11 23:08:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/07/11 23:08:39 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/07/11 23:08:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/07/11 23:08:37 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/07/11 23:08:36 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/07/11 23:08:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/07/11 23:08:36 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/07/11 23:08:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/11 23:08:36 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/07/11 23:08:36 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/07/11 23:08:36 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/07/11 23:08:32 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/07/11 23:08:32 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/07/11 23:08:31 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/07/11 23:08:30 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/07/11 22:04:24 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2013/07/11 22:04:24 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2013/07/11 22:04:23 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/07/11 22:04:23 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/07/11 22:00:54 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/06/27 18:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/01/03 17:04:10 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\Bina\AppData\Roaming\nostart.exe
[2010/12/15 23:26:05 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\Bina\AppData\Roaming\WinDefender.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/23 11:03:51 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/23 11:03:51 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/23 10:55:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/23 10:55:52 | 4148,744,192 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/23 10:39:36 | 000,666,633 | ---- | M] () -- C:\Users\Bina\Desktop\adwcleaner.exe
[2013/07/23 10:39:14 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Bina\Desktop\JRT.exe
[2013/07/23 02:26:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/22 00:01:43 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bina\Desktop\tdsskiller.exe
[2013/07/21 23:59:49 | 000,000,512 | ---- | M] () -- C:\Users\Bina\Desktop\MBR.dat
[2013/07/21 18:46:27 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/07/21 18:36:23 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/07/21 18:36:23 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2013/07/21 18:36:23 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/07/21 18:36:23 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2013/07/21 18:36:23 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/07/19 19:27:18 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Bina\Desktop\aswMBR.exe
[2013/07/18 22:24:58 | 013,399,154 | ---- | M] () -- C:\Users\Bina\Desktop\mbar-1.06.0.1004.zip
[2013/07/18 22:03:06 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2013/07/18 21:13:42 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/18 21:13:40 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/07/18 21:13:40 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/07/18 21:13:39 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2013/07/18 21:13:39 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013/07/18 21:13:39 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/07/18 20:49:25 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/07/18 20:49:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/18 20:35:16 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/07/18 20:19:08 | 005,089,814 | R--- | M] (Swearware) -- C:\Users\Bina\Desktop\ComboFix.exe
[2013/07/17 19:41:16 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013/07/16 23:03:39 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
[2013/07/16 20:33:23 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/16 18:58:41 | 000,000,020 | ---- | M] () -- C:\Users\Bina\defogger_reenable
[2013/07/14 23:07:44 | 001,030,952 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/07/14 23:07:44 | 000,378,944 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/07/14 23:07:44 | 000,189,936 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/07/14 23:07:44 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum
[2013/07/14 23:07:44 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSP.sys.sum
[2013/07/14 23:07:44 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum
[2013/07/14 23:07:34 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2013/07/14 22:55:50 | 579,095,703 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/07/14 22:33:30 | 000,001,456 | ---- | M] () -- C:\Users\Bina\Desktop\TaskMan.exe - Verknüpfung.lnk
[2013/07/14 22:30:54 | 000,433,848 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/07/14 22:15:30 | 000,007,630 | ---- | M] () -- C:\Users\Bina\AppData\Local\Resmon.ResmonCfg
[2013/07/14 17:46:56 | 000,001,614 | ---- | M] () -- C:\Users\Bina\Documents\cc_20130714_174651.reg
[2013/07/14 15:48:56 | 000,042,022 | ---- | M] () -- C:\Users\Bina\Documents\cc_20130714_154837.reg
[2013/07/14 11:47:18 | 000,081,768 | ---- | M] (Conduit) -- C:\ministub.exe
 
