Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   PC läuft zu langsam (Schädlingsverdacht) (https://www.trojaner-board.de/130957-pc-laeuft-langsam-schaedlingsverdacht.html)

karlshagen 12.02.2013 16:06
PC läuft zu langsam (Schädlingsverdacht)
 
Habe folgendes System:

WIN 7 Home Premium Service Pack 1 (ist installiert)
Arbeitsspeicher: 2,00 GB (1,75 GB verwendbar)
Systemtyp: 32 bit Betriebssystem
Prozessor: Intel(R) Atom(TM) CPU 330 @1,60 GHz 1,76 GHz
Modell: ASUS Eee Top Series
Vierenprogramm: Microsoft Security Essentials

Mein Problem ist, das der PC in letzter Zeit sehr langsam ist und er beim herunterfahren sehr lange benötigt.

Daher mein Verdacht, das ich mir vielleicht etwas eingefangen habe.

Gibt es eigentlich ein wirklich effizentes Programm, welches Trojaner und andere Schädlinge aufspürt und entfernen kann?

Danke für Eure Hilfe
karlshagen :dankeschoen:

cosinus 12.02.2013 17:13
Hallo und :hallo:

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

karlshagen 12.02.2013 17:25
Kannst Du mir noch mal kurz die CODE Tags Bezeichnung sagen?

Code:
OTL Extras logfile created on: 2/12/2013 5:21:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\15G22J0290K0EU2Y\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.43 Gb Available Physical Memory | 24.71% Memory free
6.12 Gb Paging File | 3.82 Gb Available in Paging File | 62.38% Paging File free
Paging file location(s): c:\pagefile.sys 2686 2686d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98.59 Gb Total Space | 55.66 Gb Free Space | 56.46% Space Free | Partition Type: NTFS
Drive D: | 191.46 Gb Total Space | 125.90 Gb Free Space | 65.76% Space Free | Partition Type: NTFS
 
Computer Name: BIBA | User Name: 15G22J0290K0EU2Y | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034BC81B-1C3A-4FF8-BEB0-EC985A02F14E}" = lport=8766 | protocol=6 | dir=in | name=online-doppelkopf |
"{07D552BC-38AA-467C-B367-1A6ED14F8D82}" = lport=2869 | protocol=6 | dir=in | app=system |
"{09F9EC1B-6DCA-4A6C-99F8-72655EC1D0A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0EE77D9F-321E-4022-93BE-40E38AC317B5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0FED86BD-3142-4574-93B3-8390661DB008}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1B0F7093-F0DF-4A22-80B4-829A374D2869}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1DFABF03-4FCC-45D4-ADF1-748FAD674DA0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{206BA81F-4EFC-4261-A8D9-A731BCFFA810}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2B78B157-0D7B-4EC0-8CDA-9071DBA81F81}" = rport=445 | protocol=6 | dir=out | app=system |
"{2C79DE7E-EE95-4E05-AEFB-F8941E27421E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2D305028-C089-4305-AB28-BAD003228EFD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3829D624-46F9-44D6-ADEA-2616A337F353}" = rport=138 | protocol=17 | dir=out | app=system |
"{389A3274-009C-4F01-B2EA-9637CC21C531}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3EEC9015-16A1-4FAB-8AD4-E8FDAA57D3A3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{47C2C673-CA26-437A-8C32-9FB712F259F9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48035048-4675-488F-96C8-1DD81DE181A9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4BE2F0BF-9CB1-41A7-B884-457E6B8D3E1B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{52E2772A-1C32-49AD-8A48-62FD7673B2FE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56CD5A75-1EE8-424D-8D45-32C7277B3025}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{58DC3350-21C6-4899-A516-E2B11BC2F4A8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5D1152FF-C183-44EA-9C6F-FC6CD289F2BF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{65755AD7-F38C-4751-9A5B-831CF9540F1B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70F5D135-BA9F-4B4E-992E-6587586ECA97}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7AFC6F1A-ED89-44F7-8776-1CE982906C2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7BACF0EA-2D25-4493-85AE-BB71C9E09348}" = rport=137 | protocol=17 | dir=out | app=system |
"{7DAD3DD5-3E56-441B-A484-0901054FB8D2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{85D55376-1467-4269-B9FD-6579F1F615BF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8846A525-865A-446D-85FC-A88CDB388258}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8BA1E4C3-B1A3-43EF-A65A-97B99B37D538}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A18E577C-A50D-43BB-8733-3E705403515E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A529926E-A7B5-4483-8C0C-D7B8FF7CDF4F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A6A7D36A-F0A7-4857-BF0F-4B2A8CFABF33}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB1C04D9-5FF1-4AEB-8A2C-725BDB96386E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B729FBE1-D38A-4A50-B372-7E5D31B4FBA9}" = rport=139 | protocol=6 | dir=out | app=system |
"{B8018E50-A56D-4DDB-B710-A7C667B1B062}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B8ABDC9B-1272-4CBA-AB59-8F4B3F99A052}" = lport=138 | protocol=17 | dir=in | app=system |
"{CFC82733-A6A8-40C5-8E0A-3F5EDD4B2DD5}" = lport=445 | protocol=6 | dir=in | app=system |
"{D15B928E-DAF4-4535-8C67-5C1BD7C79634}" = lport=139 | protocol=6 | dir=in | app=system |
"{DCCC18D2-E772-40C3-B0E9-210874FF7500}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E6389216-7E75-4FCF-85F3-BA654EE5FB7A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E9DB5595-E68F-4841-A9A9-1F17E7D8364E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F015F9DF-BD7B-4F90-9E46-BEC2D71C3936}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6A4999A-7381-40ED-ABA0-8D190E63B3A7}" = rport=2869 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15E49EE4-9552-4718-A619-06E9508FF6CC}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{189AC8AD-4124-4A4B-B71C-89DEBB9999D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19C35A79-B354-4820-B74B-970721ACC60B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{27406DFE-7228-4401-BB18-13772B0BE6AB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2BC12C01-50AE-44F6-BA29-2FA3D663F25A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{33A6DC2E-24D9-46B0-BCEC-292C14466D65}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{36D98974-D794-4E8D-8174-14BE18937551}" = dir=in | app=c:\users\15g22j0290k0eu2y\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{38E4D653-9954-4AE6-8955-509AA1E14DA7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4CBC75E0-3362-4E92-89B3-7DB2BDC6893A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{51230692-A354-4C60-95D4-C3F11625072E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5512D08D-59C5-4BDE-8677-5C14CB78E80A}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{5E9E7413-0AE5-4D9E-9B25-7D8777AA8F3E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6975A01D-441B-412C-97FF-45CF037BCB1C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6ADFC81B-ED82-4AB7-81BA-B3AC42F088BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BCB530A-CBC1-40C2-8C30-29603AE0D496}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6F469877-68CC-48F1-806B-ED75B495ED70}" = protocol=6 | dir=out | app=system |
"{797AE3E8-C211-4387-B257-37C6CFA6ADC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B16CBEB-CD2C-4ABF-AFF5-7ED3C6327D52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8384A062-5073-4AD8-9C98-AF1BDED711A8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{84BF80C9-00E7-4608-B5B4-992F3589CE49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{97B41B00-3FB5-4881-A59B-BD00C449475A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9FA09FB0-68EF-4633-95FF-AE1DEAB490C5}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{AA318963-0A57-4D86-88F9-F332D9C2DA83}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B1808B15-6044-4B68-A2E9-3D8FDC98156A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B7DC9953-90B5-4C51-99E5-2D9D2D42511E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B83AAD35-2DDA-491D-9C44-4BB89D7EEE8C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CEBDB086-4E4B-4D1A-BD60-56B84ED6BE05}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F01E0290-BBC0-4D53-AB5A-A66BD5D21FBB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FC0E2E36-E88D-494D-9FDF-648CE633CDCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD4101E7-802C-46F2-99FE-8FB165D5E6AB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{6728425D-3112-4AA5-93CC-9B5D7B42E87B}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{1CA02C97-F9F6-495B-864B-38060B0E1C50}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = ASUS Eee Cam
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{100F14F5-1C3F-EDDA-9947-C0241D61AF58}" = ATI Catalyst Install Manager
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{281C959A-2894-4251-8B02-A48186147282}" = Alcor Micro USB Card Reader
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3B418709-D688-4E3A-BE0E-7D71FA84C948}" = Nero 11 PiP Effects 1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{4382FC76-8100-4951-8658-31834E625E88}" = Nero 11 Video Transitions 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5A2BE254-88E2-4416-AF72-288BE35ED713}_is1" = IdeaCom TSC 3.2.1206.10
"{5E98FDD6-3672-4DBE-AB8B-2C9A0BED1382}" = Nero 11 Disc Menus 3
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6BF66AED-3EA4-4106-B240-5CE96C9B76B0}" = Brother MFL-Pro Suite DCP-195C
"{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{795274EF-3EDA-4427-9D4C-446C9137BB6D}" = Eee Manager
"{7DF2B5EE-2C16-4E86-9C71-8678068AD805}" = Nero 11 Disc Menus 2
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85EA6D4E-04CC-48b0-B526-EA9E2FEF56FA}" = Eee Docking
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7ABBD4-A617-4AE8-9C6D-1510DE46EC35}" = Nero 11
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9FEC4E-8696-43B4-8C19-5BE4D9038B55}" = ASUS Easy Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0F34849-D9AB-46DD-B1BE-BB0DB60B1FE8}" = Nero 11 Disc Menus 1
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2CDC001-F8B3-4C64-9E74-2E3FA0FAC9D9}" = Nero 11 Video Samples
"{A4F6BE36-4826-45BA-A396-04F265A3B61D}" = Nero 11 Kwik Themes 2
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{ACD6B383-EC5B-4000-A455-CCB308B447FE}" = Nero 11 Kwik Themes 4
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B160A672-F326-4414-9BB0-A056C61B357C}" = Nero 11 Cliparts
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B1F69AF3-B5B5-4CA5-ADC5-8A738EB6E574}" = Nero 11 Kwik Themes 1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BA499CC0-12C0-4BA5-9007-76844B721158}" = Nero 11 Kwik Themes 3
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CF5451E4-DA6F-44AE-88D4-BCEC1508C17E}" = Eee Memo
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{d08d9f98-1c78-4704-87e6-368b0023d831}" = RelevantKnowledge
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{F8EF9B71-53E7-41F5-8E54-47B4C979CB38}" = Nero Backup Drivers
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"284D9B4A58796481EC5A61D01DCC5E654761629C" = ENE CIR Receiver Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"Asus WebStorage" = Asus WebStorage
"AsusVibeCheckUpdate_is1" = AsusVibeCheckUpdate
"CCleaner" = CCleaner
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"Free Studio_is1" = Free Studio version 5.6.2.627
"IncrediMail" = IncrediMail 2.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = ASUS Eee Cam
"InstallShield_{281C959A-2894-4251-8B02-A48186147282}" = Alcor Micro USB Card Reader
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Broadband HL Service" = Mobile Broadband HL Service
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"NeroShowTime!UninstallKey" = Nero ShowTime CE
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PrivitizeVPN" = PrivitizeVPN
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/11/2013 10:56:36 AM | Computer Name = Biba | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1ed4    Startzeit: 01ce08652f8a1c24    Endzeit: 560    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 2/11/2013 11:53:15 AM | Computer Name = Biba | Source = VSS | ID = 8193
Description =
 
Error - 2/11/2013 11:57:30 AM | Computer Name = Biba | Source = VSS | ID = 8193
Description =
 
Error - 2/11/2013 11:58:33 AM | Computer Name = Biba | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 2b8c    Startzeit: 01ce086e61521e4c    Endzeit: 765    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 2/11/2013 12:34:56 PM | Computer Name = Biba | Source = Application Hang | ID = 1002
Description = Programm INS608F.tmp, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 2bf0    Startzeit:
 01ce087561b4eee4    Endzeit: 60    Anwendungspfad: C:\Users\15G22J~1\AppData\Local\Temp\INS608F.tmp

Berichts-ID:
 d02e133d-7468-11e2-b4b7-90e6ba5b36a3 
 
Error - 2/11/2013 12:46:12 PM | Computer Name = Biba | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tc6.exe, Version: 6.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: tc6.exe, Version: 6.0.0.0, Zeitstempel:
 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001f6c  ID des fehlerhaften Prozesses:
 0x1424  Startzeit der fehlerhaften Anwendung: 0x01ce087735e7127c  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Trojancheck 6\tc6.exe  Pfad des fehlerhaften Moduls:
C:\Program Files\Trojancheck 6\tc6.exe  Berichtskennung: 8a67a3ac-746a-11e2-b4b7-90e6ba5b36a3
 
Error - 2/11/2013 12:46:27 PM | Computer Name = Biba | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tc6.exe, Version: 6.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: tc6.exe, Version: 6.0.0.0, Zeitstempel:
 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001f6c  ID des fehlerhaften Prozesses:
 0x2f98  Startzeit der fehlerhaften Anwendung: 0x01ce08772cca6e3c  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Trojancheck 6\tc6.exe  Pfad des fehlerhaften Moduls:
C:\Program Files\Trojancheck 6\tc6.exe  Berichtskennung: 93c4b41c-746a-11e2-b4b7-90e6ba5b36a3
 
Error - 2/11/2013 12:46:44 PM | Computer Name = Biba | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tc6.exe, Version: 6.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: tc6.exe, Version: 6.0.0.0, Zeitstempel:
 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001f6c  ID des fehlerhaften Prozesses:
 0x244c  Startzeit der fehlerhaften Anwendung: 0x01ce087758ebcb3c  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Trojancheck 6\tc6.exe  Pfad des fehlerhaften Moduls:
C:\Program Files\Trojancheck 6\tc6.exe  Berichtskennung: 9dc48c6c-746a-11e2-b4b7-90e6ba5b36a3
 
Error - 2/11/2013 12:47:23 PM | Computer Name = Biba | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tc6.exe, Version: 6.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000470b2  ID des fehlerhaften Prozesses:
 0x2f98  Startzeit der fehlerhaften Anwendung: 0x01ce08772cca6e3c  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Trojancheck 6\tc6.exe  Pfad des fehlerhaften Moduls:
C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: b4d85adc-746a-11e2-b4b7-90e6ba5b36a3
 
Error - 2/11/2013 12:48:05 PM | Computer Name = Biba | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 34d0    Startzeit: 01ce0870a54e6be4    Endzeit: 1389    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 2/11/2013 12:51:21 PM | Computer Name = Biba | Source = Application Hang | ID = 1002
Description = Programm CCleaner.exe, Version 3.27.0.1900 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 28ac    Startzeit:
 01ce0870b72dec04    Endzeit: 874    Anwendungspfad: C:\Program Files\CCleaner\CCleaner.exe

Berichts-ID:
 2fd6417d-746b-11e2-b4b7-90e6ba5b36a3 
 
Error - 2/11/2013 1:22:03 PM | Computer Name = Biba | Source = VSS | ID = 8193
Description =
 
Error - 2/11/2013 1:40:39 PM | Computer Name = Biba | Source = VSS | ID = 8193
Description =
 
Error - 2/12/2013 12:49:55 PM | Computer Name = Biba | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: f04    Startzeit: 01ce090564163ae0    Endzeit: 1210    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 
 
Error - 2/12/2013 12:59:32 PM | Computer Name = Biba | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 30ec    Startzeit: 01ce0940fc97cba4    Endzeit: 647    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID: 77206d45-7535-11e2-a959-90e6ba5b36a3

 
[ System Events ]
Error - 2/12/2013 12:59:08 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/12/2013 12:59:08 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/12/2013 12:59:08 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/12/2013 12:59:08 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/12/2013 12:59:08 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:  %%126
 
Error - 2/12/2013 12:59:19 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7023
Description = Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:  %%126
 
Error - 2/12/2013 12:59:19 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/12/2013 12:59:19 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/12/2013 12:59:19 PM | Computer Name = Biba | Source = Service Control Manager | ID = 7003
Description = Der Dienst "Computerbrowser" ist von folgendem Dienst abhängig: LanmanWorkstation.
 Dieser Dienst ist eventuell nicht installiert.
 
Error - 2/12/2013 1:07:04 PM | Computer Name = Biba | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Fehler beim Lesen der Datei für lokale Hosts.
 
 
< End of report >
Code:
OTL logfile created on: 2/12/2013 5:21:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\15G22J0290K0EU2Y\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.43 Gb Available Physical Memory | 24.71% Memory free
6.12 Gb Paging File | 3.82 Gb Available in Paging File | 62.38% Paging File free
Paging file location(s): c:\pagefile.sys 2686 2686d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98.59 Gb Total Space | 55.66 Gb Free Space | 56.46% Space Free | Partition Type: NTFS
Drive D: | 191.46 Gb Total Space | 125.90 Gb Free Space | 65.76% Space Free | Partition Type: NTFS
 
Computer Name: BIBA | User Name: 15G22J0290K0EU2Y | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe (Adobe Systems, Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\GamesBar\update\SearchEngineProtection.exe (Oberon Media )
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\RelevantKnowledge\rlservice.exe (TMRG,  Inc.)
PRC - C:\Program Files\RelevantKnowledge\rlvknlg.exe (TMRG,  Inc.)
PRC - C:\ProgramData\MobileBrServ\mbbService.exe ()
PRC - C:\Program Files\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\calc.exe (Microsoft Corporation)
PRC - C:\Program Files\IdeaCom\TSC\IdcSrv.exe (IdeaCom Technology Inc.)
PRC - C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe (IdeaCom Technology Inc.)
PRC - C:\Program Files\ASUS\Eee Manager\EMMessageParser.exe (ASUSTeK)
PRC - C:\Program Files\ASUS\Eee Manager\EeeManager.exe (ASUSTeK)
PRC - C:\Program Files\ASUS\Message Controller\AsMessageController.exe (ASUSTeK)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Program Files\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Program Files\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Program Files\IncrediMail\bin\ImAppRU.dll ()
MOD - \\?\C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-1998982368-3054312690-3844566786-1000\Indiv01.key ()
MOD - C:\Program Files\IncrediMail\Bin\pmc.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3524.15966__0d0f4b69e50e559b\SqliteShared.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\Program Files\ASUS\Asus WebStorage\EcaremeDLL.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsACPINotify.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsRemoteControlHooker.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\ImageMgr.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsKeyboardHooker.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\MessageParser\AsMultiLang.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\AsMultiLang.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Guard.Mail.ru) --  File not found
SRV - (Dnscache) -- %SystemRoot%\System32\pouae2gyp.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (RelevantKnowledge) -- C:\Program Files\RelevantKnowledge\rlservice.exe (TMRG,  Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe ()
SRV - (Update-Service) -- C:\Windows\System32\UpdSvc.dll (Joosoft.com GmbH)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (IdcSrv) -- C:\Program Files\IdeaCom\TSC\IdcSrv.exe (IdeaCom Technology Inc.)
SRV - (ETSCSERVICE) -- C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe (IdeaCom Technology Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (iwaozptt) --  File not found
DRV - (ivtpxjih) --  File not found
DRV - (islxmqgh) --  File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (cooonihv) --  File not found
DRV - (ay2gxske) --  File not found
DRV - (MpKsl7c329b1c) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5530FF78-84D4-47DD-B976-D69F33991593}\MpKsl7c329b1c.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvamacpi) -- C:\Windows\System32\drivers\nvamacpi.sys (NVIDIA Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (IdcFltr) -- C:\Windows\System32\drivers\idcfltr.sys (IdeaCom Technology Inc.)
DRV - (AmUStor) -- C:\Windows\System32\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (enecirhid) -- C:\Windows\System32\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV - (enecirhidma) -- C:\Windows\System32\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (s1029unic) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (ASInsHelp) -- C:\Windows\System32\drivers\AsInsHelp32.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2724407
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\Downloads
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&tt=060612_6_&babsrc=SP_ss&mntrId=34edba8b000000000000000000000000
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = hxxp://start.gamesagogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.startup.homepage: "hxxp://office-manager/Account/LogOn"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: D:\Program Files\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\15G22J0290K0EU2Y\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files\RelevantKnowledge\firefox [2012/10/09 19:48:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 18:55:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/12 08:43:15 | 000,000,000 | ---D | M]
 
[2012/08/28 19:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\mozilla\Extensions
[2012/12/28 09:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\mozilla\Firefox\Profiles\pz396p4t.default\extensions
[2012/12/10 18:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/12/10 18:04:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/06 18:55:08 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/18 21:02:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/07 23:46:18 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/08/29 11:27:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/18 21:02:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/18 21:02:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/18 21:02:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/18 21:02:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2012/12/22 17:18:38 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober14387457.xml
 
Hosts file not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [StartCal.exe] C:\Program Files\IdeaCom\TSC\StartCal.exe (IdeaCom Technology Inc.)
O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\update\SearchEngineProtection.exe (Oberon Media )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\system32\UDDIjdlcn.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{577a8c28-8370-4d95-a804-69548d509e85}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{716FB368-5896-4B52-8AF2-C05A3D46DE1D}: DhcpNameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7862A30D-58BD-4301-9854-D68DEF14A18E}: DhcpNameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7862A30D-58BD-4301-9854-D68DEF14A18E}: Domain = goezy.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7862A30D-58BD-4301-9854-D68DEF14A18E}: NameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{d4817425-ae18-4a77-9d08-71acc98bd32c}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{f759e9d5-c984-4da0-b5a0-a2d9df02b1ff}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IdcNotify: DllName - (idcnotify.dll) - C:\Windows\System32\idcnotify.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1550962e-d83e-11e1-a9ca-0025d37d7501}\Shell - "" = AutoRun
O33 - MountPoints2\{1550962e-d83e-11e1-a9ca-0025d37d7501}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{28e63b4b-bb23-11e1-a36b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{28e63b4b-bb23-11e1-a36b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{698150b1-deaa-11df-971b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{698150b1-deaa-11df-971b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{698150b9-deaa-11df-971b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{698150b9-deaa-11df-971b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9cdf9d38-bcff-11e1-b74e-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{9cdf9d38-bcff-11e1-b74e-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/12 17:17:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe
[2013/02/12 14:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
[2013/02/11 17:08:00 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\TuneUp Software
[2013/02/11 16:48:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/02/11 16:48:27 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Local\MFAData
[2013/02/11 16:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/02/11 16:48:27 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Avg2013
[2013/02/08 09:21:13 | 016,365,936 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/02/07 17:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/02/05 15:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/01/23 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\Documents\Outlook-Dateien
[2012/05/08 10:11:07 | 001,638,400 | ---- | C] (LIGHTNING UK!) -- C:\Users\15G22J0290K0EU2Y\AppData\Local\ImgBurn.exe
[2011/12/08 23:02:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/12 17:55:06 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/12 17:21:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/12 17:17:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe
[2013/02/12 16:17:25 | 000,018,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/12 16:17:25 | 000,018,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/12 15:07:07 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1998982368-3054312690-3844566786-1000UA.job
[2013/02/12 10:29:08 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/02/12 10:27:28 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/12 10:27:07 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/02/12 10:26:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/12 10:26:37 | 1408,638,976 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/12 00:39:18 | 000,409,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/12 00:38:55 | 295,472,861 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/11 16:41:42 | 000,007,625 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Resmon.ResmonCfg
[2013/02/09 20:56:03 | 000,084,992 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\20% Off Easy Change.msg
[2013/02/09 18:57:42 | 000,555,429 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\QuoteDetail6BerthSTPremierUnitedCampervansNZ1302093898STW.pdf
[2013/02/08 09:21:26 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/08 09:21:26 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/08 09:21:15 | 016,365,936 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/02/08 09:07:02 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1998982368-3054312690-3844566786-1000Core.job
[2013/02/07 15:28:48 | 000,616,498 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/02/07 15:28:48 | 000,580,736 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/07 15:28:48 | 000,122,242 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/02/07 15:28:48 | 000,098,632 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/30 16:53:03 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/01/21 20:54:13 | 000,001,041 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\vso_ts_preview.xml
 
========== Files Created - No Company Name ==========
 
[2013/02/12 00:38:56 | 000,409,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/12 00:38:55 | 295,472,861 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/11 16:41:42 | 000,007,625 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Resmon.ResmonCfg
[2013/02/09 20:56:02 | 000,084,992 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\20% Off Easy Change.msg
[2013/02/09 18:57:42 | 000,555,429 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\QuoteDetail6BerthSTPremierUnitedCampervansNZ1302093898STW.pdf
[2012/12/07 21:19:13 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012/12/07 21:19:12 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012/12/07 21:19:11 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012/12/07 21:19:10 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012/12/07 21:19:10 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012/10/27 18:13:50 | 000,003,584 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/27 15:17:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/07/02 22:59:09 | 000,283,097 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/07/02 19:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/06/16 15:52:46 | 000,000,130 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\default.rss
[2012/06/09 18:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/06/08 00:59:27 | 000,002,272 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012/06/08 00:54:38 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012/05/30 10:52:20 | 004,305,920 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/05/21 17:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\System32\mlc.dll
[2012/02/22 12:05:36 | 015,495,729 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\SMRBackup250.dat
[2011/12/08 23:02:17 | 000,087,608 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\inst.exe
[2011/12/08 23:02:17 | 000,007,887 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.cat
[2011/12/08 23:02:17 | 000,001,144 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.inf
[2011/12/08 22:20:53 | 000,001,041 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\vso_ts_preview.xml
[2011/12/08 20:25:00 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/12/08 17:03:53 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011/12/07 22:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011/02/17 14:10:28 | 000,000,071 | ---- | C] () -- C:\Windows\wiso.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/08/28 19:37:12 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Asus WebStorage
[2013/01/12 23:11:05 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\DAEMON Tools Lite
[2012/07/03 17:59:26 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\DVDVideoSoft
[2012/07/03 17:44:29 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/05/07 13:25:37 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\elsterformular
[2012/12/21 09:12:47 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\ImgBurn
[2012/12/22 17:18:39 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Oberon Media
[2012/07/03 17:58:34 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\OpenCandy
[2011/11/28 21:18:31 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\PhotoFiltre
[2012/06/20 23:07:33 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Sony
[2012/06/20 23:08:20 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Sony Setup
[2012/06/08 00:59:47 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\systweak
[2013/02/03 14:32:52 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\TeamViewer
[2013/02/11 17:08:00 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\TuneUp Software
[2012/07/06 08:44:00 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Uniblue
[2012/12/22 17:18:32 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\VisicomToolBar
[2013/01/27 19:54:40 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Vso
[2012/07/05 21:42:20 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Win7codecs
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

cosinus 12.02.2013 23:34
Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

karlshagen 13.02.2013 15:47
Code:
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-13 15:36:41
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C 298,09GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\15G22J~1\AppData\Local\Temp\pxddqpow.sys


---- Kernel code sections - GMER 2.0 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                  83074A49 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                    830AE4D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.sptd1  C:\Windows\System32\Drivers\sptd.sys                                                                                      entry point in ".sptd1" section [0x88791B2E]
PAGE    PCIIDEX.SYS!DllUnload                                                                                                    8886F606 5 Bytes  JMP 85D601C8
PAGE    ataport.SYS!DllUnload + 1                                                                                                888AAAD7 4 Bytes  JMP 850B8411
.text  USBPORT.SYS!DllUnload                                                                                                    8DA29DB9 5 Bytes  JMP 8621A1C8
?      C:\Windows\System32\Drivers\a5mfy3ru.SYS                                                                                  suspicious PE modification
PAGE    peauth.sys                                                                                                                A22FBBED 110 Bytes  CALL BF3BFD12
.text  autochk.exe                                                                                                              00271204 4 Bytes  [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text  autochk.exe                                                                                                              0027120C 1 Byte  [00]
.text  autochk.exe                                                                                                              00271210 1 Byte  [00]
.text  autochk.exe                                                                                                              00271214 2 Bytes  [00, 00] {ADD [EAX], AL}
.text  autochk.exe                                                                                                              00271218 2 Bytes  [00, 00] {ADD [EAX], AL}
.text  ...                                                                                                                     

---- User code sections - GMER 2.0 ----

.text  C:\Windows\system32\wbem\unsecapp.exe[348] kernel32.dll!CreateProcessW                                                    75F3204D 5 Bytes  JMP 10045001 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] kernel32.dll!GetQueuedCompletionStatus                                        75F64E90 5 Bytes  JMP 10043FDC C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] ole32.dll!CoGetClassObject                                                    762554AD 5 Bytes  JMP 10037B16 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!sendto                                                              767134B5 5 Bytes  JMP 100445E3 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!closesocket                                                        76713918 5 Bytes  JMP 10042A61 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!WSASend                                                            76714406 5 Bytes  JMP 100435DB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!recv                                                                76716B0E 5 Bytes  JMP 10043A52 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!connect                                                            76716BDD 5 Bytes  JMP 10042574 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!send                                                                76716F01 5 Bytes  JMP 10043069 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!WSARecv                                                            76717089 5 Bytes  JMP 100460BB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!WSAGetOverlappedResult                                              76717489 5 Bytes  JMP 10043CEB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!recvfrom                                                            7671B6DC 5 Bytes  JMP 10044335 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!WSARecvFrom                                                        7671CBA6 5 Bytes  JMP 100463AF C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!WSAConnect                                                          7671CC3F 5 Bytes  JMP 100428EA C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WS2_32.dll!WSASendTo                                                          7672B30C 5 Bytes  JMP 10044B72 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\wbem\unsecapp.exe[348] WININET.dll!UnlockUrlCacheEntryFile                                            7593AFB8 5 Bytes  JMP 10046AA5 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] kernel32.dll!CreateProcessW                                                            75F3204D 5 Bytes  JMP 10045001 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] kernel32.dll!GetQueuedCompletionStatus                                                  75F64E90 5 Bytes  JMP 10043FDC C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] ole32.dll!CoGetClassObject                                                              762554AD 5 Bytes  JMP 10037B16 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!sendto                                                                      767134B5 5 Bytes  JMP 100445E3 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!closesocket                                                                  76713918 5 Bytes  JMP 10042A61 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!WSASend                                                                      76714406 5 Bytes  JMP 100435DB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!recv                                                                        76716B0E 5 Bytes  JMP 10043A52 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!connect                                                                      76716BDD 5 Bytes  JMP 10042574 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!send                                                                        76716F01 5 Bytes  JMP 10043069 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!WSARecv                                                                      76717089 5 Bytes  JMP 100460BB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!WSAGetOverlappedResult                                                      76717489 5 Bytes  JMP 10043CEB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!recvfrom                                                                    7671B6DC 5 Bytes  JMP 10044335 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!WSARecvFrom                                                                  7671CBA6 5 Bytes  JMP 100463AF C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!WSAConnect                                                                  7671CC3F 5 Bytes  JMP 100428EA C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WS2_32.dll!WSASendTo                                                                    7672B30C 5 Bytes  JMP 10044B72 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\system32\Dwm.exe[1800] WININET.dll!UnlockUrlCacheEntryFile                                                    7593AFB8 5 Bytes  JMP 10046AA5 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] kernel32.dll!CreateProcessW                                                                75F3204D 5 Bytes  JMP 074D5001 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] kernel32.dll!GetQueuedCompletionStatus                                                      75F64E90 5 Bytes  JMP 074D3FDC C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] ole32.dll!CoGetClassObject                                                                  762554AD 5 Bytes  JMP 074C7B16 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!sendto                                                                          767134B5 5 Bytes  JMP 074D45E3 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!closesocket                                                                      76713918 5 Bytes  JMP 074D2A61 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!WSASend                                                                          76714406 5 Bytes  JMP 074D35DB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!recv                                                                            76716B0E 5 Bytes  JMP 074D3A52 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!connect                                                                          76716BDD 5 Bytes  JMP 074D2574 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!send                                                                            76716F01 5 Bytes  JMP 074D3069 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!WSARecv                                                                          76717089 5 Bytes  JMP 074D60BB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!WSAGetOverlappedResult                                                          76717489 5 Bytes  JMP 074D3CEB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!recvfrom                                                                        7671B6DC 5 Bytes  JMP 074D4335 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!WSARecvFrom                                                                      7671CBA6 5 Bytes  JMP 074D63AF C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!WSAConnect                                                                      7671CC3F 5 Bytes  JMP 074D28EA C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WS2_32.dll!WSASendTo                                                                        7672B30C 5 Bytes  JMP 074D4B72 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Windows\Explorer.EXE[2160] WININET.dll!UnlockUrlCacheEntryFile                                                        7593AFB8 5 Bytes  JMP 074D6AA5 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] kernel32.dll!CreateProcessW                                  75F3204D 5 Bytes  JMP 10045001 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] kernel32.dll!GetQueuedCompletionStatus                      75F64E90 5 Bytes  JMP 10043FDC C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] ole32.dll!CoGetClassObject                                  762554AD 5 Bytes  JMP 10037B16 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WININET.dll!UnlockUrlCacheEntryFile                          7593AFB8 5 Bytes  JMP 10046AA5 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!sendto                                            767134B5 5 Bytes  JMP 100445E3 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!closesocket                                      76713918 5 Bytes  JMP 10042A61 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!WSASend                                          76714406 5 Bytes  JMP 100435DB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!recv                                              76716B0E 5 Bytes  JMP 10043A52 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!connect                                          76716BDD 5 Bytes  JMP 10042574 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!send                                              76716F01 5 Bytes  JMP 10043069 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!WSARecv                                          76717089 5 Bytes  JMP 100460BB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!WSAGetOverlappedResult                            76717489 5 Bytes  JMP 10043CEB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!recvfrom                                          7671B6DC 5 Bytes  JMP 10044335 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!WSARecvFrom                                      7671CBA6 5 Bytes  JMP 100463AF C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!WSAConnect                                        7671CC3F 5 Bytes  JMP 100428EA C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Microsoft Security Client\msseces.exe[3720] WS2_32.dll!WSASendTo                                        7672B30C 5 Bytes  JMP 10044B72 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] kernel32.dll!CreateProcessW                              75F3204D 5 Bytes  JMP 10045001 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] kernel32.dll!GetQueuedCompletionStatus                  75F64E90 5 Bytes  JMP 10043FDC C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WININET.dll!UnlockUrlCacheEntryFile                      7593AFB8 5 Bytes  JMP 10046AA5 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] ole32.dll!CoGetClassObject                              762554AD 5 Bytes  JMP 10037B16 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!sendto                                        767134B5 5 Bytes  JMP 100445E3 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!closesocket                                  76713918 5 Bytes  JMP 10042A61 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!WSASend                                      76714406 5 Bytes  JMP 100435DB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!recv                                          76716B0E 5 Bytes  JMP 10043A52 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!connect                                      76716BDD 5 Bytes  JMP 10042574 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!send                                          76716F01 5 Bytes  JMP 10043069 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!WSARecv                                      76717089 5 Bytes  JMP 100460BB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!WSAGetOverlappedResult                        76717489 5 Bytes  JMP 10043CEB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!recvfrom                                      7671B6DC 5 Bytes  JMP 10044335 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!WSARecvFrom                                  7671CBA6 5 Bytes  JMP 100463AF C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!WSAConnect                                    7671CC3F 5 Bytes  JMP 100428EA C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Java\Java Update\jusched.exe[3808] WS2_32.dll!WSASendTo                                    7672B30C 5 Bytes  JMP 10044B72 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] kernel32.dll!CreateProcessW                            75F3204D 5 Bytes  JMP 10045001 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] kernel32.dll!GetQueuedCompletionStatus                  75F64E90 5 Bytes  JMP 10043FDC C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WININET.dll!UnlockUrlCacheEntryFile                    7593AFB8 5 Bytes  JMP 10046AA5 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] ole32.dll!CoGetClassObject                              762554AD 5 Bytes  JMP 10037B16 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!sendto                                      767134B5 5 Bytes  JMP 100445E3 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!closesocket                                  76713918 5 Bytes  JMP 10042A61 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!WSASend                                      76714406 5 Bytes  JMP 100435DB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!recv                                        76716B0E 5 Bytes  JMP 10043A52 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!connect                                      76716BDD 5 Bytes  JMP 10042574 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!send                                        76716F01 5 Bytes  JMP 10043069 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!WSARecv                                      76717089 5 Bytes  JMP 100460BB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!WSAGetOverlappedResult                      76717489 5 Bytes  JMP 10043CEB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!recvfrom                                    7671B6DC 5 Bytes  JMP 10044335 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!WSARecvFrom                                  7671CBA6 5 Bytes  JMP 100463AF C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!WSAConnect                                  7671CC3F 5 Bytes  JMP 100428EA C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\GamesBar\update\SearchEngineProtection.exe[4076] WS2_32.dll!WSASendTo                                    7672B30C 5 Bytes  JMP 10044B72 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] kernel32.dll!CreateProcessW            75F3204D 5 Bytes  JMP 10045001 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] kernel32.dll!GetQueuedCompletionStatus  75F64E90 5 Bytes  JMP 10043FDC C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] ole32.dll!CoGetClassObject              762554AD 5 Bytes  JMP 10037B16 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!sendto                      767134B5 5 Bytes  JMP 100445E3 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!closesocket                  76713918 5 Bytes  JMP 10042A61 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!WSASend                      76714406 5 Bytes  JMP 100435DB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!recv                        76716B0E 5 Bytes  JMP 10043A52 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!connect                      76716BDD 5 Bytes  JMP 10042574 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!send                        76716F01 5 Bytes  JMP 10043069 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!WSARecv                      76717089 5 Bytes  JMP 100460BB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!WSAGetOverlappedResult      76717489 5 Bytes  JMP 10043CEB C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!recvfrom                    7671B6DC 5 Bytes  JMP 10044335 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!WSARecvFrom                  7671CBA6 5 Bytes  JMP 100463AF C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!WSAConnect                  7671CC3F 5 Bytes  JMP 100428EA C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WS2_32.dll!WSASendTo                    7672B30C 5 Bytes  JMP 10044B72 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)
.text  C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[4984] WININET.dll!UnlockUrlCacheEntryFile    7593AFB8 5 Bytes  JMP 10046AA5 C:\Program Files\RelevantKnowledge\rlls.dll (Relevant-Knowledge/TMRG,  Inc.)

---- Kernel IAT/EAT - GMER 2.0 ----

IAT    \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                  [8869C730] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT    \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                [8869CF12] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT    \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong]                                                [8869D232] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT    \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                          [8869D0F0] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT    \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                          [8869C914] \SystemRoot\System32\Drivers\sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

---- User IAT/EAT - GMER 2.0 ----

IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                          [741524CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                      [7413562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                    [741356EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                            [74152546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                  [741485AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                    [74144D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                  [74145105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                  [741451DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                        [74146707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                  [74148301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                              [74148850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                            [741490B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                  [7414E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT    C:\Windows\Explorer.EXE[2160] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                      [74144C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Registry - GMER 2.0 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                         
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                      0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                      0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                    0x3B 0x5A 0x26 0x77 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                      D:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                          0x79 0x05 0x2D 0x50 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                              0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                      0x9F 0xB2 0x2B 0x09 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                      0xE5 0x86 0x42 0x50 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                     
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                          0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                          0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                        0x3B 0x5A 0x26 0x77 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                          D:\Program Files\DAEMON Tools Lite\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)           
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                              0x79 0x05 0x2D 0x50 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                  0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)       
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                          0x9F 0xB2 0x2B 0x09 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)       
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                          0xE5 0x86 0x42 0x50 ...