========== Files Created - No Company Name ==========
 
[2013/07/23 10:39:28 | 000,666,633 | ---- | C] () -- C:\Users\Bina\Desktop\adwcleaner.exe
[2013/07/21 23:59:49 | 000,000,512 | ---- | C] () -- C:\Users\Bina\Desktop\MBR.dat
[2013/07/18 22:24:14 | 013,399,154 | ---- | C] () -- C:\Users\Bina\Desktop\mbar-1.06.0.1004.zip
[2013/07/18 22:03:06 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2013/07/18 20:23:20 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/07/18 20:23:20 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/07/18 20:23:20 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/07/18 20:23:20 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/07/18 20:23:20 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/07/17 19:41:16 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2013/07/16 23:03:38 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
[2013/07/16 18:58:40 | 000,000,020 | ---- | C] () -- C:\Users\Bina\defogger_reenable
[2013/07/14 23:24:21 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/14 23:07:44 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum
[2013/07/14 23:07:44 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSP.sys.sum
[2013/07/14 23:07:44 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum
[2013/07/14 23:07:35 | 000,189,936 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/07/14 23:07:35 | 000,065,336 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2013/07/14 22:55:50 | 579,095,703 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/07/14 22:33:30 | 000,001,456 | ---- | C] () -- C:\Users\Bina\Desktop\TaskMan.exe - Verknüpfung.lnk
[2013/07/14 22:15:30 | 000,007,630 | ---- | C] () -- C:\Users\Bina\AppData\Local\Resmon.ResmonCfg
[2013/07/14 17:46:53 | 000,001,614 | ---- | C] () -- C:\Users\Bina\Documents\cc_20130714_174651.reg
[2013/07/14 15:48:39 | 000,042,022 | ---- | C] () -- C:\Users\Bina\Documents\cc_20130714_154837.reg
[2013/04/09 14:01:25 | 000,484,352 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll
[2012/09/10 15:41:56 | 000,000,051 | ---- | C] () -- C:\ProgramData\knguqevllwtgaeu
[2012/01/03 22:30:30 | 000,000,867 | ---- | C] () -- C:\Users\Bina\.recently-used.xbel
[2011/08/15 20:49:28 | 000,000,040 | ---- | C] () -- C:\Users\Bina\AppData\Local\Images.fl
[2007/03/12 18:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files (x86)\navigram_register.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >
OTL2 (Extras)
Code:
OTL Extras logfile created on: 7/23/2013 11:01:13 AM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Bina\Desktop\Trojan Board
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.86 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 67.10% Memory free
7.73 Gb Paging File | 6.40 Gb Available in Paging File | 82.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 35.03 Gb Free Space | 19.57% Space Free | Partition Type: NTFS
Drive D: | 266.66 Gb Total Space | 123.74 Gb Free Space | 46.40% Space Free | Partition Type: NTFS
 