---- EOF - GMER 2.0 ----

cosinus 14.02.2013 11:09
Was ist mit dem anderen Log? :wtf:

karlshagen 14.02.2013 15:03
Welchen andern meinst Du? Da war nur einer.

cosinus 14.02.2013 15:40
Beiträge mal komplett lesen? => GMER wurde am Anfang erwähnt, dann aswMBR, ich seh aber nur ein Log von GMER

Zitat:
Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

...

karlshagen 14.02.2013 17:04
Scan mit aswMBR ist mittendrin abgebrochen.

cosinus 14.02.2013 17:12
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

karlshagen 14.02.2013 19:12
Code:
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-14 19:03:56
-----------------------------
19:03:56.482    OS Version: Windows 6.1.7601 Service Pack 1
19:03:56.482    Number of processors: 4 586 0x1C02
19:03:56.482    ComputerName: BIBA  UserName:
19:04:00.616    Initialize success
19:04:29.226    AVAST engine defs: 13021400
19:04:46.480    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:04:46.480    Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 3
19:04:46.542    Disk 0 MBR read successfully
19:04:46.542    Disk 0 MBR scan
19:04:46.558    Disk 0 unknown MBR code
19:04:46.574    Disk 0 Partition 1 00    1B  Hidd FAT32 NTFS        8192 MB offset 50
19:04:46.605    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      100960 MB offset 16778600
19:04:46.652    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      196058 MB offset 223546250
19:04:46.714    Disk 0 Partition 4 00    EF      EFI FAT    A1370      31 MB offset 625074950
19:04:46.730    Disk 0 scanning sectors +625140450
19:04:46.839    Disk 0 scanning C:\Windows\system32\drivers
19:05:17.524    Service scanning
19:06:10.455    Modules scanning
19:06:32.888    Disk 0 trace - called modules:
19:06:32.934    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x85d631e8]<<
19:06:32.950    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f3f460]
19:06:32.966    3 CLASSPNP.SYS[88f1259e] -> nt!IofCallDriver -> [0x85df1918]
19:06:32.997    5 ACPI.sys[837be3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850ef610]
19:06:33.012    \Driver\atapi[0x85dd96b0] -> IRP_MJ_CREATE -> 0x85d631e8
19:06:33.028    Scan finished successfully
19:08:11.230    Disk 0 MBR has been saved successfully to "C:\Users\15G22J0290K0EU2Y\Desktop\Scan\MBR.dat"
19:08:11.246    The log file has been saved successfully to "C:\Users\15G22J0290K0EU2Y\Desktop\Scan\aswMBR.txt"

cosinus 15.02.2013 10:43
MBAR

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

karlshagen 15.02.2013 15:05
Code:
Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org

Database version: v2013.02.15.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
15G22J0290K0EU2Y :: BIBA [administrator]

15.02.2013 14:28:47
mbar-log-2013-02-15 (14-28-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26773
Time elapsed: 32 minute(s), 27 second(s)

Memory Processes Detected: 2
c:\Program Files\RelevantKnowledge\rlservice.exe (PUP.Adware.RelevantKnowledge) -> 2200 -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> 3848 -> Delete on reboot.

Memory Modules Detected: 15
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.

Registry Keys Detected: 2
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RelevantKnowledge (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{d08d9f98-1c78-4704-87e6-368b0023d831} (PUP.Adware.RelevantKnowledge) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 26
c:\Program Files\RelevantKnowledge (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\components (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\defaults (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\defaults\preferences (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\locale (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\addon-kit (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\addon-kit\data (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\addon-kit\lib (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\data (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\content (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\dom (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\events (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\traits (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\utils (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\windows (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs\data (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs\data\.idea (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs\data\.idea\scopes (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs\lib (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> Delete on reboot.

Files Detected: 95
c:\Program Files\RelevantKnowledge\rlls.dll (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlservice.exe (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\chrome.manifest (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\egdcf.dat (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\install.rdf (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\nscf.dat (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlcm.crx (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlcm.txt (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlls64.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlph.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlvknlg64.exe (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\rlxf.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\components\rlxg.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\bootstrap.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\harness-options.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\install.rdf (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\locales.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\rlnx.dll (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\defaults\preferences\prefs.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\locale\en-GB.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\locale\eo.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\locale\fr-FR.json (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\chrome.manifest (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\addon-kit\lib\page-mod.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\addon-kit\lib\tabs.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\addon-kit\lib\windows.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\data\content-proxy.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\data\test-content-symbiont.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\data\test-message-manager.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\data\test-trusted-document.html (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\globals!.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\api-utils.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\byte-streams.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\channel.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\collection.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\content.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\cortex.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\cuddlefish.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\environment.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\errors.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\events.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\file.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\hidden-frame.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\light-traits.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\list.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\match-pattern.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\memory.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\message-manager.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\namespace.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\observer-service.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\plain-text-console.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\process.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\runtime.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\sandbox.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\self!.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\system.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\text-streams.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\timer.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\traceback.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\traits.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\unload.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\url.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\window-utils.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\xpcom.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\xul-app.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\content\loader.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\content\symbiont.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\content\worker.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\dom\events.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\events\assembler.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\events.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\observer.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\tab.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\tabs\utils.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\traits\core.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\data.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\function.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\object.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\registry.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\utils\thumbnail.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\dom.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\loader.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\observer.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\api-utils\lib\windows\tabs.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs\data\content.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\Program Files\RelevantKnowledge\firefox\resources\dpjs\lib\main.js (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID -  Goodware Repository Information Database.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.
c:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (PUP.Spyware.MarketScore) -> Delete on reboot.

(end)
Code:
15:08:18.0673 0840  WebClient - ok
15:08:18.0693 0840  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:08:18.0713 0840  Wecsvc - ok
15:08:18.0733 0840  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
15:08:18.0743 0840  wercplsupport - ok
15:08:18.0773 0840  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:08:18.0783 0840  WerSvc - ok
15:08:18.0823 0840  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:08:18.0823 0840  WfpLwf - ok
15:08:18.0843 0840  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:08:18.0853 0840  WIMMount - ok
15:08:18.0913 0840  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
15:08:18.0933 0840  WinDefend - ok
15:08:18.0953 0840  WinHttpAutoProxySvc - ok
15:08:19.0043 0840  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
15:08:19.0043 0840  Winmgmt - ok
15:08:19.0243 0840  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\Windows\system32\WsmSvc.dll
15:08:19.0273 0840  WinRM - ok
15:08:19.0323 0840  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:08:19.0323 0840  WinUsb - ok
15:08:19.0383 0840  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
15:08:19.0413 0840  Wlansvc - ok
15:08:19.0443 0840  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
15:08:19.0443 0840  WmiAcpi - ok
15:08:19.0503 0840  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:08:19.0543 0840  wmiApSrv - ok
15:08:19.0683 0840  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
15:08:19.0713 0840  WMPNetworkSvc - ok
15:08:19.0753 0840  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:08:19.0763 0840  WPCSvc - ok
15:08:19.0803 0840  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:08:19.0813 0840  WPDBusEnum - ok
15:08:19.0843 0840  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
15:08:19.0843 0840  ws2ifsl - ok
15:08:19.0873 0840  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
15:08:19.0883 0840  wscsvc - ok
15:08:19.0903 0840  WSearch - ok
15:08:20.0003 0840  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:08:20.0053 0840  wuauserv - ok
15:08:20.0093 0840  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:08:20.0093 0840  WudfPf - ok
15:08:20.0123 0840  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:08:20.0133 0840  WUDFRd - ok
15:08:20.0163 0840  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
15:08:20.0173 0840  wudfsvc - ok
15:08:20.0203 0840  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
15:08:20.0223 0840  WwanSvc - ok
Code:
15:08:20.0293 0840  ================ Scan global ===============================
15:08:20.0333 0840  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:08:20.0383 0840  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:08:20.0403 0840  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:08:20.0443 0840  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:08:20.0493 0840  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:08:20.0503 0840  [Global] - ok
15:08:20.0503 0840  ================ Scan MBR ==================================
15:08:20.0523 0840  [ F05261C246CE4B3C544521FFFF7AEF5D ] \Device\Harddisk0\DR0
15:08:20.0783 0840  \Device\Harddisk0\DR0 - ok
15:08:20.0783 0840  ================ Scan VBR ==================================
15:08:20.0793 0840  [ EFCAF4556CC4D2273069727C6D68A0F5 ] \Device\Harddisk0\DR0\Partition1
15:08:20.0803 0840  \Device\Harddisk0\DR0\Partition1 - ok
15:08:20.0833 0840  [ DC37B8A9882E771E94BBC2EB6C2164FF ] \Device\Harddisk0\DR0\Partition2
15:08:20.0833 0840  \Device\Harddisk0\DR0\Partition2 - ok
15:08:20.0843 0840  ============================================================
15:08:20.0843 0840  Scan finished
15:08:20.0843 0840  ============================================================
15:08:20.0873 2980  Detected object count: 0
15:08:20.0873 2980  Actual detected object count: 0
15:10:52.0631 4184  Deinitialize success

cosinus 15.02.2013 15:38
Das LOg vom TDSS ist unvollständig und zerhackstückelt :wtf:
Bitte richtig posten

karlshagen 15.02.2013 16:45
Folgende Meldung beim Übertragen des letzten LOGS.

Der Text, den Sie eingegeben haben, besteht aus 128375 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen.

Logs bitte als Archiv an den Beitrag anhängen!

Daher habe ich es einfach geteilt.

cosinus 16.02.2013 14:44
Ja aber du hast es zerhackstückelt

Bitte so vorgehen => http://www.trojaner-board.de/69886-a...tml#post566999

karlshagen 16.02.2013 17:19
Code:
15:07:09.0717 2988  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:07:10.0017 2988  ============================================================
15:07:10.0017 2988  Current date / time: 2013/02/15 15:07:10.0017
15:07:10.0017 2988  SystemInfo:
15:07:10.0017 2988 
15:07:10.0017 2988  OS Version: 6.1.7601 ServicePack: 1.0
15:07:10.0017 2988  Product type: Workstation
15:07:10.0017 2988  ComputerName: BIBA
15:07:10.0017 2988  UserName: 15G22J0290K0EU2Y
15:07:10.0017 2988  Windows directory: C:\Windows
15:07:10.0017 2988  System windows directory: C:\Windows
15:07:10.0017 2988  Processor architecture: Intel x86
15:07:10.0017 2988  Number of processors: 4
15:07:10.0017 2988  Page size: 0x1000
15:07:10.0017 2988  Boot type: Normal boot
15:07:10.0017 2988  ============================================================
15:07:14.0363 2988  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x46FCB, SectorsPerTrack: 0x32, TracksPerCylinder: 0x2B, Type 'K0', Flags 0x00000050
15:07:14.0523 2988  ============================================================
15:07:14.0523 2988  \Device\Harddisk0\DR0:
15:07:14.0657 2988  MBR partitions:
15:07:14.0657 2988  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1000568, BlocksNum 0xC530622
15:07:14.0658 2988  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xD530B8A, BlocksNum 0x17EED2FE
15:07:14.0658 2988  ============================================================
15:07:14.0705 2988  C: <-> \Device\Harddisk0\DR0\Partition1
15:07:14.0745 2988  D: <-> \Device\Harddisk0\DR0\Partition2
15:07:14.0745 2988  ============================================================
15:07:14.0745 2988  Initialize success
15:07:14.0745 2988  ============================================================
15:07:19.0351 2552  ============================================================
15:07:19.0351 2552  Scan started
15:07:19.0351 2552  Mode: Manual;
15:07:19.0351 2552  ============================================================
15:07:20.0181 2552  ================ Scan system memory ========================
15:07:20.0181 2552  System memory - ok
15:07:20.0181 2552  ================ Scan services =============================
15:07:20.0361 2552  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:07:20.0361 2552  1394ohci - ok
15:07:20.0421 2552  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:07:20.0441 2552  ACPI - ok
15:07:20.0491 2552  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
15:07:20.0551 2552  AcpiPmi - ok
15:07:20.0641 2552  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:07:20.0641 2552  AdobeARMservice - ok
15:07:20.0701 2552  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:07:20.0711 2552  AdobeFlashPlayerUpdateSvc - ok
15:07:20.0771 2552  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
15:07:20.0781 2552  adp94xx - ok
15:07:20.0821 2552  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
15:07:20.0821 2552  adpahci - ok
15:07:20.0851 2552  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
15:07:20.0861 2552  adpu320 - ok
15:07:20.0901 2552  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
15:07:20.0911 2552  AeLookupSvc - ok
15:07:20.0941 2552  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD            C:\Windows\system32\drivers\afd.sys
15:07:20.0951 2552  AFD - ok
15:07:20.0991 2552  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
15:07:20.0991 2552  agp440 - ok
15:07:21.0031 2552  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
15:07:21.0041 2552  aic78xx - ok
15:07:21.0071 2552  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
15:07:21.0071 2552  ALG - ok
15:07:21.0101 2552  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:07:21.0101 2552  aliide - ok
15:07:21.0131 2552  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:07:21.0131 2552  amdagp - ok
15:07:21.0161 2552  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:07:21.0161 2552  amdide - ok
15:07:21.0181 2552  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
15:07:21.0191 2552  AmdK8 - ok
15:07:21.0211 2552  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:07:21.0221 2552  AmdPPM - ok
15:07:21.0251 2552  [ D320BF87125326F996D4904FE24300FC ] amdsata        C:\Windows\system32\drivers\amdsata.sys
15:07:21.0261 2552  amdsata - ok
15:07:21.0301 2552  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:07:21.0311 2552  amdsbs - ok
15:07:21.0331 2552  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
15:07:21.0331 2552  amdxata - ok
15:07:21.0361 2552  [ D2BF422C2611632AFB9CE8F7B2A8C306 ] AmUStor        C:\Windows\system32\drivers\AmUStor.SYS
15:07:21.0361 2552  AmUStor - ok
15:07:21.0411 2552  [ AEA177F783E20150ACE5383EE368DA19 ] AppID          C:\Windows\system32\drivers\appid.sys
15:07:21.0411 2552  AppID - ok
15:07:21.0451 2552  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:07:21.0451 2552  AppIDSvc - ok
15:07:21.0491 2552  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo        C:\Windows\System32\appinfo.dll
15:07:21.0491 2552  Appinfo - ok
15:07:21.0531 2552  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\DRIVERS\arc.sys
15:07:21.0531 2552  arc - ok
15:07:21.0551 2552  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:07:21.0561 2552  arcsas - ok
15:07:21.0581 2552  [ ADAA34740E9F6AFF94CC75D5CF8ED7E2 ] ASInsHelp      C:\Windows\system32\drivers\AsInsHelp32.sys
15:07:21.0591 2552  ASInsHelp - ok
15:07:21.0611 2552  [ 9D8CB58B9A9E177DDD599791A58A654D ] AsIO            C:\Windows\system32\drivers\AsIO.sys
15:07:21.0611 2552  AsIO - ok
15:07:21.0641 2552  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:07:21.0641 2552  AsyncMac - ok
15:07:21.0671 2552  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\Windows\system32\drivers\atapi.sys
15:07:21.0681 2552  atapi - ok
15:07:21.0771 2552  [ 31CB2740BFDBAC1E48E2B7EAD38F0D27 ] athr            C:\Windows\system32\DRIVERS\athr.sys
15:07:21.0831 2552  athr - ok
15:07:21.0881 2552  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:07:21.0891 2552  AudioEndpointBuilder - ok
15:07:21.0911 2552  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:07:21.0921 2552  Audiosrv - ok
15:07:21.0971 2552  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:07:21.0971 2552  AxInstSV - ok
15:07:22.0011 2552  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
15:07:22.0021 2552  b06bdrv - ok
15:07:22.0051 2552  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
15:07:22.0051 2552  b57nd60x - ok
15:07:22.0091 2552  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:07:22.0101 2552  BDESVC - ok
15:07:22.0121 2552  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:07:22.0121 2552  Beep - ok
15:07:22.0181 2552  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE            C:\Windows\System32\bfe.dll
15:07:22.0201 2552  BFE - ok
15:07:22.0241 2552  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
15:07:22.0291 2552  BITS - ok
15:07:22.0331 2552  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:07:22.0331 2552  blbdrive - ok
15:07:22.0361 2552  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:07:22.0371 2552  bowser - ok
15:07:22.0391 2552  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:07:22.0391 2552  BrFiltLo - ok
15:07:22.0411 2552  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:07:22.0411 2552  BrFiltUp - ok
15:07:22.0461 2552  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser        C:\Windows\System32\browser.dll
15:07:22.0461 2552  Browser - ok
15:07:22.0491 2552  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
15:07:22.0491 2552  Brserid - ok
15:07:22.0531 2552  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:07:22.0531 2552  BrSerWdm - ok
15:07:22.0551 2552  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:07:22.0561 2552  BrUsbMdm - ok
15:07:22.0571 2552  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:07:22.0581 2552  BrUsbSer - ok
15:07:22.0601 2552  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:07:22.0601 2552  BTHMODEM - ok
15:07:22.0641 2552  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
15:07:22.0641 2552  bthserv - ok
15:07:22.0671 2552  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:07:22.0671 2552  cdfs - ok
15:07:22.0701 2552  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
15:07:22.0701 2552  cdrom - ok
15:07:22.0751 2552  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc    C:\Windows\System32\certprop.dll
15:07:22.0751 2552  CertPropSvc - ok
15:07:22.0791 2552  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:07:22.0801 2552  circlass - ok
15:07:22.0831 2552  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
15:07:22.0841 2552  CLFS - ok
15:07:22.0911 2552  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:07:22.0911 2552  clr_optimization_v2.0.50727_32 - ok
15:07:22.0941 2552  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:07:22.0951 2552  clr_optimization_v4.0.30319_32 - ok
15:07:22.0981 2552  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:07:22.0991 2552  CmBatt - ok
15:07:23.0021 2552  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:07:23.0021 2552  cmdide - ok
15:07:23.0061 2552  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG            C:\Windows\system32\Drivers\cng.sys
15:07:23.0071 2552  CNG - ok
15:07:23.0091 2552  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:07:23.0091 2552  Compbatt - ok
15:07:23.0121 2552  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:07:23.0131 2552  CompositeBus - ok
15:07:23.0141 2552  COMSysApp - ok
15:07:23.0161 2552  cooonihv - ok
15:07:23.0191 2552  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
15:07:23.0191 2552  crcdisk - ok
15:07:23.0251 2552  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:07:23.0261 2552  CryptSvc - ok
15:07:23.0331 2552  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:07:23.0341 2552  DcomLaunch - ok
15:07:23.0381 2552  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
15:07:23.0391 2552  defragsvc - ok
15:07:23.0441 2552  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:07:23.0441 2552  DfsC - ok
15:07:23.0471 2552  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:07:23.0471 2552  Dhcp - ok
15:07:23.0501 2552  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
15:07:23.0511 2552  discache - ok
15:07:23.0541 2552  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:07:23.0541 2552  Disk - ok
15:07:23.0551 2552  Dnscache - ok
15:07:23.0601 2552  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc        C:\Windows\System32\dot3svc.dll
15:07:23.0611 2552  dot3svc - ok
15:07:23.0641 2552  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS            C:\Windows\system32\dps.dll
15:07:23.0651 2552  DPS - ok
15:07:23.0681 2552  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
15:07:23.0681 2552  drmkaud - ok
15:07:23.0751 2552  [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01    C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:07:23.0761 2552  dtsoftbus01 - ok
15:07:23.0821 2552  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
15:07:23.0831 2552  DXGKrnl - ok
15:07:23.0871 2552  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
15:07:23.0881 2552  EapHost - ok
15:07:24.0011 2552  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
15:07:24.0101 2552  ebdrv - ok
15:07:24.0161 2552  [ 81951F51E318AECC2D68559E47485CC4 ] EFS            C:\Windows\System32\lsass.exe
15:07:24.0161 2552  EFS - ok
15:07:24.0221 2552  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
15:07:24.0231 2552  elxstor - ok
15:07:24.0271 2552  [ 70C764BFE0EC4B1B242E9626D3564443 ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
15:07:24.0271 2552  enecir - ok
15:07:24.0301 2552  [ 65BF24816C2814596253F312DD35F171 ] enecirhid      C:\Windows\system32\DRIVERS\enecirhid.sys
15:07:24.0301 2552  enecirhid - ok
15:07:24.0331 2552  [ 97D41E2831AC117AF9BF8D0D9E9D027F ] enecirhidma    C:\Windows\system32\DRIVERS\enecirhidma.sys
15:07:24.0331 2552  enecirhidma - ok
15:07:24.0421 2552  [ 539CA34FBC74EC366A0D751028C32A08 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
15:07:24.0421 2552  epmntdrv - ok
15:07:24.0441 2552  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:07:24.0451 2552  ErrDev - ok
15:07:24.0511 2552  [ 44081333DB283E141F89AE4EC74ED961 ] ETSCSERVICE    C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe
15:07:24.0511 2552  ETSCSERVICE - ok
15:07:24.0581 2552  [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
15:07:24.0581 2552  EuGdiDrv - ok
15:07:24.0641 2552  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
15:07:24.0651 2552  EventSystem - ok
15:07:24.0681 2552  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
15:07:24.0691 2552  exfat - ok
15:07:24.0721 2552  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
15:07:24.0721 2552  fastfat - ok
15:07:24.0771 2552  [ 967EA5B213E9984CBE270205DF37755B ] Fax            C:\Windows\system32\fxssvc.exe
15:07:24.0791 2552  Fax - ok
15:07:24.0811 2552  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
15:07:24.0811 2552  fdc - ok
15:07:24.0851 2552  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
15:07:24.0851 2552  fdPHost - ok
15:07:24.0881 2552  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
15:07:24.0881 2552  FDResPub - ok
15:07:24.0911 2552  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:07:24.0921 2552  FileInfo - ok
15:07:24.0941 2552  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
15:07:24.0941 2552  Filetrace - ok
15:07:24.0971 2552  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:07:24.0971 2552  flpydisk - ok
15:07:25.0001 2552  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:07:25.0011 2552  FltMgr - ok
15:07:25.0071 2552  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache      C:\Windows\system32\FntCache.dll
15:07:25.0091 2552  FontCache - ok
15:07:25.0121 2552  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
15:07:25.0121 2552  FsDepends - ok
15:07:25.0161 2552  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:07:25.0161 2552  Fs_Rec - ok
15:07:25.0201 2552  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:07:25.0211 2552  fvevol - ok
15:07:25.0241 2552  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:07:25.0251 2552  gagp30kx - ok
15:07:25.0291 2552  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc          C:\Windows\System32\gpsvc.dll
15:07:25.0301 2552  gpsvc - ok
15:07:25.0381 2552  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
15:07:25.0391 2552  gupdate - ok
15:07:25.0401 2552  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:07:25.0401 2552  gupdatem - ok
15:07:25.0441 2552  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:07:25.0451 2552  hcw85cir - ok
15:07:25.0491 2552  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:07:25.0501 2552  HdAudAddService - ok
15:07:25.0521 2552  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:07:25.0531 2552  HDAudBus - ok
15:07:25.0551 2552  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
15:07:25.0551 2552  HidBatt - ok
15:07:25.0571 2552  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:07:25.0581 2552  HidBth - ok
15:07:25.0611 2552  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
15:07:25.0611 2552  HidIr - ok
15:07:25.0641 2552  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\system32\hidserv.dll
15:07:25.0651 2552  hidserv - ok
15:07:25.0671 2552  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:07:25.0681 2552  HidUsb - ok
15:07:25.0721 2552  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:07:25.0731 2552  hkmsvc - ok
15:07:25.0771 2552  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:07:25.0781 2552  HomeGroupListener - ok
15:07:25.0831 2552  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:07:25.0871 2552  HomeGroupProvider - ok
15:07:25.0911 2552  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:07:25.0921 2552  HpSAMD - ok
15:07:25.0971 2552  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:07:25.0981 2552  HTTP - ok
15:07:26.0001 2552  hwdatacard - ok
15:07:26.0041 2552  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:07:26.0051 2552  hwpolicy - ok
15:07:26.0081 2552  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:07:26.0091 2552  i8042prt - ok
15:07:26.0141 2552  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
15:07:26.0151 2552  iaStorV - ok
15:07:26.0181 2552  [ 5E2AD01BD003E998AE89C843A600A0CE ] IdcFltr        C:\Windows\system32\DRIVERS\idcfltr.sys
15:07:26.0191 2552  IdcFltr - ok
15:07:26.0221 2552  [ 57C85D767CB8A8D90939F3A268F4FC57 ] IdcSrv          C:\Program Files\IdeaCom\TSC\IdcSrv.exe
15:07:26.0221 2552  IdcSrv - ok
15:07:26.0271 2552  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
15:07:26.0271 2552  iirsp - ok
15:07:26.0331 2552  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:07:26.0351 2552  IKEEXT - ok
15:07:26.0501 2552  [ 2D6E527B8BE62FB0223DA0C2D9C75B45 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:07:26.0621 2552  IntcAzAudAddService - ok
15:07:26.0651 2552  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:07:26.0661 2552  intelide - ok
15:07:26.0701 2552  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:07:26.0701 2552  intelppm - ok
15:07:26.0731 2552  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
15:07:26.0741 2552  IPBusEnum - ok
15:07:26.0771 2552  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:07:26.0771 2552  IpFilterDriver - ok
15:07:26.0831 2552  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:07:26.0841 2552  iphlpsvc - ok
15:07:26.0881 2552  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
15:07:26.0891 2552  IPMIDRV - ok
15:07:26.0921 2552  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
15:07:26.0921 2552  IPNAT - ok
15:07:26.0941 2552  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:07:26.0951 2552  IRENUM - ok
15:07:26.0971 2552  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:07:26.0981 2552  isapnp - ok
15:07:27.0001 2552  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:07:27.0011 2552  iScsiPrt - ok
15:07:27.0021 2552  islxmqgh - ok
15:07:27.0041 2552  ivtpxjih - ok
15:07:27.0061 2552  iwaozptt - ok
15:07:27.0101 2552  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:07:27.0101 2552  kbdclass - ok
15:07:27.0121 2552  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:07:27.0121 2552  kbdhid - ok
15:07:27.0151 2552  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
15:07:27.0151 2552  KeyIso - ok
15:07:27.0191 2552  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:07:27.0191 2552  KSecDD - ok
15:07:27.0231 2552  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
15:07:27.0241 2552  KSecPkg - ok
15:07:27.0281 2552  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
15:07:27.0291 2552  KtmRm - ok
15:07:27.0331 2552  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:07:27.0341 2552  LanmanServer - ok
15:07:27.0431 2552  [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:07:27.0441 2552  LightScribeService - ok
15:07:27.0471 2552  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:07:27.0471 2552  lltdio - ok
15:07:27.0511 2552  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
15:07:27.0521 2552  lltdsvc - ok
15:07:27.0541 2552  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
15:07:27.0551 2552  lmhosts - ok
15:07:27.0591 2552  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:07:27.0591 2552  LSI_FC - ok
15:07:27.0631 2552  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
15:07:27.0631 2552  LSI_SAS - ok
15:07:27.0651 2552  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:07:27.0661 2552  LSI_SAS2 - ok
15:07:27.0681 2552  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:07:27.0691 2552  LSI_SCSI - ok
15:07:27.0721 2552  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
15:07:27.0721 2552  luafv - ok
15:07:27.0751 2552  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
15:07:27.0761 2552  megasas - ok
15:07:27.0801 2552  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:07:27.0801 2552  MegaSR - ok
15:07:27.0921 2552  Microsoft SharePoint Workspace Audit Service - ok
15:07:27.0981 2552  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
15:07:27.0991 2552  MMCSS - ok
15:07:28.0131 2552  [ 5A78BB029FD8414381FF1315F1E46947 ] Mobile Broadband HL Service C:\ProgramData\MobileBrServ\mbbservice.exe
15:07:28.0131 2552  Mobile Broadband HL Service - ok
15:07:28.0171 2552  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
15:07:28.0171 2552  Modem - ok
15:07:28.0211 2552  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
15:07:28.0211 2552  monitor - ok
15:07:28.0261 2552  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:07:28.0261 2552  mouclass - ok
15:07:28.0281 2552  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:07:28.0291 2552  mouhid - ok
15:07:28.0341 2552  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:07:28.0341 2552  mountmgr - ok
15:07:28.0411 2552  [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
15:07:28.0411 2552  MpFilter - ok

karlshagen 16.02.2013 17:21
Code:
15:07:28.0451 2552  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:07:28.0451 2552  mpio - ok
15:07:28.0621 2552  [ A69630D039C38018689190234F866D77 ] MpKsl91c24d7b  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{847D2914-C64B-4D37-A04A-787BDD103C08}\MpKsl91c24d7b.sys
15:07:28.0621 2552  MpKsl91c24d7b - ok
15:07:28.0651 2552  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:07:28.0661 2552  mpsdrv - ok
15:07:28.0711 2552  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:07:28.0731 2552  MpsSvc - ok
15:07:28.0781 2552  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:07:28.0781 2552  MRxDAV - ok
15:07:28.0841 2552  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:07:28.0851 2552  mrxsmb - ok
15:07:28.0931 2552  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:07:28.0941 2552  mrxsmb10 - ok
15:07:28.0971 2552  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:07:28.0981 2552  mrxsmb20 - ok
15:07:29.0031 2552  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
15:07:29.0031 2552  msahci - ok
15:07:29.0071 2552  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
15:07:29.0081 2552  msdsm - ok
15:07:29.0111 2552  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
15:07:29.0121 2552  MSDTC - ok
15:07:29.0171 2552  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:07:29.0181 2552  Msfs - ok
15:07:29.0211 2552  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
15:07:29.0211 2552  mshidkmdf - ok
15:07:29.0251 2552  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:07:29.0251 2552  msisadrv - ok
15:07:29.0301 2552  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
15:07:29.0311 2552  MSiSCSI - ok
15:07:29.0331 2552  msiserver - ok
15:07:29.0381 2552  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
15:07:29.0381 2552  MSKSSRV - ok
15:07:29.0451 2552  [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc        C:\Program Files\Microsoft Security Client\MsMpEng.exe
15:07:29.0461 2552  MsMpSvc - ok
15:07:29.0501 2552  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:07:29.0511 2552  MSPCLOCK - ok
15:07:29.0551 2552  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
15:07:29.0561 2552  MSPQM - ok
15:07:29.0601 2552  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
15:07:29.0611 2552  MsRPC - ok
15:07:29.0681 2552  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:07:29.0691 2552  mssmbios - ok
15:07:29.0721 2552  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
15:07:29.0731 2552  MSTEE - ok
15:07:29.0791 2552  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:07:29.0801 2552  MTConfig - ok
15:07:29.0851 2552  [ CBE71C122434805CB73FFB6619F60598 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
15:07:29.0851 2552  MTsensor - ok
15:07:29.0891 2552  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
15:07:29.0891 2552  Mup - ok
15:07:29.0951 2552  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
15:07:29.0971 2552  napagent - ok
15:07:30.0021 2552  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
15:07:30.0021 2552  NativeWifiP - ok
15:07:30.0141 2552  [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate        C:\Program Files\Nero\Update\NASvc.exe
15:07:30.0161 2552  NAUpdate - ok
15:07:30.0241 2552  [ E240F3204E86B7B6CCF266B2A2AD32B4 ] NBVol          C:\Windows\system32\DRIVERS\NBVol.sys
15:07:30.0241 2552  NBVol - ok
15:07:30.0281 2552  [ C0CF3CCCCE3C75F7280C89029AB47866 ] NBVolUp        C:\Windows\system32\DRIVERS\NBVolUp.sys
15:07:30.0291 2552  NBVolUp - ok
15:07:30.0341 2552  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:07:30.0361 2552  NDIS - ok
15:07:30.0391 2552  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
15:07:30.0401 2552  NdisCap - ok
15:07:30.0421 2552  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:07:30.0421 2552  NdisTapi - ok
15:07:30.0471 2552  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
15:07:30.0471 2552  Ndisuio - ok
15:07:30.0511 2552  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
15:07:30.0521 2552  NdisWan - ok
15:07:30.0541 2552  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
15:07:30.0541 2552  NDProxy - ok
15:07:30.0561 2552  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
15:07:30.0571 2552  NetBIOS - ok
15:07:30.0611 2552  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
15:07:30.0611 2552  NetBT - ok
15:07:30.0631 2552  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
15:07:30.0641 2552  Netlogon - ok
15:07:30.0681 2552  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
15:07:30.0691 2552  Netman - ok
15:07:30.0721 2552  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
15:07:30.0741 2552  netprofm - ok
15:07:30.0781 2552  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
15:07:30.0781 2552  nfrd960 - ok
15:07:30.0831 2552  [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:07:30.0831 2552  NisDrv - ok
15:07:30.0851 2552  [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
15:07:30.0861 2552  NisSrv - ok
15:07:30.0911 2552  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:07:30.0921 2552  NlaSvc - ok
15:07:30.0941 2552  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:07:30.0941 2552  Npfs - ok
15:07:30.0971 2552  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
15:07:30.0981 2552  nsi - ok
15:07:31.0011 2552  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:07:31.0021 2552  nsiproxy - ok
15:07:31.0091 2552  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:07:31.0111 2552  Ntfs - ok
15:07:31.0151 2552  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
15:07:31.0161 2552  Null - ok
15:07:31.0201 2552  [ 6C6D6701A76529963F9416D285D2F4D9 ] nvamacpi        C:\Windows\system32\DRIVERS\NVAMACPI.sys
15:07:31.0201 2552  nvamacpi - ok
15:07:31.0721 2552  [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:07:32.0031 2552  nvlddmkm - ok
15:07:32.0071 2552  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:07:32.0081 2552  nvraid - ok
15:07:32.0111 2552  [ 02A9F366BCB94B286E34825B2094CB38 ] nvsmu          C:\Windows\system32\DRIVERS\nvsmu.sys
15:07:32.0111 2552  nvsmu - ok
15:07:32.0141 2552  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:07:32.0141 2552  nvstor - ok
15:07:32.0201 2552  [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc          C:\Windows\system32\nvvsvc.exe
15:07:32.0221 2552  nvsvc - ok
15:07:32.0301 2552  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:07:32.0321 2552  nvUpdatusService - ok
15:07:32.0361 2552  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:07:32.0361 2552  nv_agp - ok
15:07:32.0411 2552  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:07:32.0421 2552  ohci1394 - ok
15:07:32.0521 2552  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:07:32.0531 2552  ose - ok
15:07:32.0741 2552  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:07:32.0891 2552  osppsvc - ok
15:07:33.0001 2552  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:07:33.0011 2552  p2pimsvc - ok
15:07:33.0051 2552  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:07:33.0091 2552  p2psvc - ok
15:07:33.0151 2552  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
15:07:33.0171 2552  Parport - ok
15:07:33.0231 2552  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr        C:\Windows\system32\drivers\partmgr.sys
15:07:33.0251 2552  partmgr - ok
15:07:33.0271 2552  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
15:07:33.0271 2552  Parvdm - ok
15:07:33.0321 2552  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:07:33.0331 2552  PcaSvc - ok
15:07:33.0381 2552  [ 673E55C3498EB970088E812EA820AA8F ] pci            C:\Windows\system32\drivers\pci.sys
15:07:33.0391 2552  pci - ok
15:07:33.0421 2552  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
15:07:33.0431 2552  pciide - ok
15:07:33.0501 2552  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:07:33.0521 2552  pcmcia - ok
15:07:33.0691 2552  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\Windows\system32\Drivers\pcouffin.sys
15:07:33.0701 2552  pcouffin - ok
15:07:33.0761 2552  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
15:07:33.0761 2552  pcw - ok
15:07:33.0811 2552  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:07:33.0821 2552  PEAUTH - ok
15:07:33.0951 2552  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla            C:\Windows\system32\pla.dll
15:07:33.0991 2552  pla - ok
15:07:34.0051 2552  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:07:34.0071 2552  PlugPlay - ok
15:07:34.0091 2552  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
15:07:34.0101 2552  PNRPAutoReg - ok
15:07:34.0141 2552  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
15:07:34.0161 2552  PNRPsvc - ok
15:07:34.0231 2552  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
15:07:34.0261 2552  PolicyAgent - ok
15:07:34.0331 2552  [ F87D30E72E03D579A5199CCB3831D6EA ] Power          C:\Windows\system32\umpo.dll
15:07:34.0351 2552  Power - ok
15:07:34.0401 2552  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:07:34.0421 2552  PptpMiniport - ok
15:07:34.0451 2552  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
15:07:34.0461 2552  Processor - ok
15:07:34.0501 2552  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc        C:\Windows\system32\profsvc.dll
15:07:34.0511 2552  ProfSvc - ok
15:07:34.0551 2552  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:07:34.0551 2552  ProtectedStorage - ok
15:07:34.0591 2552  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:07:34.0591 2552  Psched - ok
15:07:34.0671 2552  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:07:34.0701 2552  ql2300 - ok
15:07:34.0731 2552  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:07:34.0731 2552  ql40xx - ok
15:07:34.0771 2552  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
15:07:34.0781 2552  QWAVE - ok
15:07:34.0811 2552  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:07:34.0811 2552  QWAVEdrv - ok
15:07:34.0841 2552  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:07:34.0841 2552  RasAcd - ok
15:07:34.0871 2552  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
15:07:34.0871 2552  RasAgileVpn - ok
15:07:34.0901 2552  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
15:07:34.0911 2552  RasAuto - ok
15:07:34.0941 2552  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
15:07:34.0941 2552  Rasl2tp - ok
15:07:34.0991 2552  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
15:07:35.0001 2552  RasMan - ok
15:07:35.0031 2552  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:07:35.0031 2552  RasPppoe - ok
15:07:35.0061 2552  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
15:07:35.0061 2552  RasSstp - ok
15:07:35.0111 2552  [ D528BC58A489409BA40334EBF96A311B ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
15:07:35.0111 2552  rdbss - ok
15:07:35.0141 2552  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:07:35.0141 2552  rdpbus - ok
15:07:35.0191 2552  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:07:35.0191 2552  RDPCDD - ok
15:07:35.0221 2552  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:07:35.0231 2552  RDPENCDD - ok
15:07:35.0251 2552  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:07:35.0261 2552  RDPREFMP - ok
15:07:35.0321 2552  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:07:35.0331 2552  RdpVideoMiniport - ok
15:07:35.0381 2552  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
15:07:35.0391 2552  RDPWD - ok
15:07:35.0441 2552  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:07:35.0441 2552  rdyboost - ok
15:07:35.0501 2552  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:07:35.0511 2552  RemoteAccess - ok
15:07:35.0551 2552  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:07:35.0561 2552  RemoteRegistry - ok
15:07:35.0581 2552  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:07:35.0591 2552  RpcEptMapper - ok
15:07:35.0621 2552  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
15:07:35.0631 2552  RpcLocator - ok
15:07:35.0661 2552  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs          C:\Windows\system32\rpcss.dll
15:07:35.0681 2552  RpcSs - ok
15:07:35.0711 2552  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:07:35.0721 2552  rspndr - ok
15:07:35.0751 2552  [ AE51516A7F70AF7B5D9070FE41442E87 ] RTL8167        C:\Windows\system32\DRIVERS\Rt86win7.sys
15:07:35.0761 2552  RTL8167 - ok
15:07:35.0811 2552  [ 69013A123A00B3042C260B0056DF0152 ] s1029bus        C:\Windows\system32\DRIVERS\s1029bus.sys
15:07:35.0811 2552  s1029bus - ok
15:07:35.0851 2552  [ 1565FC31F872963FE8AF471123D8424C ] s1029mdfl      C:\Windows\system32\DRIVERS\s1029mdfl.sys
15:07:35.0851 2552  s1029mdfl - ok
15:07:35.0881 2552  [ D67A8042ECF6C983AC0E308B36603677 ] s1029mdm        C:\Windows\system32\DRIVERS\s1029mdm.sys
15:07:35.0881 2552  s1029mdm - ok
15:07:35.0911 2552  [ 9AC56F06C1E13A963C82EBD067FDF274 ] s1029mgmt      C:\Windows\system32\DRIVERS\s1029mgmt.sys
15:07:35.0911 2552  s1029mgmt - ok
15:07:35.0941 2552  [ 00C66C6BAAFB2747F15F94F15888C94A ] s1029nd5        C:\Windows\system32\DRIVERS\s1029nd5.sys
15:07:35.0951 2552  s1029nd5 - ok
15:07:35.0991 2552  [ 6FC093ABA554E45755DC2F3896B6C8D7 ] s1029obex      C:\Windows\system32\DRIVERS\s1029obex.sys
15:07:36.0001 2552  s1029obex - ok
15:07:36.0041 2552  [ 9979B0E68815394665B2109B03D15FA1 ] s1029unic      C:\Windows\system32\DRIVERS\s1029unic.sys
15:07:36.0041 2552  s1029unic - ok
15:07:36.0071 2552  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs          C:\Windows\system32\lsass.exe
15:07:36.0071 2552  SamSs - ok
15:07:36.0101 2552  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:07:36.0111 2552  sbp2port - ok
15:07:36.0151 2552  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:07:36.0161 2552  SCardSvr - ok
15:07:36.0181 2552  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:07:36.0191 2552  scfilter - ok
15:07:36.0241 2552  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
15:07:36.0261 2552  Schedule - ok
15:07:36.0321 2552  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc    C:\Windows\System32\certprop.dll
15:07:36.0321 2552  SCPolicySvc - ok
15:07:36.0351 2552  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:07:36.0361 2552  SDRSVC - ok
15:07:36.0391 2552  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:07:36.0391 2552  secdrv - ok
15:07:36.0421 2552  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
15:07:36.0431 2552  seclogon - ok
15:07:36.0451 2552  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
15:07:36.0461 2552  SENS - ok
15:07:36.0481 2552  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:07:36.0491 2552  SensrSvc - ok
15:07:36.0511 2552  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
15:07:36.0521 2552  Serenum - ok
15:07:36.0541 2552  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:07:36.0541 2552  Serial - ok
15:07:36.0581 2552  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:07:36.0581 2552  sermouse - ok
15:07:36.0651 2552  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:07:36.0661 2552  SessionEnv - ok
15:07:36.0691 2552  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
15:07:36.0691 2552  sffdisk - ok
15:07:36.0721 2552  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:07:36.0721 2552  sffp_mmc - ok
15:07:36.0741 2552  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
15:07:36.0751 2552  sffp_sd - ok
15:07:36.0781 2552  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
15:07:36.0781 2552  sfloppy - ok
15:07:36.0841 2552  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:07:36.0851 2552  SharedAccess - ok
15:07:36.0891 2552  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:07:36.0901 2552  ShellHWDetection - ok
15:07:36.0931 2552  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:07:36.0941 2552  sisagp - ok
15:07:36.0961 2552  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:07:36.0971 2552  SiSRaid2 - ok
15:07:36.0991 2552  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:07:37.0001 2552  SiSRaid4 - ok
15:07:37.0061 2552  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
15:07:37.0071 2552  SkypeUpdate - ok
15:07:37.0091 2552  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
15:07:37.0091 2552  Smb - ok
15:07:37.0141 2552  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:07:37.0151 2552  SNMPTRAP - ok
15:07:37.0191 2552  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
15:07:37.0191 2552  spldr - ok
15:07:37.0231 2552  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler        C:\Windows\System32\spoolsv.exe
15:07:37.0241 2552  Spooler - ok
15:07:37.0361 2552  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
15:07:37.0471 2552  sppsvc - ok
15:07:37.0521 2552  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
15:07:37.0531 2552  sppuinotify - ok
15:07:37.0581 2552  [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd            C:\Windows\System32\Drivers\sptd.sys
15:07:37.0591 2552  sptd - ok
15:07:37.0641 2552  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv            C:\Windows\system32\DRIVERS\srv.sys
15:07:37.0651 2552  srv - ok
15:07:37.0681 2552  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:07:37.0691 2552  srv2 - ok
15:07:37.0721 2552  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:07:37.0721 2552  srvnet - ok
15:07:37.0781 2552  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
15:07:37.0801 2552  SSDPSRV - ok
15:07:37.0831 2552  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
15:07:37.0851 2552  SstpSvc - ok
15:07:37.0931 2552  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:07:37.0941 2552  Stereo Service - ok
15:07:37.0981 2552  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:07:38.0031 2552  stexstor - ok
15:07:38.0221 2552  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
15:07:38.0261 2552  StiSvc - ok
15:07:38.0321 2552  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:07:38.0331 2552  swenum - ok
15:07:38.0401 2552  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
15:07:38.0411 2552  swprv - ok
15:07:38.0511 2552  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain        C:\Windows\system32\sysmain.dll
15:07:38.0541 2552  SysMain - ok
15:07:38.0611 2552  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:07:38.0621 2552  TabletInputService - ok
15:07:38.0691 2552  [ 613BF4820361543956909043A265C6AC ] TapiSrv        C:\Windows\System32\tapisrv.dll
15:07:38.0711 2552  TapiSrv - ok
15:07:38.0761 2552  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
15:07:38.0771 2552  TBS - ok
15:07:38.0881 2552  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
15:07:38.0911 2552  Tcpip - ok
15:07:38.0951 2552  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:07:38.0971 2552  TCPIP6 - ok
15:07:39.0021 2552  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:07:39.0021 2552  tcpipreg - ok
15:07:39.0061 2552  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:07:39.0071 2552  TDPIPE - ok
15:07:39.0101 2552  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
15:07:39.0101 2552  TDTCP - ok
15:07:39.0151 2552  [ B459575348C20E8121D6039DA063C704 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
15:07:39.0161 2552  tdx - ok
15:07:39.0191 2552  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:07:39.0201 2552  TermDD - ok
15:07:39.0251 2552  [ 382C804C92811BE57829D8E550A900E2 ] TermService    C:\Windows\System32\termsrv.dll
15:07:39.0261 2552  TermService - ok
15:07:39.0301 2552  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
15:07:39.0311 2552  Themes - ok
15:07:39.0341 2552  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
15:07:39.0341 2552  THREADORDER - ok
15:07:39.0371 2552  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
15:07:39.0381 2552  TrkWks - ok
15:07:39.0461 2552  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:07:39.0461 2552  TrustedInstaller - ok
15:07:39.0521 2552  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:07:39.0521 2552  tssecsrv - ok
15:07:39.0551 2552  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:07:39.0551 2552  TsUsbFlt - ok
15:07:39.0601 2552  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:07:39.0611 2552  tunnel - ok
15:07:39.0651 2552  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:07:39.0651 2552  uagp35 - ok
15:07:39.0703 2552  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:07:39.0712 2552  udfs - ok
15:07:39.0783 2552  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
15:07:39.0793 2552  UI0Detect - ok
15:07:39.0823 2552  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:07:39.0833 2552  uliagpkx - ok
15:07:39.0883 2552  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus          C:\Windows\system32\drivers\umbus.sys
15:07:39.0893 2552  umbus - ok
15:07:39.0943 2552  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:07:39.0963 2552  UmPass - ok
15:07:40.0053 2552  [ E9421EAA5F52ADFBD291609299EFBC80 ] Update-Service  C:\Windows\System32\UpdSvc.dll
15:07:40.0073 2552  Update-Service - ok
15:07:40.0163 2552  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
15:07:40.0183 2552  upnphost - ok
15:07:40.0243 2552  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
15:07:40.0253 2552  usbccgp - ok
15:07:40.0303 2552  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:07:40.0313 2552  usbcir - ok
15:07:40.0383 2552  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
15:07:40.0393 2552  usbehci - ok
15:07:40.0453 2552  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:07:40.0463 2552  usbhub - ok
15:07:40.0503 2552  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
15:07:40.0503 2552  usbohci - ok
15:07:40.0563 2552  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:07:40.0563 2552  usbprint - ok
15:07:40.0633 2552  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
15:07:40.0633 2552  usbscan - ok
15:07:40.0673 2552  [ F991AB9CC6B908DB552166768176896A ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:07:40.0683 2552  USBSTOR - ok
15:07:40.0743 2552  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
15:07:40.0743 2552  usbuhci - ok
15:07:40.0803 2552  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:07:40.0813 2552  usbvideo - ok
15:07:40.0873 2552  [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
15:07:40.0873 2552  usb_rndisx - ok
15:07:40.0913 2552  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
15:07:40.0923 2552  UxSms - ok
15:07:40.0963 2552  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
15:07:40.0973 2552  VaultSvc - ok
15:07:40.0993 2552  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:07:41.0003 2552  vdrvroot - ok
15:07:41.0083 2552  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds            C:\Windows\System32\vds.exe
15:07:41.0113 2552  vds - ok
15:07:41.0163 2552  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
15:07:41.0163 2552  vga - ok
15:07:41.0183 2552  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
15:07:41.0183 2552  VgaSave - ok
15:07:41.0233 2552  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
15:07:41.0233 2552  vhdmp - ok
15:07:41.0273 2552  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:07:41.0273 2552  viaagp - ok
15:07:41.0303 2552  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
15:07:41.0303 2552  ViaC7 - ok
15:07:41.0333 2552  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
15:07:41.0343 2552  viaide - ok
15:07:41.0373 2552  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:07:41.0373 2552  volmgr - ok
15:07:41.0433 2552  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
15:07:41.0443 2552  volmgrx - ok
15:07:41.0483 2552  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
15:07:41.0483 2552  volsnap - ok
15:07:41.0523 2552  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
15:07:41.0533 2552  vsmraid - ok
15:07:41.0603 2552  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS            C:\Windows\system32\vssvc.exe
15:07:41.0633 2552  VSS - ok
15:07:41.0663 2552  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:07:41.0673 2552  vwifibus - ok
15:07:41.0703 2552  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:07:41.0703 2552  vwififlt - ok
15:07:41.0733 2552  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
15:07:41.0733 2552  vwifimp - ok
15:07:41.0783 2552  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
15:07:41.0803 2552  W32Time - ok
15:07:41.0863 2552  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:07:41.0863 2552  WacomPen - ok
15:07:41.0893 2552  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:07:41.0903 2552  WANARP - ok
15:07:41.0913 2552  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:07:41.0913 2552  Wanarpv6 - ok
15:07:42.0033 2552  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
15:07:42.0063 2552  WatAdminSvc - ok
15:07:42.0143 2552  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
15:07:42.0183 2552  wbengine - ok
15:07:42.0233 2552  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:07:42.0243 2552  WbioSrvc - ok
15:07:42.0303 2552  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc        C:\Windows\System32\wcncsvc.dll
15:07:42.0313 2552  wcncsvc - ok
15:07:42.0353 2552  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:07:42.0363 2552  WcsPlugInService - ok
15:07:42.0413 2552  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:07:42.0423 2552  Wd - ok
15:07:42.0473 2552  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:07:42.0493 2552  Wdf01000 - ok
15:07:42.0553 2552  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:07:42.0563 2552  WdiServiceHost - ok
15:07:42.0593 2552  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
15:07:42.0603 2552  WdiSystemHost - ok
15:07:42.0663 2552  [ A9D880F97530D5B8FEE278923349929D ] WebClient      C:\Windows\System32\webclnt.dll
15:07:42.0683 2552  WebClient - ok
15:07:42.0713 2552  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:07:42.0733 2552  Wecsvc - ok
15:07:42.0753 2552  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
15:07:42.0763 2552  wercplsupport - ok
15:07:42.0793 2552  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:07:42.0803 2552  WerSvc - ok