Computer Name: BINA-PC | User Name: Bina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Bina\AppData\Roaming\WinDefender.exe" = C:\Users\Bina\AppData\Roaming\WinDefender.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Bina\AppData\Roaming\firefox.exe" = C:\Users\Bina\AppData\Roaming\firefox.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Roaming\test.exe" = C:\Users\Bina\AppData\Roaming\test.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Roaming\server.exe" = C:\Users\Bina\AppData\Roaming\server.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Local\Temp\svchost.exe" = C:\Users\Bina\AppData\Local\Temp\svchost.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Local\Temp\server.exe" = C:\Users\Bina\AppData\Local\Temp\server.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Roaming\new.exe" = C:\Users\Bina\AppData\Roaming\new.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Roaming\WinDefender.exe" = C:\Users\Bina\AppData\Roaming\WinDefender.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Bina\AppData\Roaming\firefox.exe" = C:\Users\Bina\AppData\Roaming\firefox.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Roaming\test.exe" = C:\Users\Bina\AppData\Roaming\test.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Roaming\server.exe" = C:\Users\Bina\AppData\Roaming\server.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Local\Temp\svchost.exe" = C:\Users\Bina\AppData\Local\Temp\svchost.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Local\Temp\server.exe" = C:\Users\Bina\AppData\Local\Temp\server.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Roaming\new.exe" = C:\Users\Bina\AppData\Roaming\new.exe:*:Enabled:Windows Messanger
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C6D1B2-7F49-4A39-AF32-E99A95D2B07D}" = rport=138 | protocol=17 | dir=out | app=system |
"{0A6BF111-9A62-4DF4-9B06-8703E2EFDAF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0CDBA5C4-37CC-44F7-9EAA-781D258289E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{224D6B52-A658-4EB4-BE48-E638E349F83D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{316066D2-11CA-4570-BFED-BAC9574F0358}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{32D469AE-4A65-4279-917F-076C18D355B7}" = rport=139 | protocol=6 | dir=out | app=system |
"{3E251D9B-DD03-422D-9E79-ABA6D665D8D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47935D80-1729-4101-B12E-DD464B957E65}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47ACC041-CA4F-486E-B485-ADAE4FB3B65B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{57A298F4-A108-49E4-A12B-0196497137AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{58A2BC1F-7C4F-4010-988A-56473FCB53E7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C27127F-8CF2-4B2F-84B6-A3A09CAA032E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7099478B-B3D6-4364-A12D-933F8F3DB4DA}" = rport=137 | protocol=17 | dir=out | app=system |
"{80E1DBE4-4D81-4F83-AC18-23D0B70640CC}" = lport=139 | protocol=6 | dir=in | app=system |
"{81683327-42EB-49B9-91BE-BF5F81FFA6E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8EB33ACC-E8D3-4922-AF41-0A2244D86C81}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9571660D-F9CF-4FB7-942F-ED026F4143CA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0FE82B3-1407-43E4-8C0B-9E5651FEF8C1}" = lport=445 | protocol=6 | dir=in | app=system |
"{A536A900-1CDC-4ACF-85F3-901AF7594448}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAD76EF7-CBA5-4CFD-951E-65CD6DAA660D}" = rport=445 | protocol=6 | dir=out | app=system |
"{AC1435AA-6ADA-4E97-B5BE-07F670C10D1F}" = lport=138 | protocol=17 | dir=in | app=system |
"{B4AB12E1-00CE-4D3D-9F73-7FA7EE16519B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B5C67B5C-0F9F-44A2-A0BE-4C6F36F07EF0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E07298DD-40C8-46F5-AECA-D6051E41FF97}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E7965D1D-FB8C-4B39-8633-205CB7C8C515}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E83E5F40-589C-4A4B-8E41-51D86763631F}" = lport=137 | protocol=17 | dir=in | app=system |
"{E886F392-56C9-4A5F-990F-63CFB726D21E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EDA5D9A5-C690-41E8-BE02-50C89477DCBE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0052185F-4EC0-4155-90E8-B4AC671186E4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{02440D04-34B4-423F-91C3-64C2C44C3D22}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{02F47C93-EFCF-4E39-AF7C-6598B9309F45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04741F2C-FA0D-43A9-A53C-8384D3B902A1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{0A4D82FE-1510-44E2-ACF1-C68CFBD5022B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{0E5E6E84-26FC-4BBA-9740-4F04558DEB32}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{13D664E8-A134-4759-B79E-DF3F8CAE2C1C}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{16547D14-40E6-4F09-A299-E44D4B70DEEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{16968817-39FF-440D-A0BF-691DF4DD6B0A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1A8D1C61-8C3F-4E02-8F4E-A7033367F851}" = protocol=17 | dir=in | app=c:\program files (x86)\usenet.nl\usenet.nl.exe |
"{1FEF0FAE-C932-49FA-A3FC-A846BB3AF08F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2613263D-8972-44BC-BD0C-BB7804248428}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{27EE1E10-7359-49AE-BAD7-ADE320A63DFA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"{2CC6E027-736F-419F-9575-DD692CB117BF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2D4487B0-02D7-45DE-9060-16719BEA28F2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{310EDACB-5FC7-4F05-9308-B1C804BC8BB3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{40B234E7-FD43-489B-8C48-1BEA306AFAB0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4C42A27F-D762-477C-AF55-E0772B57CC1C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5175BA8D-E64D-41E8-843C-49F5F5D55F0E}" = protocol=6 | dir=out | app=system |
"{5A4CB546-335C-47B2-AF36-60D559FD276A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{62507234-FCDA-4112-996C-CCB9ADF20A1B}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{64D64F87-3DEB-49D2-B156-1D83EAF6C473}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{67BE4414-6AAD-4FF5-879B-7043A9BB8629}" = protocol=17 | dir=in | app=c:\users\bina\appdata\roaming\lsass.exe |
"{6ADE5C6E-9114-4D4E-B05E-378A047EEBCE}" = protocol=17 | dir=in | app=c:\program files (x86)\obviousidea\photolikr\photolikr.exe |
"{70C17189-AD40-4E75-873A-7D6930717247}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{76B8E139-9F57-4407-B0C3-25F7F26FB2E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7733C7B0-FD64-4E2D-BCEE-7F9166C231C5}" = protocol=6 | dir=in | app=c:\program files (x86)\obviousidea\photolikr\photolikr.exe |
"{781782EF-9A20-46FB-827E-4F6B32A49F7F}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{793ACF67-7367-423E-8F0F-853E185F7D4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83665532-5E57-4CDD-A3D0-25E454872465}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F67A099-DE60-4C6A-B8D1-DCB8CDEF95EC}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{906046B7-C455-4A43-BDC6-E5D9DA2B0E25}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{946316A1-AA82-4DFD-8D3A-1BD753779EC9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9C2559BE-9DED-454B-9334-A073C16D178A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ACFCF543-C67B-4AEE-9478-2D741F973198}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe |
"{AEB75AF0-D24F-4336-9A72-D8EDCEE4332F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B5B200FF-CB25-41EF-A8F1-D3378D3DC6FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBB0746A-F6FF-4ED9-9B2A-73922351F8FF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe |
"{BE69FC28-6D2C-490E-9B17-BE3071076C72}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C31372D2-2061-475D-A40C-FFB92A514E35}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C8A2AD2A-5B42-4438-9E0E-49F8491A59C6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C8CB3A1C-2186-4D1C-867F-76E675D3DD84}" = protocol=6 | dir=in | app=c:\program files (x86)\usenet.nl\usenet.nl.exe |
"{C9C68AA7-C2BD-48F5-81F9-F80AB4D22417}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CC7818C0-D81F-478A-AC6B-30E0D5A8D957}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CE979443-744A-42EE-971C-615DD432484D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DD21733E-2BF1-4C11-A446-4CADBC7AD87C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DD5C3922-B248-4ABB-AAAD-9A343B3ECB77}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E6D6DC89-F9ED-4293-B050-DA7DED2DD8F9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe |
"{E8391A88-3EC1-4818-80D3-F7D05F2903E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E85A3672-BC7D-4219-98DE-DD8AE7A1966C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED759F47-0857-4FD0-8617-57C9AB5FD26B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{EF1AD5E7-4BC2-4B9A-B13D-BC16B76F163D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F0578CE0-3828-4CCC-90D2-28AD646CCE78}" = protocol=6 | dir=in | app=c:\users\bina\appdata\roaming\lsass.exe |
"{F1C06C51-379A-4301-93B4-40EDE8E10C56}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{F2F894D9-3D77-478B-BF77-5BAB2B4FA0F2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe |
"{F6F4CDD3-ADA2-44E8-BB72-3EB836540E42}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{DB30F98F-3538-4F6A-B317-4A258DBB4D2B}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{EF901F63-46EE-4AB5-8D2C-E140BBC1AF57}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{98B8052E-1E55-41D4-9A03-E2F718825D38}" = HTC Sync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B31CABFC-4878-47A7-8366-3C0FF4CC98B3}_is1" = PhotoLikr 1.0.8.12
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EAC0A4A7-9599-4C74-9291-4ACF1CC682E0}" = calibre
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.0.8.2
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Free YouTube Download_is1" = Free YouTube Download version 3.1.33.822
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"High Quality Photo Resizer_is1" = High Quality Photo Resizer 5.02
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.57
"UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 7/23/2013 4:56:20 AM | Computer Name = Bina-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Rezip" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
 