15:07:42.0853 2552  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:07:42.0853 2552  WfpLwf - ok
15:07:42.0883 2552  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:07:42.0883 2552  WIMMount - ok
15:07:42.0963 2552  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
15:07:42.0973 2552  WinDefend - ok
15:07:43.0003 2552  WinHttpAutoProxySvc - ok
15:07:43.0103 2552  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
15:07:43.0103 2552  Winmgmt - ok
15:07:43.0193 2552  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\Windows\system32\WsmSvc.dll
15:07:43.0273 2552  WinRM - ok
15:07:43.0443 2552  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:07:43.0443 2552  WinUsb - ok
15:07:43.0523 2552  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
15:07:43.0543 2552  Wlansvc - ok
15:07:43.0583 2552  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
15:07:43.0583 2552  WmiAcpi - ok
15:07:43.0643 2552  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:07:43.0643 2552  wmiApSrv - ok
15:07:43.0763 2552  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
15:07:43.0783 2552  WMPNetworkSvc - ok
15:07:43.0843 2552  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:07:43.0853 2552  WPCSvc - ok
15:07:43.0903 2552  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:07:43.0913 2552  WPDBusEnum - ok
15:07:43.0943 2552  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
15:07:43.0943 2552  ws2ifsl - ok
15:07:43.0973 2552  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
15:07:43.0983 2552  wscsvc - ok
15:07:44.0003 2552  WSearch - ok
15:07:44.0133 2552  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:07:44.0183 2552  wuauserv - ok
15:07:44.0233 2552  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:07:44.0243 2552  WudfPf - ok
15:07:44.0293 2552  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:07:44.0303 2552  WUDFRd - ok
15:07:44.0333 2552  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
15:07:44.0353 2552  wudfsvc - ok
15:07:44.0393 2552  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
15:07:44.0413 2552  WwanSvc - ok
15:07:44.0543 2552  ================ Scan global ===============================
15:07:44.0623 2552  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:07:44.0663 2552  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:07:44.0693 2552  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:07:44.0723 2552  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:07:44.0793 2552  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:07:44.0803 2552  [Global] - ok
15:07:44.0803 2552  ================ Scan MBR ==================================
15:07:44.0823 2552  [ F05261C246CE4B3C544521FFFF7AEF5D ] \Device\Harddisk0\DR0
15:07:45.0223 2552  \Device\Harddisk0\DR0 - ok
15:07:45.0223 2552  ================ Scan VBR ==================================
15:07:45.0243 2552  [ EFCAF4556CC4D2273069727C6D68A0F5 ] \Device\Harddisk0\DR0\Partition1
15:07:45.0243 2552  \Device\Harddisk0\DR0\Partition1 - ok
15:07:45.0273 2552  [ DC37B8A9882E771E94BBC2EB6C2164FF ] \Device\Harddisk0\DR0\Partition2
15:07:45.0283 2552  \Device\Harddisk0\DR0\Partition2 - ok
15:07:45.0283 2552  ============================================================
15:07:45.0283 2552  Scan finished
15:07:45.0283 2552  ============================================================
15:07:45.0333 4224  Detected object count: 0
15:07:45.0333 4224  Actual detected object count: 0
15:07:58.0223 0840  ============================================================
15:07:58.0223 0840  Scan started
15:07:58.0223 0840  Mode: Manual;
15:07:58.0223 0840  ============================================================
15:07:58.0573 0840  ================ Scan system memory ========================
15:07:58.0573 0840  System memory - ok
15:07:58.0573 0840  ================ Scan services =============================
15:07:58.0733 0840  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:07:58.0743 0840  1394ohci - ok
15:07:58.0783 0840  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:07:58.0783 0840  ACPI - ok
15:07:58.0813 0840  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
15:07:58.0813 0840  AcpiPmi - ok
15:07:58.0893 0840  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:07:58.0893 0840  AdobeARMservice - ok
15:07:58.0963 0840  [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:07:58.0963 0840  AdobeFlashPlayerUpdateSvc - ok
15:07:59.0023 0840  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
15:07:59.0023 0840  adp94xx - ok
15:07:59.0063 0840  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
15:07:59.0073 0840  adpahci - ok
15:07:59.0093 0840  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
15:07:59.0103 0840  adpu320 - ok
15:07:59.0153 0840  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
15:07:59.0153 0840  AeLookupSvc - ok
15:07:59.0193 0840  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD            C:\Windows\system32\drivers\afd.sys
15:07:59.0193 0840  AFD - ok
15:07:59.0233 0840  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
15:07:59.0233 0840  agp440 - ok
15:07:59.0283 0840  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
15:07:59.0283 0840  aic78xx - ok
15:07:59.0303 0840  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
15:07:59.0303 0840  ALG - ok
15:07:59.0323 0840  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:07:59.0333 0840  aliide - ok
15:07:59.0353 0840  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:07:59.0353 0840  amdagp - ok
15:07:59.0383 0840  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:07:59.0383 0840  amdide - ok
15:07:59.0413 0840  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
15:07:59.0413 0840  AmdK8 - ok
15:07:59.0433 0840  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:07:59.0443 0840  AmdPPM - ok
15:07:59.0483 0840  [ D320BF87125326F996D4904FE24300FC ] amdsata        C:\Windows\system32\drivers\amdsata.sys
15:07:59.0483 0840  amdsata - ok
15:07:59.0513 0840  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:07:59.0523 0840  amdsbs - ok
15:07:59.0543 0840  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
15:07:59.0543 0840  amdxata - ok
15:07:59.0573 0840  [ D2BF422C2611632AFB9CE8F7B2A8C306 ] AmUStor        C:\Windows\system32\drivers\AmUStor.SYS
15:07:59.0573 0840  AmUStor - ok
15:07:59.0623 0840  [ AEA177F783E20150ACE5383EE368DA19 ] AppID          C:\Windows\system32\drivers\appid.sys
15:07:59.0623 0840  AppID - ok
15:07:59.0663 0840  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:07:59.0663 0840  AppIDSvc - ok
15:07:59.0703 0840  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo        C:\Windows\System32\appinfo.dll
15:07:59.0703 0840  Appinfo - ok
15:07:59.0743 0840  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\DRIVERS\arc.sys
15:07:59.0743 0840  arc - ok
15:07:59.0783 0840  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:07:59.0783 0840  arcsas - ok
15:07:59.0813 0840  [ ADAA34740E9F6AFF94CC75D5CF8ED7E2 ] ASInsHelp      C:\Windows\system32\drivers\AsInsHelp32.sys
15:07:59.0813 0840  ASInsHelp - ok
15:07:59.0833 0840  [ 9D8CB58B9A9E177DDD599791A58A654D ] AsIO            C:\Windows\system32\drivers\AsIO.sys
15:07:59.0833 0840  AsIO - ok
15:07:59.0863 0840  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:07:59.0863 0840  AsyncMac - ok
15:07:59.0903 0840  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\Windows\system32\drivers\atapi.sys
15:07:59.0903 0840  atapi - ok
15:08:00.0003 0840  [ 31CB2740BFDBAC1E48E2B7EAD38F0D27 ] athr            C:\Windows\system32\DRIVERS\athr.sys
15:08:00.0023 0840  athr - ok
15:08:00.0083 0840  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:08:00.0083 0840  AudioEndpointBuilder - ok
15:08:00.0113 0840  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:08:00.0113 0840  Audiosrv - ok
15:08:00.0163 0840  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:08:00.0163 0840  AxInstSV - ok
15:08:00.0203 0840  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
15:08:00.0213 0840  b06bdrv - ok
15:08:00.0253 0840  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
15:08:00.0253 0840  b57nd60x - ok
15:08:00.0293 0840  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:08:00.0293 0840  BDESVC - ok
15:08:00.0323 0840  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:08:00.0323 0840  Beep - ok
15:08:00.0383 0840  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE            C:\Windows\System32\bfe.dll
15:08:00.0393 0840  BFE - ok
15:08:00.0443 0840  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
15:08:00.0453 0840  BITS - ok
15:08:00.0483 0840  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:08:00.0483 0840  blbdrive - ok
15:08:00.0523 0840  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:08:00.0523 0840  bowser - ok
15:08:00.0553 0840  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:08:00.0553 0840  BrFiltLo - ok
15:08:00.0573 0840  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:08:00.0573 0840  BrFiltUp - ok
15:08:00.0613 0840  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser        C:\Windows\System32\browser.dll
15:08:00.0623 0840  Browser - ok
15:08:00.0643 0840  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
15:08:00.0653 0840  Brserid - ok
15:08:00.0683 0840  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:08:00.0683 0840  BrSerWdm - ok
15:08:00.0713 0840  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:08:00.0713 0840  BrUsbMdm - ok
15:08:00.0743 0840  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:08:00.0743 0840  BrUsbSer - ok
15:08:00.0763 0840  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:08:00.0763 0840  BTHMODEM - ok
15:08:00.0813 0840  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
15:08:00.0813 0840  bthserv - ok
15:08:00.0843 0840  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:08:00.0843 0840  cdfs - ok
15:08:00.0873 0840  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
15:08:00.0873 0840  cdrom - ok
15:08:00.0923 0840  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc    C:\Windows\System32\certprop.dll
15:08:00.0923 0840  CertPropSvc - ok
15:08:00.0953 0840  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:08:00.0953 0840  circlass - ok
15:08:00.0973 0840  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
15:08:00.0983 0840  CLFS - ok
15:08:01.0043 0840  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:08:01.0043 0840  clr_optimization_v2.0.50727_32 - ok
15:08:01.0083 0840  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:08:01.0083 0840  clr_optimization_v4.0.30319_32 - ok
15:08:01.0123 0840  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:08:01.0123 0840  CmBatt - ok
15:08:01.0153 0840  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:08:01.0153 0840  cmdide - ok
15:08:01.0193 0840  [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG            C:\Windows\system32\Drivers\cng.sys
15:08:01.0203 0840  CNG - ok
15:08:01.0223 0840  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:08:01.0223 0840  Compbatt - ok
15:08:01.0263 0840  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:08:01.0263 0840  CompositeBus - ok
15:08:01.0273 0840  COMSysApp - ok
15:08:01.0293 0840  cooonihv - ok
15:08:01.0323 0840  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
15:08:01.0323 0840  crcdisk - ok
15:08:01.0383 0840  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:08:01.0393 0840  CryptSvc - ok
15:08:01.0443 0840  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:08:01.0453 0840  DcomLaunch - ok
15:08:01.0493 0840  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
15:08:01.0503 0840  defragsvc - ok
15:08:01.0533 0840  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:08:01.0543 0840  DfsC - ok
15:08:01.0573 0840  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:08:01.0573 0840  Dhcp - ok
15:08:01.0593 0840  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
15:08:01.0603 0840  discache - ok
15:08:01.0623 0840  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:08:01.0633 0840  Disk - ok
15:08:01.0643 0840  Dnscache - ok
15:08:01.0693 0840  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc        C:\Windows\System32\dot3svc.dll
15:08:01.0693 0840  dot3svc - ok
15:08:01.0733 0840  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS            C:\Windows\system32\dps.dll
15:08:01.0743 0840  DPS - ok
15:08:01.0783 0840  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
15:08:01.0783 0840  drmkaud - ok
15:08:01.0833 0840  [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01    C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:08:01.0833 0840  dtsoftbus01 - ok
15:08:01.0893 0840  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
15:08:01.0903 0840  DXGKrnl - ok
15:08:01.0943 0840  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
15:08:01.0943 0840  EapHost - ok
15:08:02.0073 0840  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
15:08:02.0103 0840  ebdrv - ok
15:08:02.0163 0840  [ 81951F51E318AECC2D68559E47485CC4 ] EFS            C:\Windows\System32\lsass.exe
15:08:02.0163 0840  EFS - ok
15:08:02.0213 0840  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
15:08:02.0213 0840  elxstor - ok
15:08:02.0253 0840  [ 70C764BFE0EC4B1B242E9626D3564443 ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
15:08:02.0263 0840  enecir - ok
15:08:02.0273 0840  [ 65BF24816C2814596253F312DD35F171 ] enecirhid      C:\Windows\system32\DRIVERS\enecirhid.sys
15:08:02.0283 0840  enecirhid - ok
15:08:02.0303 0840  [ 97D41E2831AC117AF9BF8D0D9E9D027F ] enecirhidma    C:\Windows\system32\DRIVERS\enecirhidma.sys
15:08:02.0303 0840  enecirhidma - ok
15:08:02.0353 0840  [ 539CA34FBC74EC366A0D751028C32A08 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
15:08:02.0353 0840  epmntdrv - ok
15:08:02.0403 0840  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:08:02.0403 0840  ErrDev - ok
15:08:02.0533 0840  [ 44081333DB283E141F89AE4EC74ED961 ] ETSCSERVICE    C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe
15:08:02.0533 0840  ETSCSERVICE - ok
15:08:02.0563 0840  [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
15:08:02.0573 0840  EuGdiDrv - ok
15:08:02.0613 0840  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
15:08:02.0623 0840  EventSystem - ok
15:08:02.0653 0840  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
15:08:02.0653 0840  exfat - ok
15:08:02.0693 0840  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
15:08:02.0693 0840  fastfat - ok
15:08:02.0743 0840  [ 967EA5B213E9984CBE270205DF37755B ] Fax            C:\Windows\system32\fxssvc.exe
15:08:02.0753 0840  Fax - ok
15:08:02.0783 0840  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
15:08:02.0783 0840  fdc - ok
15:08:02.0803 0840  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
15:08:02.0813 0840  fdPHost - ok
15:08:02.0843 0840  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
15:08:02.0853 0840  FDResPub - ok
15:08:02.0883 0840  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:08:02.0883 0840  FileInfo - ok
15:08:02.0913 0840  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
15:08:02.0913 0840  Filetrace - ok
15:08:02.0933 0840  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:08:02.0943 0840  flpydisk - ok
15:08:02.0973 0840  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:08:02.0973 0840  FltMgr - ok
15:08:03.0073 0840  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache      C:\Windows\system32\FntCache.dll
15:08:03.0093 0840  FontCache - ok
15:08:03.0123 0840  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
15:08:03.0123 0840  FsDepends - ok
15:08:03.0163 0840  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:08:03.0163 0840  Fs_Rec - ok
15:08:03.0203 0840  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:08:03.0213 0840  fvevol - ok
15:08:03.0263 0840  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:08:03.0263 0840  gagp30kx - ok
15:08:03.0303 0840  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc          C:\Windows\System32\gpsvc.dll
15:08:03.0313 0840  gpsvc - ok
15:08:03.0383 0840  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
15:08:03.0383 0840  gupdate - ok
15:08:03.0403 0840  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:08:03.0403 0840  gupdatem - ok
15:08:03.0443 0840  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:08:03.0443 0840  hcw85cir - ok
15:08:03.0493 0840  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:08:03.0493 0840  HdAudAddService - ok
15:08:03.0523 0840  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:08:03.0523 0840  HDAudBus - ok
15:08:03.0553 0840  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
15:08:03.0553 0840  HidBatt - ok
15:08:03.0573 0840  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:08:03.0583 0840  HidBth - ok
15:08:03.0613 0840  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
15:08:03.0613 0840  HidIr - ok
15:08:03.0643 0840  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\system32\hidserv.dll
15:08:03.0643 0840  hidserv - ok
15:08:03.0673 0840  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:08:03.0683 0840  HidUsb - ok
15:08:03.0733 0840  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:08:03.0743 0840  hkmsvc - ok
15:08:03.0773 0840  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:08:03.0783 0840  HomeGroupListener - ok
15:08:03.0823 0840  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:08:03.0833 0840  HomeGroupProvider - ok
15:08:03.0873 0840  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:08:03.0873 0840  HpSAMD - ok
15:08:03.0923 0840  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:08:03.0933 0840  HTTP - ok
15:08:03.0953 0840  hwdatacard - ok
15:08:04.0003 0840  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:08:04.0003 0840  hwpolicy - ok
15:08:04.0033 0840  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:08:04.0033 0840  i8042prt - ok
15:08:04.0063 0840  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
15:08:04.0063 0840  iaStorV - ok
15:08:04.0103 0840  [ 5E2AD01BD003E998AE89C843A600A0CE ] IdcFltr        C:\Windows\system32\DRIVERS\idcfltr.sys
15:08:04.0103 0840  IdcFltr - ok
15:08:04.0133 0840  [ 57C85D767CB8A8D90939F3A268F4FC57 ] IdcSrv          C:\Program Files\IdeaCom\TSC\IdcSrv.exe
15:08:04.0133 0840  IdcSrv - ok
15:08:04.0183 0840  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
15:08:04.0183 0840  iirsp - ok
15:08:04.0363 0840  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:08:04.0373 0840  IKEEXT - ok
15:08:04.0513 0840  [ 2D6E527B8BE62FB0223DA0C2D9C75B45 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:08:04.0553 0840  IntcAzAudAddService - ok
15:08:04.0583 0840  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:08:04.0593 0840  intelide - ok
15:08:04.0623 0840  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:08:04.0623 0840  intelppm - ok
15:08:04.0663 0840  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
15:08:04.0663 0840  IPBusEnum - ok
15:08:04.0683 0840  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:08:04.0683 0840  IpFilterDriver - ok
15:08:04.0753 0840  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:08:04.0763 0840  iphlpsvc - ok
15:08:04.0823 0840  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
15:08:04.0823 0840  IPMIDRV - ok
15:08:04.0853 0840  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
15:08:04.0863 0840  IPNAT - ok
15:08:04.0893 0840  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:08:04.0893 0840  IRENUM - ok
15:08:04.0943 0840  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:08:04.0943 0840  isapnp - ok
15:08:05.0023 0840  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:08:05.0033 0840  iScsiPrt - ok
15:08:05.0043 0840  islxmqgh - ok
15:08:05.0063 0840  ivtpxjih - ok
15:08:05.0083 0840  iwaozptt - ok
15:08:05.0143 0840  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:08:05.0143 0840  kbdclass - ok
15:08:05.0193 0840  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:08:05.0193 0840  kbdhid - ok
15:08:05.0253 0840  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
15:08:05.0253 0840  KeyIso - ok
15:08:05.0303 0840  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:08:05.0303 0840  KSecDD - ok
15:08:05.0353 0840  [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
15:08:05.0363 0840  KSecPkg - ok
15:08:05.0403 0840  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
15:08:05.0413 0840  KtmRm - ok
15:08:05.0463 0840  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:08:05.0483 0840  LanmanServer - ok
15:08:05.0563 0840  [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
15:08:05.0563 0840  LightScribeService - ok
15:08:05.0613 0840  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:08:05.0623 0840  lltdio - ok
15:08:05.0723 0840  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
15:08:05.0733 0840  lltdsvc - ok
15:08:05.0763 0840  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
15:08:05.0773 0840  lmhosts - ok
15:08:05.0813 0840  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:08:05.0813 0840  LSI_FC - ok
15:08:05.0853 0840  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
15:08:05.0853 0840  LSI_SAS - ok
15:08:05.0883 0840  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:08:05.0883 0840  LSI_SAS2 - ok
15:08:05.0913 0840  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:08:05.0913 0840  LSI_SCSI - ok
15:08:05.0933 0840  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
15:08:05.0933 0840  luafv - ok
15:08:05.0983 0840  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
15:08:05.0983 0840  megasas - ok
15:08:06.0013 0840  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:08:06.0013 0840  MegaSR - ok
15:08:06.0073 0840  Microsoft SharePoint Workspace Audit Service - ok
15:08:06.0113 0840  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
15:08:06.0123 0840  MMCSS - ok
15:08:06.0223 0840  [ 5A78BB029FD8414381FF1315F1E46947 ] Mobile Broadband HL Service C:\ProgramData\MobileBrServ\mbbservice.exe
15:08:06.0223 0840  Mobile Broadband HL Service - ok
15:08:06.0243 0840  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
15:08:06.0253 0840  Modem - ok
15:08:06.0283 0840  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
15:08:06.0283 0840  monitor - ok
15:08:06.0313 0840  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:08:06.0313 0840  mouclass - ok
15:08:06.0343 0840  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:08:06.0343 0840  mouhid - ok
15:08:06.0383 0840  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:08:06.0393 0840  mountmgr - ok
15:08:06.0443 0840  [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
15:08:06.0443 0840  MpFilter - ok
15:08:06.0473 0840  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:08:06.0473 0840  mpio - ok
15:08:06.0583 0840  [ A69630D039C38018689190234F866D77 ] MpKsl91c24d7b  C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{847D2914-C64B-4D37-A04A-787BDD103C08}\MpKsl91c24d7b.sys
15:08:06.0583 0840  MpKsl91c24d7b - ok
15:08:06.0623 0840  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:08:06.0623 0840  mpsdrv - ok
15:08:06.0743 0840  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:08:06.0773 0840  MpsSvc - ok
15:08:06.0813 0840  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:08:06.0823 0840  MRxDAV - ok
15:08:06.0853 0840  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:08:06.0863 0840  mrxsmb - ok
15:08:06.0913 0840  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:08:06.0923 0840  mrxsmb10 - ok
15:08:07.0043 0840  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:08:07.0043 0840  mrxsmb20 - ok
15:08:07.0123 0840  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
15:08:07.0123 0840  msahci - ok
15:08:07.0163 0840  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
15:08:07.0173 0840  msdsm - ok
15:08:07.0203 0840  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
15:08:07.0213 0840  MSDTC - ok
15:08:07.0263 0840  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:08:07.0273 0840  Msfs - ok
15:08:07.0283 0840  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
15:08:07.0293 0840  mshidkmdf - ok
15:08:07.0323 0840  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:08:07.0323 0840  msisadrv - ok
15:08:07.0343 0840  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
15:08:07.0353 0840  MSiSCSI - ok
15:08:07.0363 0840  msiserver - ok
15:08:07.0393 0840  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
15:08:07.0393 0840  MSKSSRV - ok
15:08:07.0443 0840  [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc        C:\Program Files\Microsoft Security Client\MsMpEng.exe
15:08:07.0443 0840  MsMpSvc - ok
15:08:07.0473 0840  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:08:07.0473 0840  MSPCLOCK - ok
15:08:07.0503 0840  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
15:08:07.0503 0840  MSPQM - ok
15:08:07.0533 0840  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
15:08:07.0543 0840  MsRPC - ok
15:08:07.0583 0840  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:08:07.0593 0840  mssmbios - ok
15:08:07.0613 0840  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
15:08:07.0613 0840  MSTEE - ok
15:08:07.0643 0840  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:08:07.0663 0840  MTConfig - ok
15:08:07.0703 0840  [ CBE71C122434805CB73FFB6619F60598 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
15:08:07.0773 0840  MTsensor - ok
15:08:07.0873 0840  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
15:08:07.0883 0840  Mup - ok
15:08:07.0943 0840  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
15:08:07.0963 0840  napagent - ok
15:08:08.0023 0840  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
15:08:08.0023 0840  NativeWifiP - ok
15:08:08.0123 0840  [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate        C:\Program Files\Nero\Update\NASvc.exe
15:08:08.0143 0840  NAUpdate - ok
15:08:08.0173 0840  [ E240F3204E86B7B6CCF266B2A2AD32B4 ] NBVol          C:\Windows\system32\DRIVERS\NBVol.sys
15:08:08.0183 0840  NBVol - ok
15:08:08.0193 0840  [ C0CF3CCCCE3C75F7280C89029AB47866 ] NBVolUp        C:\Windows\system32\DRIVERS\NBVolUp.sys
15:08:08.0193 0840  NBVolUp - ok
15:08:08.0243 0840  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:08:08.0263 0840  NDIS - ok
15:08:08.0293 0840  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
15:08:08.0303 0840  NdisCap - ok
15:08:08.0323 0840  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:08:08.0323 0840  NdisTapi - ok
15:08:08.0373 0840  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
15:08:08.0373 0840  Ndisuio - ok
15:08:08.0413 0840  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
15:08:08.0423 0840  NdisWan - ok
15:08:08.0443 0840  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
15:08:08.0443 0840  NDProxy - ok
15:08:08.0473 0840  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
15:08:08.0473 0840  NetBIOS - ok
15:08:08.0533 0840  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
15:08:08.0533 0840  NetBT - ok
15:08:08.0573 0840  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
15:08:08.0573 0840  Netlogon - ok
15:08:08.0613 0840  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
15:08:08.0633 0840  Netman - ok
15:08:08.0663 0840  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
15:08:08.0673 0840  netprofm - ok
15:08:08.0713 0840  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
15:08:08.0723 0840  nfrd960 - ok
15:08:08.0783 0840  [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:08:08.0783 0840  NisDrv - ok
15:08:08.0893 0840  [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
15:08:08.0923 0840  NisSrv - ok
15:08:08.0963 0840  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:08:08.0973 0840  NlaSvc - ok
15:08:08.0993 0840  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:08:09.0003 0840  Npfs - ok
15:08:09.0023 0840  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
15:08:09.0033 0840  nsi - ok
15:08:09.0083 0840  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:08:09.0083 0840  nsiproxy - ok
15:08:09.0153 0840  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:08:09.0183 0840  Ntfs - ok
15:08:09.0223 0840  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
15:08:09.0223 0840  Null - ok
15:08:09.0273 0840  [ 6C6D6701A76529963F9416D285D2F4D9 ] nvamacpi        C:\Windows\system32\DRIVERS\NVAMACPI.sys
15:08:09.0273 0840  nvamacpi - ok
15:08:09.0613 0840  [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:08:09.0733 0840  nvlddmkm - ok
15:08:09.0793 0840  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:08:09.0793 0840  nvraid - ok
15:08:09.0833 0840  [ 02A9F366BCB94B286E34825B2094CB38 ] nvsmu          C:\Windows\system32\DRIVERS\nvsmu.sys
15:08:09.0833 0840  nvsmu - ok
15:08:09.0873 0840  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:08:09.0883 0840  nvstor - ok
15:08:09.0943 0840  [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc          C:\Windows\system32\nvvsvc.exe
15:08:09.0953 0840  nvsvc - ok
15:08:10.0033 0840  [ 0629259E3AF6BB0534FCECA208973404 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:08:10.0063 0840  nvUpdatusService - ok
15:08:10.0093 0840  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:08:10.0103 0840  nv_agp - ok
15:08:10.0143 0840  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:08:10.0153 0840  ohci1394 - ok
15:08:10.0213 0840  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:08:10.0223 0840  ose - ok
15:08:10.0413 0840  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:08:10.0563 0840  osppsvc - ok
15:08:10.0613 0840  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:08:10.0623 0840  p2pimsvc - ok
15:08:10.0653 0840  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:08:10.0663 0840  p2psvc - ok
15:08:10.0703 0840  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
15:08:10.0703 0840  Parport - ok
15:08:10.0743 0840  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr        C:\Windows\system32\drivers\partmgr.sys
15:08:10.0743 0840  partmgr - ok
15:08:10.0773 0840  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
15:08:10.0773 0840  Parvdm - ok
15:08:10.0823 0840  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:08:10.0833 0840  PcaSvc - ok
15:08:10.0873 0840  [ 673E55C3498EB970088E812EA820AA8F ] pci            C:\Windows\system32\drivers\pci.sys
15:08:10.0873 0840  pci - ok
15:08:10.0893 0840  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
15:08:10.0893 0840  pciide - ok
15:08:10.0943 0840  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:08:10.0953 0840  pcmcia - ok
15:08:10.0993 0840  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\Windows\system32\Drivers\pcouffin.sys
15:08:11.0003 0840  pcouffin - ok
15:08:11.0043 0840  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
15:08:11.0073 0840  pcw - ok
15:08:11.0133 0840  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:08:11.0213 0840  PEAUTH - ok
15:08:11.0443 0840  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla            C:\Windows\system32\pla.dll
15:08:11.0483 0840  pla - ok
15:08:11.0523 0840  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:08:11.0543 0840  PlugPlay - ok
15:08:11.0573 0840  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
15:08:11.0583 0840  PNRPAutoReg - ok
15:08:11.0613 0840  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
15:08:11.0623 0840  PNRPsvc - ok
15:08:11.0673 0840  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
15:08:11.0683 0840  PolicyAgent - ok
15:08:11.0723 0840  [ F87D30E72E03D579A5199CCB3831D6EA ] Power          C:\Windows\system32\umpo.dll
15:08:11.0733 0840  Power - ok
15:08:11.0783 0840  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:08:11.0783 0840  PptpMiniport - ok
15:08:11.0803 0840  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
15:08:11.0813 0840  Processor - ok
15:08:11.0853 0840  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc        C:\Windows\system32\profsvc.dll
15:08:11.0863 0840  ProfSvc - ok
15:08:11.0883 0840  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:08:11.0883 0840  ProtectedStorage - ok
15:08:11.0913 0840  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:08:11.0913 0840  Psched - ok
15:08:11.0983 0840  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:08:12.0013 0840  ql2300 - ok
15:08:12.0043 0840  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:08:12.0053 0840  ql40xx - ok
15:08:12.0083 0840  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
15:08:12.0093 0840  QWAVE - ok
15:08:12.0123 0840  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:08:12.0123 0840  QWAVEdrv - ok
15:08:12.0153 0840  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:08:12.0153 0840  RasAcd - ok
15:08:12.0193 0840  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
15:08:12.0193 0840  RasAgileVpn - ok
15:08:12.0223 0840  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
15:08:12.0233 0840  RasAuto - ok
15:08:12.0263 0840  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
15:08:12.0263 0840  Rasl2tp - ok
15:08:12.0313 0840  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
15:08:12.0323 0840  RasMan - ok
15:08:12.0343 0840  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:08:12.0343 0840  RasPppoe - ok
15:08:12.0373 0840  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
15:08:12.0373 0840  RasSstp - ok
15:08:12.0423 0840  [ D528BC58A489409BA40334EBF96A311B ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
15:08:12.0433 0840  rdbss - ok
15:08:12.0453 0840  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:08:12.0453 0840  rdpbus - ok
15:08:12.0503 0840  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:08:12.0503 0840  RDPCDD - ok
15:08:12.0533 0840  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:08:12.0543 0840  RDPENCDD - ok
15:08:12.0573 0840  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:08:12.0573 0840  RDPREFMP - ok
15:08:12.0603 0840  [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:08:12.0603 0840  RdpVideoMiniport - ok
15:08:12.0653 0840  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
15:08:12.0663 0840  RDPWD - ok
15:08:12.0703 0840  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:08:12.0713 0840  rdyboost - ok
15:08:12.0743 0840  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:08:12.0753 0840  RemoteAccess - ok
15:08:12.0793 0840  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:08:12.0803 0840  RemoteRegistry - ok
15:08:12.0833 0840  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:08:12.0843 0840  RpcEptMapper - ok
15:08:12.0873 0840  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
15:08:12.0873 0840  RpcLocator - ok
15:08:12.0913 0840  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs          C:\Windows\system32\rpcss.dll
15:08:12.0923 0840  RpcSs - ok
15:08:12.0963 0840  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:08:12.0963 0840  rspndr - ok
15:08:13.0003 0840  [ AE51516A7F70AF7B5D9070FE41442E87 ] RTL8167        C:\Windows\system32\DRIVERS\Rt86win7.sys
15:08:13.0003 0840  RTL8167 - ok
15:08:13.0033 0840  [ 69013A123A00B3042C260B0056DF0152 ] s1029bus        C:\Windows\system32\DRIVERS\s1029bus.sys
15:08:13.0033 0840  s1029bus - ok
15:08:13.0073 0840  [ 1565FC31F872963FE8AF471123D8424C ] s1029mdfl      C:\Windows\system32\DRIVERS\s1029mdfl.sys
15:08:13.0073 0840  s1029mdfl - ok
15:08:13.0113 0840  [ D67A8042ECF6C983AC0E308B36603677 ] s1029mdm        C:\Windows\system32\DRIVERS\s1029mdm.sys
15:08:13.0113 0840  s1029mdm - ok
15:08:13.0143 0840  [ 9AC56F06C1E13A963C82EBD067FDF274 ] s1029mgmt      C:\Windows\system32\DRIVERS\s1029mgmt.sys
15:08:13.0153 0840  s1029mgmt - ok
15:08:13.0193 0840  [ 00C66C6BAAFB2747F15F94F15888C94A ] s1029nd5        C:\Windows\system32\DRIVERS\s1029nd5.sys
15:08:13.0193 0840  s1029nd5 - ok
15:08:13.0233 0840  [ 6FC093ABA554E45755DC2F3896B6C8D7 ] s1029obex      C:\Windows\system32\DRIVERS\s1029obex.sys
15:08:13.0233 0840  s1029obex - ok
15:08:13.0263 0840  [ 9979B0E68815394665B2109B03D15FA1 ] s1029unic      C:\Windows\system32\DRIVERS\s1029unic.sys
15:08:13.0263 0840  s1029unic - ok
15:08:13.0293 0840  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs          C:\Windows\system32\lsass.exe
15:08:13.0303 0840  SamSs - ok
15:08:13.0333 0840  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:08:13.0333 0840  sbp2port - ok
15:08:13.0373 0840  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:08:13.0383 0840  SCardSvr - ok
15:08:13.0423 0840  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:08:13.0423 0840  scfilter - ok
15:08:13.0483 0840  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
15:08:13.0503 0840  Schedule - ok
15:08:13.0543 0840  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc    C:\Windows\System32\certprop.dll
15:08:13.0543 0840  SCPolicySvc - ok
15:08:13.0573 0840  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:08:13.0583 0840  SDRSVC - ok
15:08:13.0613 0840  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:08:13.0613 0840  secdrv - ok
15:08:13.0643 0840  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
15:08:13.0653 0840  seclogon - ok
15:08:13.0673 0840  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
15:08:13.0683 0840  SENS - ok
15:08:13.0703 0840  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:08:13.0713 0840  SensrSvc - ok
15:08:13.0743 0840  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
15:08:13.0743 0840  Serenum - ok
15:08:13.0773 0840  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:08:13.0783 0840  Serial - ok
15:08:13.0823 0840  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:08:13.0823 0840  sermouse - ok
15:08:13.0903 0840  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:08:13.0913 0840  SessionEnv - ok
15:08:13.0943 0840  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
15:08:13.0953 0840  sffdisk - ok
15:08:13.0973 0840  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:08:13.0983 0840  sffp_mmc - ok
15:08:14.0003 0840  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
15:08:14.0003 0840  sffp_sd - ok
15:08:14.0033 0840  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
15:08:14.0043 0840  sfloppy - ok
15:08:14.0143 0840  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:08:14.0183 0840  SharedAccess - ok
15:08:14.0223 0840  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:08:14.0243 0840  ShellHWDetection - ok
15:08:14.0263 0840  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:08:14.0273 0840  sisagp - ok
15:08:14.0303 0840  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:08:14.0303 0840  SiSRaid2 - ok
15:08:14.0323 0840  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:08:14.0333 0840  SiSRaid4 - ok
15:08:14.0363 0840  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
15:08:14.0373 0840  SkypeUpdate - ok
15:08:14.0393 0840  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
15:08:14.0393 0840  Smb - ok
15:08:14.0433 0840  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:08:14.0443 0840  SNMPTRAP - ok
15:08:14.0483 0840  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
15:08:14.0483 0840  spldr - ok
15:08:14.0523 0840  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler        C:\Windows\System32\spoolsv.exe
15:08:14.0533 0840  Spooler - ok
15:08:14.0653 0840  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
15:08:14.0753 0840  sppsvc - ok
15:08:14.0803 0840  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
15:08:14.0813 0840  sppuinotify - ok
15:08:14.0853 0840  [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd            C:\Windows\System32\Drivers\sptd.sys
15:08:14.0863 0840  sptd - ok
15:08:14.0903 0840  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv            C:\Windows\system32\DRIVERS\srv.sys
15:08:14.0903 0840  srv - ok
15:08:14.0943 0840  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:08:14.0953 0840  srv2 - ok
15:08:14.0973 0840  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:08:14.0983 0840  srvnet - ok
15:08:15.0013 0840  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
15:08:15.0023 0840  SSDPSRV - ok
15:08:15.0063 0840  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
15:08:15.0073 0840  SstpSvc - ok
15:08:15.0133 0840  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:08:15.0133 0840  Stereo Service - ok
15:08:15.0173 0840  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:08:15.0173 0840  stexstor - ok
15:08:15.0233 0840  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
15:08:15.0253 0840  StiSvc - ok
15:08:15.0293 0840  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:08:15.0293 0840  swenum - ok
15:08:15.0343 0840  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
15:08:15.0363 0840  swprv - ok
15:08:15.0423 0840  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain        C:\Windows\system32\sysmain.dll
15:08:15.0453 0840  SysMain - ok
15:08:15.0503 0840  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:08:15.0513 0840  TabletInputService - ok
15:08:15.0563 0840  [ 613BF4820361543956909043A265C6AC ] TapiSrv        C:\Windows\System32\tapisrv.dll
15:08:15.0583 0840  TapiSrv - ok
15:08:15.0603 0840  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
15:08:15.0613 0840  TBS - ok
15:08:15.0703 0840  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
15:08:15.0723 0840  Tcpip - ok
15:08:15.0763 0840  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:08:15.0783 0840  TCPIP6 - ok
15:08:15.0833 0840  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:08:15.0833 0840  tcpipreg - ok
15:08:15.0873 0840  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:08:15.0883 0840  TDPIPE - ok
15:08:15.0913 0840  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
15:08:15.0913 0840  TDTCP - ok
15:08:15.0953 0840  [ B459575348C20E8121D6039DA063C704 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
15:08:15.0953 0840  tdx - ok
15:08:15.0983 0840  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:08:15.0983 0840  TermDD - ok
15:08:16.0033 0840  [ 382C804C92811BE57829D8E550A900E2 ] TermService    C:\Windows\System32\termsrv.dll
15:08:16.0053 0840  TermService - ok
15:08:16.0093 0840  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
15:08:16.0103 0840  Themes - ok
15:08:16.0123 0840  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
15:08:16.0133 0840  THREADORDER - ok
15:08:16.0163 0840  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
15:08:16.0173 0840  TrkWks - ok
15:08:16.0233 0840  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:08:16.0243 0840  TrustedInstaller - ok
15:08:16.0293 0840  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:08:16.0303 0840  tssecsrv - ok
15:08:16.0333 0840  [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:08:16.0333 0840  TsUsbFlt - ok
15:08:16.0383 0840  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:08:16.0383 0840  tunnel - ok
15:08:16.0423 0840  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:08:16.0433 0840  uagp35 - ok
15:08:16.0463 0840  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:08:16.0473 0840  udfs - ok
15:08:16.0513 0840  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
15:08:16.0523 0840  UI0Detect - ok
15:08:16.0553 0840  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:08:16.0553 0840  uliagpkx - ok
15:08:16.0583 0840  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus          C:\Windows\system32\drivers\umbus.sys
15:08:16.0583 0840  umbus - ok
15:08:16.0613 0840  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:08:16.0613 0840  UmPass - ok
15:08:16.0653 0840  [ E9421EAA5F52ADFBD291609299EFBC80 ] Update-Service  C:\Windows\System32\UpdSvc.dll
15:08:16.0663 0840  Update-Service - ok
15:08:16.0703 0840  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
15:08:16.0713 0840  upnphost - ok
15:08:16.0743 0840  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
15:08:16.0753 0840  usbccgp - ok
15:08:16.0783 0840  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:08:16.0793 0840  usbcir - ok
15:08:16.0823 0840  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
15:08:16.0823 0840  usbehci - ok
15:08:16.0853 0840  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:08:16.0863 0840  usbhub - ok
15:08:16.0883 0840  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
15:08:16.0883 0840  usbohci - ok
15:08:16.0933 0840  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:08:16.0953 0840  usbprint - ok
15:08:16.0973 0840  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
15:08:17.0023 0840  usbscan - ok
15:08:17.0053 0840  [ F991AB9CC6B908DB552166768176896A ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:08:17.0063 0840  USBSTOR - ok
15:08:17.0083 0840  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
15:08:17.0083 0840  usbuhci - ok
15:08:17.0133 0840  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:08:17.0133 0840  usbvideo - ok
15:08:17.0183 0840  [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
15:08:17.0193 0840  usb_rndisx - ok
15:08:17.0223 0840  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
15:08:17.0233 0840  UxSms - ok
15:08:17.0263 0840  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
15:08:17.0263 0840  VaultSvc - ok
15:08:17.0283 0840  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:08:17.0293 0840  vdrvroot - ok
15:08:17.0343 0840  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds            C:\Windows\System32\vds.exe
15:08:17.0353 0840  vds - ok
15:08:17.0393 0840  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
15:08:17.0393 0840  vga - ok
15:08:17.0413 0840  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
15:08:17.0423 0840  VgaSave - ok
15:08:17.0453 0840  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
15:08:17.0463 0840  vhdmp - ok
15:08:17.0483 0840  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:08:17.0483 0840  viaagp - ok
15:08:17.0513 0840  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
15:08:17.0523 0840  ViaC7 - ok
15:08:17.0553 0840  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
15:08:17.0553 0840  viaide - ok
15:08:17.0583 0840  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:08:17.0583 0840  volmgr - ok
15:08:17.0623 0840  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
15:08:17.0633 0840  volmgrx - ok
15:08:17.0663 0840  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
15:08:17.0663 0840  volsnap - ok
15:08:17.0693 0840  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
15:08:17.0693 0840  vsmraid - ok
15:08:17.0773 0840  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS            C:\Windows\system32\vssvc.exe
15:08:17.0793 0840  VSS - ok
15:08:17.0843 0840  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:08:17.0843 0840  vwifibus - ok
15:08:17.0883 0840  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:08:17.0883 0840  vwififlt - ok
15:08:17.0903 0840  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
15:08:17.0903 0840  vwifimp - ok
15:08:17.0953 0840  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
15:08:17.0973 0840  W32Time - ok
15:08:18.0003 0840  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:08:18.0013 0840  WacomPen - ok
15:08:18.0043 0840  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:08:18.0043 0840  WANARP - ok
15:08:18.0063 0840  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:08:18.0063 0840  Wanarpv6 - ok
15:08:18.0143 0840  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
15:08:18.0163 0840  WatAdminSvc - ok
15:08:18.0243 0840  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
15:08:18.0273 0840  wbengine - ok
15:08:18.0323 0840  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:08:18.0333 0840  WbioSrvc - ok
15:08:18.0383 0840  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc        C:\Windows\System32\wcncsvc.dll
15:08:18.0393 0840  wcncsvc - ok
15:08:18.0433 0840  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:08:18.0443 0840  WcsPlugInService - ok
15:08:18.0473 0840  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:08:18.0473 0840  Wd - ok
15:08:18.0523 0840  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:08:18.0533 0840  Wdf01000 - ok
15:08:18.0573 0840  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:08:18.0583 0840  WdiServiceHost - ok
15:08:18.0593 0840  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
15:08:18.0603 0840  WdiSystemHost - ok
15:08:18.0653 0840  [ A9D880F97530D5B8FEE278923349929D ] WebClient      C:\Windows\System32\webclnt.dll
15:08:18.0673 0840  WebClient - ok
15:08:18.0693 0840  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:08:18.0713 0840  Wecsvc - ok
15:08:18.0733 0840  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
15:08:18.0743 0840  wercplsupport - ok
15:08:18.0773 0840  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:08:18.0783 0840  WerSvc - ok
15:08:18.0823 0840  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:08:18.0823 0840  WfpLwf - ok
15:08:18.0843 0840  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:08:18.0853 0840  WIMMount - ok
15:08:18.0913 0840  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
15:08:18.0933 0840  WinDefend - ok
15:08:18.0953 0840  WinHttpAutoProxySvc - ok
15:08:19.0043 0840  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
15:08:19.0043 0840  Winmgmt - ok
15:08:19.0243 0840  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\Windows\system32\WsmSvc.dll
15:08:19.0273 0840  WinRM - ok
15:08:19.0323 0840  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:08:19.0323 0840  WinUsb - ok
15:08:19.0383 0840  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
15:08:19.0413 0840  Wlansvc - ok
15:08:19.0443 0840  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
15:08:19.0443 0840  WmiAcpi - ok
15:08:19.0503 0840  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:08:19.0543 0840  wmiApSrv - ok
15:08:19.0683 0840  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
15:08:19.0713 0840  WMPNetworkSvc - ok
15:08:19.0753 0840  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:08:19.0763 0840  WPCSvc - ok
15:08:19.0803 0840  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:08:19.0813 0840  WPDBusEnum - ok
15:08:19.0843 0840  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
15:08:19.0843 0840  ws2ifsl - ok
15:08:19.0873 0840  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
15:08:19.0883 0840  wscsvc - ok
15:08:19.0903 0840  WSearch - ok
15:08:20.0003 0840  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:08:20.0053 0840  wuauserv - ok
15:08:20.0093 0840  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:08:20.0093 0840  WudfPf - ok
15:08:20.0123 0840  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:08:20.0133 0840  WUDFRd - ok
15:08:20.0163 0840  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
15:08:20.0173 0840  wudfsvc - ok
15:08:20.0203 0840  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
15:08:20.0223 0840  WwanSvc - ok
15:08:20.0293 0840  ================ Scan global ===============================
15:08:20.0333 0840  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:08:20.0383 0840  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:08:20.0403 0840  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:08:20.0443 0840  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:08:20.0493 0840  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:08:20.0503 0840  [Global] - ok
15:08:20.0503 0840  ================ Scan MBR ==================================
15:08:20.0523 0840  [ F05261C246CE4B3C544521FFFF7AEF5D ] \Device\Harddisk0\DR0
15:08:20.0783 0840  \Device\Harddisk0\DR0 - ok
15:08:20.0783 0840  ================ Scan VBR ==================================
15:08:20.0793 0840  [ EFCAF4556CC4D2273069727C6D68A0F5 ] \Device\Harddisk0\DR0\Partition1
15:08:20.0803 0840  \Device\Harddisk0\DR0\Partition1 - ok
15:08:20.0833 0840  [ DC37B8A9882E771E94BBC2EB6C2164FF ] \Device\Harddisk0\DR0\Partition2
15:08:20.0833 0840  \Device\Harddisk0\DR0\Partition2 - ok
15:08:20.0843 0840  ============================================================
15:08:20.0843 0840  Scan finished
15:08:20.0843 0840  ============================================================
15:08:20.0873 2980  Detected object count: 0
15:08:20.0873 2980  Actual detected object count: 0
15:10:52.0631 4184  Deinitialize success
Das mit dem Zip funktioniert nicht. Ist die Datei mit 251kb zu groß zum zippen?