< End of report >

cosinus 24.07.2013 00:43

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
:OTL
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:CB0AACC9
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Sabrinalie 24.07.2013 09:10
Guuuten Morgen :)

Code:
All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:9E22BBE8 deleted successfully.
ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Bina\Desktop\Trojan Board\cmd.bat deleted successfully.
C:\Users\Bina\Desktop\Trojan Board\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Bina
->Temp folder emptied: 14188608 bytes
->Temporary Internet Files folder emptied: 41753065 bytes
->Java cache emptied: 46798 bytes
->FireFox cache emptied: 83019468 bytes
->Flash cache emptied: 539 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41462221 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78336222 bytes
RecycleBin emptied: 1020305272 bytes
 
Total Files Cleaned = 1,220.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 07242013_100557

Files\Folders moved on Reboot...
C:\Users\Bina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 24.07.2013 14:42
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Sabrinalie 25.07.2013 10:06
Guten Morgen!
Ich habe mit Malware einen Komplettscan gemacht!
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.24.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Bina :: BINA-PC [Administrator]

24.07.2013 19:57:19
mbam-log-2013-07-24 (19-57-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 431977
Laufzeit: 1 Stunde(n), 37 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Durch Eset ist herausgekommen, das 2 "infected Files" gefunden worden ist!
Was mach ich denn nu?

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5144ff8a1f918b4a91210de2202472c9
# engine=14521
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-25 12:05:12
# local_time=2013-07-25 02:05:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 23402 126340562 0 0
# scanned=226477
# found=2
# cleaned=0
# scan_time=12983
sh=78A43903C7C6FCFB2EA7452F66683BCA29F969F7 ft=0 fh=0000000000000000 vn="a variant of Win32/TrojanDropper.Agent.PGY trojan" ac=I fn="C:\Users\Bina\Downloads\Microsoft Office 2010 Professional 32b Activated!!\MSOffice2010.32b.iso"
sh=A6F1AD76265D9D360052218896B023056C6D9729 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Windows\pss\runctf.lnk.Startup"

cosinus 25.07.2013 16:47
Zitat:
C:\Users\Bina\Downloads\Microsoft Office 2010 Professional 32b Activated!!\MSOffice2010.32b.iso
Warum lässt du nicht die Finger von diesem riskanten und illegalen Crack/Keygen Mist! :nono: :pfui:

Sabrinalie 25.07.2013 16:58
:headbang:Mist, hatte mein Freund für mich installiert :confused:

cosinus 25.07.2013 16:59
Deinstallieren, Crack-Mist löschen. Wenn es unbedingt MS-Office sein muss dann kaufen oder kostenlose Alternativen wie zB LibreOffice verwenden


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:22 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132