cosinus 16.02.2013 18:49
unauffällig

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

karlshagen 17.02.2013 00:04
Code:
# AdwCleaner v2.112 - Datei am 16/02/2013 um 22:35:04 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : 15G22J0290K0EU2Y - BIBA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\15G22J0290K0EU2Y\Desktop\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gelöscht : C:\Program Files\GamesBar
Ordner Gelöscht : C:\Users\15G22J0290K0EU2Y\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\15G22J0290K0EU2Y\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2724407
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Mozilla\Firefox\Profiles\pz396p4t.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [9591 octets] - [16/02/2013 22:33:30]
AdwCleaner[S1].txt - [9362 octets] - [16/02/2013 22:35:04]

########## EOF - C:\AdwCleaner[S1].txt - [9422 octets] ##########
Code:
OTL logfile created on: 2/17/2013 12:06:31 AM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\15G22J0290K0EU2Y\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.42 Gb Available Physical Memory | 24.21% Memory free
6.12 Gb Paging File | 4.80 Gb Available in Paging File | 78.35% Paging File free
Paging file location(s): c:\pagefile.sys 2686 2686d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98.59 Gb Total Space | 56.72 Gb Free Space | 57.53% Space Free | Partition Type: NTFS
Drive D: | 191.46 Gb Total Space | 118.91 Gb Free Space | 62.11% Space Free | Partition Type: NTFS
 
Computer Name: BIBA | User Name: 15G22J0290K0EU2Y | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\MobileBrServ\mbbService.exe ()
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IdeaCom\TSC\IdcSrv.exe (IdeaCom Technology Inc.)
PRC - C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe (IdeaCom Technology Inc.)
PRC - C:\Program Files\ASUS\Eee Manager\EMMessageParser.exe (ASUSTeK)
PRC - C:\Program Files\ASUS\Eee Manager\EeeManager.exe (ASUSTeK)
PRC - C:\Program Files\ASUS\Message Controller\AsMessageController.exe (ASUSTeK)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3524.15966__0d0f4b69e50e559b\SqliteShared.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\Program Files\ASUS\Asus WebStorage\EcaremeDLL.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsACPINotify.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsRemoteControlHooker.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\ImageMgr.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsKeyboardHooker.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\MessageParser\AsMultiLang.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\AsMultiLang.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Guard.Mail.ru) --  File not found
SRV - (Dnscache) -- %SystemRoot%\System32\pouae2gyp.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe ()
SRV - (Update-Service) -- C:\Windows\System32\UpdSvc.dll (Joosoft.com GmbH)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (IdcSrv) -- C:\Program Files\IdeaCom\TSC\IdcSrv.exe (IdeaCom Technology Inc.)
SRV - (ETSCSERVICE) -- C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe (IdeaCom Technology Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (iwaozptt) --  File not found
DRV - (ivtpxjih) --  File not found
DRV - (islxmqgh) --  File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (cooonihv) --  File not found
DRV - (abbchwwb) --  File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvamacpi) -- C:\Windows\System32\drivers\nvamacpi.sys (NVIDIA Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (IdcFltr) -- C:\Windows\System32\drivers\idcfltr.sys (IdeaCom Technology Inc.)
DRV - (AmUStor) -- C:\Windows\System32\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (enecirhid) -- C:\Windows\System32\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV - (enecirhidma) -- C:\Windows\System32\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (s1029unic) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (ASInsHelp) -- C:\Windows\System32\drivers\AsInsHelp32.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\Downloads
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com/
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = hxxp://start.gamesagogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.startup.homepage: "hxxp://office-manager/Account/LogOn"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: D:\Program Files\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\15G22J0290K0EU2Y\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files\RelevantKnowledge\firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 18:55:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/12 08:43:15 | 000,000,000 | ---D | M]
 
[2012/08/28 19:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\mozilla\Extensions
[2012/12/28 09:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\mozilla\Firefox\Profiles\pz396p4t.default\extensions
[2012/12/10 18:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/12/10 18:04:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/06 18:55:08 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/18 21:02:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/29 11:27:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/18 21:02:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/18 21:02:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/18 21:02:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/18 21:02:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2012/12/22 17:18:38 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober14387457.xml
 
Hosts file not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found.
O3 - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\Toolbar\WebBrowser: (no name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [StartCal.exe] C:\Program Files\IdeaCom\TSC\StartCal.exe (IdeaCom Technology Inc.)
O4 - HKU\.DEFAULT..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKU\S-1-5-18..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\update\SearchEngineProtection.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\system32\UDDIjdlcn.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{577a8c28-8370-4d95-a804-69548d509e85}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{716FB368-5896-4B52-8AF2-C05A3D46DE1D}: DhcpNameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7862A30D-58BD-4301-9854-D68DEF14A18E}: DhcpNameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{d4817425-ae18-4a77-9d08-71acc98bd32c}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{f759e9d5-c984-4da0-b5a0-a2d9df02b1ff}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IdcNotify: DllName - (idcnotify.dll) - C:\Windows\System32\idcnotify.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1550962e-d83e-11e1-a9ca-0025d37d7501}\Shell - "" = AutoRun
O33 - MountPoints2\{1550962e-d83e-11e1-a9ca-0025d37d7501}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{28e63b4b-bb23-11e1-a36b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{28e63b4b-bb23-11e1-a36b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{698150b1-deaa-11df-971b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{698150b1-deaa-11df-971b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{698150b9-deaa-11df-971b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{698150b9-deaa-11df-971b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9cdf9d38-bcff-11e1-b74e-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{9cdf9d38-bcff-11e1-b74e-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/17 00:04:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe
[2013/02/15 16:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/02/15 16:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/02/15 13:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/14 00:47:10 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/02/14 00:47:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/02/14 00:47:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/02/14 00:47:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/02/14 00:47:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/02/14 00:47:01 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/02/14 00:47:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/02/14 00:46:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/02/13 15:47:39 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\Desktop\Scan
[2013/02/13 14:05:24 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/02/13 14:02:02 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/02/13 14:01:59 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/02/13 14:01:19 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013/02/13 14:00:13 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/02/11 17:08:00 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\TuneUp Software
[2013/02/11 16:48:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/02/11 16:48:27 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Local\MFAData
[2013/02/11 16:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/02/11 16:48:27 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Avg2013
[2013/02/08 09:21:13 | 016,365,936 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/02/07 17:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/02/05 15:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/01/23 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\Documents\Outlook-Dateien
[2012/05/08 10:11:07 | 001,638,400 | ---- | C] (LIGHTNING UK!) -- C:\Users\15G22J0290K0EU2Y\AppData\Local\ImgBurn.exe
[2011/12/08 23:02:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/17 00:07:01 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1998982368-3054312690-3844566786-1000UA.job
[2013/02/16 23:55:02 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/16 23:21:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/16 22:46:49 | 000,018,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/16 22:46:49 | 000,018,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/16 22:41:51 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/02/16 22:41:03 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/16 22:40:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/16 22:40:36 | 1408,638,976 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/16 20:45:08 | 000,327,680 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/02/16 20:13:30 | 000,587,671 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\adwcleaner0.exe
[2013/02/16 02:30:31 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/14 09:07:02 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1998982368-3054312690-3844566786-1000Core.job
[2013/02/14 08:48:16 | 000,409,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/14 00:42:53 | 000,580,736 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/14 00:42:52 | 000,616,498 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/02/14 00:42:52 | 000,122,242 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/02/14 00:42:52 | 000,098,632 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/12 17:17:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe
[2013/02/12 00:38:55 | 295,472,861 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/11 16:41:42 | 000,007,625 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Resmon.ResmonCfg
[2013/02/09 20:56:03 | 000,084,992 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\20% Off Easy Change.msg
[2013/02/09 18:57:42 | 000,555,429 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\QuoteDetail6BerthSTPremierUnitedCampervansNZ1302093898STW.pdf
[2013/02/08 09:21:26 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/08 09:21:26 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/08 09:21:15 | 016,365,936 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/01/30 16:53:03 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/01/21 20:54:13 | 000,001,041 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\vso_ts_preview.xml
[2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys
 
========== Files Created - No Company Name ==========
 
[2013/02/16 20:13:30 | 000,587,671 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\adwcleaner0.exe
[2013/02/12 00:38:56 | 000,409,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/12 00:38:55 | 295,472,861 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/11 16:41:42 | 000,007,625 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Resmon.ResmonCfg
[2013/02/09 20:56:02 | 000,084,992 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\20% Off Easy Change.msg
[2013/02/09 18:57:42 | 000,555,429 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\QuoteDetail6BerthSTPremierUnitedCampervansNZ1302093898STW.pdf
[2012/12/07 21:19:13 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012/12/07 21:19:12 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012/12/07 21:19:11 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012/12/07 21:19:10 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012/12/07 21:19:10 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012/10/27 18:13:50 | 000,003,584 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/27 15:17:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/07/02 22:59:09 | 000,283,097 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/07/02 19:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/06/16 15:52:46 | 000,000,130 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\default.rss
[2012/06/09 18:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/06/08 00:59:27 | 000,002,272 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012/06/08 00:54:38 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012/05/30 10:52:20 | 004,305,920 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/05/21 17:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\System32\mlc.dll
[2012/02/22 12:05:36 | 015,495,729 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\SMRBackup250.dat
[2011/12/08 23:02:17 | 000,087,608 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\inst.exe
[2011/12/08 23:02:17 | 000,007,887 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.cat
[2011/12/08 23:02:17 | 000,001,144 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.inf
[2011/12/08 22:20:53 | 000,001,041 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\vso_ts_preview.xml
[2011/12/08 20:25:00 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/12/08 17:03:53 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011/12/07 22:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
Code:
OTL logfile created on: 2/17/2013 12:06:31 AM - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\15G22J0290K0EU2Y\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.42 Gb Available Physical Memory | 24.21% Memory free
6.12 Gb Paging File | 4.80 Gb Available in Paging File | 78.35% Paging File free
Paging file location(s): c:\pagefile.sys 2686 2686d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98.59 Gb Total Space | 56.72 Gb Free Space | 57.53% Space Free | Partition Type: NTFS
Drive D: | 191.46 Gb Total Space | 118.91 Gb Free Space | 62.11% Space Free | Partition Type: NTFS
 
Computer Name: BIBA | User Name: 15G22J0290K0EU2Y | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\MobileBrServ\mbbService.exe ()
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IdeaCom\TSC\IdcSrv.exe (IdeaCom Technology Inc.)
PRC - C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe (IdeaCom Technology Inc.)
PRC - C:\Program Files\ASUS\Eee Manager\EMMessageParser.exe (ASUSTeK)
PRC - C:\Program Files\ASUS\Eee Manager\EeeManager.exe (ASUSTeK)
PRC - C:\Program Files\ASUS\Message Controller\AsMessageController.exe (ASUSTeK)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3524.15966__0d0f4b69e50e559b\SqliteShared.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\Program Files\ASUS\Asus WebStorage\EcaremeDLL.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsACPINotify.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsRemoteControlHooker.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\ImageMgr.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsKeyboardHooker.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\MessageParser\AsMultiLang.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\AsMultiLang.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Guard.Mail.ru) --  File not found
SRV - (Dnscache) -- %SystemRoot%\System32\pouae2gyp.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe ()
SRV - (Update-Service) -- C:\Windows\System32\UpdSvc.dll (Joosoft.com GmbH)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (IdcSrv) -- C:\Program Files\IdeaCom\TSC\IdcSrv.exe (IdeaCom Technology Inc.)
SRV - (ETSCSERVICE) -- C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe (IdeaCom Technology Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (iwaozptt) --  File not found
DRV - (ivtpxjih) --  File not found
DRV - (islxmqgh) --  File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (cooonihv) --  File not found
DRV - (abbchwwb) --  File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvamacpi) -- C:\Windows\System32\drivers\nvamacpi.sys (NVIDIA Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (IdcFltr) -- C:\Windows\System32\drivers\idcfltr.sys (IdeaCom Technology Inc.)
DRV - (AmUStor) -- C:\Windows\System32\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (enecirhid) -- C:\Windows\System32\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV - (enecirhidma) -- C:\Windows\System32\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (s1029unic) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (ASInsHelp) -- C:\Windows\System32\drivers\AsInsHelp32.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\Downloads
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com/
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = hxxp://start.gamesagogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.startup.homepage: "hxxp://office-manager/Account/LogOn"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: D:\Program Files\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\15G22J0290K0EU2Y\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files\RelevantKnowledge\firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 18:55:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/12 08:43:15 | 000,000,000 | ---D | M]
 
[2012/08/28 19:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\mozilla\Extensions
[2012/12/28 09:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\mozilla\Firefox\Profiles\pz396p4t.default\extensions
[2012/12/10 18:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/12/10 18:04:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/06 18:55:08 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/18 21:02:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/29 11:27:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/18 21:02:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/18 21:02:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/18 21:02:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/18 21:02:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2012/12/22 17:18:38 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober14387457.xml
 
Hosts file not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found.
O3 - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\Toolbar\WebBrowser: (no name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [StartCal.exe] C:\Program Files\IdeaCom\TSC\StartCal.exe (IdeaCom Technology Inc.)
O4 - HKU\.DEFAULT..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKU\S-1-5-18..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\update\SearchEngineProtection.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\system32\UDDIjdlcn.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{577a8c28-8370-4d95-a804-69548d509e85}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{716FB368-5896-4B52-8AF2-C05A3D46DE1D}: DhcpNameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7862A30D-58BD-4301-9854-D68DEF14A18E}: DhcpNameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{d4817425-ae18-4a77-9d08-71acc98bd32c}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{f759e9d5-c984-4da0-b5a0-a2d9df02b1ff}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IdcNotify: DllName - (idcnotify.dll) - C:\Windows\System32\idcnotify.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1550962e-d83e-11e1-a9ca-0025d37d7501}\Shell - "" = AutoRun
O33 - MountPoints2\{1550962e-d83e-11e1-a9ca-0025d37d7501}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{28e63b4b-bb23-11e1-a36b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{28e63b4b-bb23-11e1-a36b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{698150b1-deaa-11df-971b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{698150b1-deaa-11df-971b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{698150b9-deaa-11df-971b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{698150b9-deaa-11df-971b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9cdf9d38-bcff-11e1-b74e-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{9cdf9d38-bcff-11e1-b74e-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/17 00:04:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe
[2013/02/15 16:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/02/15 16:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/02/15 13:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/14 00:47:10 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/02/14 00:47:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/02/14 00:47:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/02/14 00:47:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/02/14 00:47:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/02/14 00:47:01 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/02/14 00:47:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/02/14 00:46:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/02/13 15:47:39 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\Desktop\Scan
[2013/02/13 14:05:24 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/02/13 14:02:02 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/02/13 14:01:59 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/02/13 14:01:19 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013/02/13 14:00:13 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/02/11 17:08:00 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\TuneUp Software
[2013/02/11 16:48:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/02/11 16:48:27 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Local\MFAData
[2013/02/11 16:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/02/11 16:48:27 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Avg2013
[2013/02/08 09:21:13 | 016,365,936 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/02/07 17:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/02/05 15:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/01/23 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\Documents\Outlook-Dateien
[2012/05/08 10:11:07 | 001,638,400 | ---- | C] (LIGHTNING UK!) -- C:\Users\15G22J0290K0EU2Y\AppData\Local\ImgBurn.exe
[2011/12/08 23:02:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/17 00:07:01 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1998982368-3054312690-3844566786-1000UA.job
[2013/02/16 23:55:02 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/16 23:21:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/16 22:46:49 | 000,018,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/16 22:46:49 | 000,018,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/16 22:41:51 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/02/16 22:41:03 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/16 22:40:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/16 22:40:36 | 1408,638,976 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/16 20:45:08 | 000,327,680 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/02/16 20:13:30 | 000,587,671 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\adwcleaner0.exe
[2013/02/16 02:30:31 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/14 09:07:02 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1998982368-3054312690-3844566786-1000Core.job
[2013/02/14 08:48:16 | 000,409,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/14 00:42:53 | 000,580,736 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/14 00:42:52 | 000,616,498 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/02/14 00:42:52 | 000,122,242 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/02/14 00:42:52 | 000,098,632 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/12 17:17:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe
[2013/02/12 00:38:55 | 295,472,861 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/11 16:41:42 | 000,007,625 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Resmon.ResmonCfg
[2013/02/09 20:56:03 | 000,084,992 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\20% Off Easy Change.msg
[2013/02/09 18:57:42 | 000,555,429 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\QuoteDetail6BerthSTPremierUnitedCampervansNZ1302093898STW.pdf
[2013/02/08 09:21:26 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/08 09:21:26 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/08 09:21:15 | 016,365,936 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/01/30 16:53:03 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/01/21 20:54:13 | 000,001,041 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\vso_ts_preview.xml
[2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys
 
========== Files Created - No Company Name ==========
 
[2013/02/16 20:13:30 | 000,587,671 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\adwcleaner0.exe
[2013/02/12 00:38:56 | 000,409,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/12 00:38:55 | 295,472,861 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/11 16:41:42 | 000,007,625 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Resmon.ResmonCfg
[2013/02/09 20:56:02 | 000,084,992 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\20% Off Easy Change.msg
[2013/02/09 18:57:42 | 000,555,429 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\QuoteDetail6BerthSTPremierUnitedCampervansNZ1302093898STW.pdf
[2012/12/07 21:19:13 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012/12/07 21:19:12 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012/12/07 21:19:11 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012/12/07 21:19:10 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012/12/07 21:19:10 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012/10/27 18:13:50 | 000,003,584 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/27 15:17:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/07/02 22:59:09 | 000,283,097 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/07/02 19:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/06/16 15:52:46 | 000,000,130 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\default.rss
[2012/06/09 18:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/06/08 00:59:27 | 000,002,272 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012/06/08 00:54:38 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012/05/30 10:52:20 | 004,305,920 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/05/21 17:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\System32\mlc.dll
[2012/02/22 12:05:36 | 015,495,729 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\SMRBackup250.dat
[2011/12/08 23:02:17 | 000,087,608 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\inst.exe
[2011/12/08 23:02:17 | 000,007,887 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.cat
[2011/12/08 23:02:17 | 000,001,144 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.inf
[2011/12/08 22:20:53 | 000,001,041 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\vso_ts_preview.xml
[2011/12/08 20:25:00 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/12/08 17:03:53 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011/12/07 22:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

cosinus 18.02.2013 13:43
Zitat:
C:\Windows\System32\idcnotify.dll
Bitte diese Datei bei uns mal hochladen => http://www.trojaner-board.de/54791-a...tml#post349565

karlshagen 18.02.2013 16:36
Hallo,

hast Du die Datei bekommen?

Gruß
karlshagen.

cosinus 20.02.2013 11:28
Ja danke, die Datei scheint sauber zu sein

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


karlshagen 20.02.2013 13:27
Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.20.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
15G22J0290K0EU2Y :: BIBA [Administrator]

20.02.2013 13:06:18
mbam-log-2013-02-20 (13-06-18).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 185224
Laufzeit: 19 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cc60062bf139924bb1c7cc9617daa367
# engine=13199
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-20 04:28:02
# local_time=2013-02-20 05:28:02 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 46142078 113008873 0 0
# scanned=160447
# found=0
# cleaned=0
# scan_time=12217

cosinus 22.02.2013 10:29
Hey,

ich glaube ich hab den Schädling mediyes bei dir jetzt erst entdeckt :stirn: :(

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
C:\Windows\system32\*.dll /360
C:\Windows\SysNative\*.dll /360

karlshagen 22.02.2013 13:53
Code:
OTL logfile created on: 2/22/2013 1:19:34 PM - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\15G22J0290K0EU2Y\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.22 Gb Available Physical Memory | 12.67% Memory free
6.12 Gb Paging File | 3.89 Gb Available in Paging File | 63.50% Paging File free
Paging file location(s): c:\pagefile.sys 2686 2686d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98.59 Gb Total Space | 55.74 Gb Free Space | 56.54% Space Free | Partition Type: NTFS
Drive D: | 191.46 Gb Total Space | 121.75 Gb Free Space | 63.59% Space Free | Partition Type: NTFS
Drive I: | 3.78 Gb Total Space | 3.60 Gb Free Space | 95.21% Space Free | Partition Type: FAT
Drive J: | 537.11 Gb Total Space | 2.07 Gb Free Space | 0.38% Space Free | Partition Type: NTFS
Drive K: | 390.63 Gb Total Space | 122.90 Gb Free Space | 31.46% Space Free | Partition Type: NTFS
Drive L: | 298.05 Mb Total Space | 7.75 Mb Free Space | 2.60% Space Free | Partition Type: NTFS
Drive M: | 194.00 Mb Total Space | 124.86 Mb Free Space | 64.36% Space Free | Partition Type: NTFS
Drive O: | 209.87 Gb Total Space | 174.23 Gb Free Space | 83.02% Space Free | Partition Type: NTFS
Drive U: | 488.28 Gb Total Space | 472.89 Gb Free Space | 96.85% Space Free | Partition Type: NTFS
 
Computer Name: BIBA | User Name: 15G22J0290K0EU2Y | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
PRC - C:\ProgramData\MobileBrServ\mbbService.exe ()
PRC - C:\Program Files\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IdeaCom\TSC\IdcSrv.exe (IdeaCom Technology Inc.)
PRC - C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe (IdeaCom Technology Inc.)
PRC - C:\Program Files\ASUS\Eee Manager\EMMessageParser.exe (ASUSTeK)
PRC - C:\Program Files\ASUS\Eee Manager\EeeManager.exe (ASUSTeK)
PRC - C:\Program Files\ASUS\Message Controller\AsMessageController.exe (ASUSTeK)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files\Adobe\Reader 11.0\Reader\sqlite.dll ()
MOD - C:\Program Files\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Program Files\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Program Files\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Program Files\IncrediMail\bin\ImAppRU.dll ()
MOD - C:\Program Files\IncrediMail\bin\AE\ActionEngine.dll ()
MOD - C:\Program Files\IncrediMail\Bin\pmc.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3524.15966__0d0f4b69e50e559b\SqliteShared.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\Program Files\ASUS\Asus WebStorage\EcaremeDLL.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsACPINotify.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsRemoteControlHooker.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\ImageMgr.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsKeyboardHooker.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\MessageParser\AsMultiLang.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\AsMultiLang.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Guard.Mail.ru) --  File not found
SRV - (Dnscache) -- %SystemRoot%\System32\pouae2gyp.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe ()
SRV - (Update-Service) -- C:\Windows\System32\UpdSvc.dll (Joosoft.com GmbH)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (IdcSrv) -- C:\Program Files\IdeaCom\TSC\IdcSrv.exe (IdeaCom Technology Inc.)
SRV - (ETSCSERVICE) -- C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe (IdeaCom Technology Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (iwaozptt) --  File not found
DRV - (ivtpxjih) --  File not found
DRV - (islxmqgh) --  File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (cooonihv) --  File not found
DRV - (aqyj3d4q) --  File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvamacpi) -- C:\Windows\System32\drivers\nvamacpi.sys (NVIDIA Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (IdcFltr) -- C:\Windows\System32\drivers\idcfltr.sys (IdeaCom Technology Inc.)
DRV - (AmUStor) -- C:\Windows\System32\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (enecirhid) -- C:\Windows\System32\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV - (enecirhidma) -- C:\Windows\System32\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (s1029unic) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (ASInsHelp) -- C:\Windows\System32\drivers\AsInsHelp32.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\Downloads
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com/
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = hxxp://start.gamesagogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.startup.homepage: "hxxp://office-manager/Account/LogOn"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: D:\Program Files\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\15G22J0290K0EU2Y\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files\RelevantKnowledge\firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/20 23:21:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/12 08:43:15 | 000,000,000 | ---D | M]
 
[2012/08/28 19:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\mozilla\Extensions
[2012/12/28 09:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\mozilla\Firefox\Profiles\pz396p4t.default\extensions
[2012/12/10 18:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/12/10 18:04:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/20 23:21:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/18 21:02:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/29 11:27:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/18 21:02:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/18 21:02:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/18 21:02:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/18 21:02:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2012/12/22 17:18:38 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober14387457.xml
 
Hosts file not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found.
O3 - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\Toolbar\WebBrowser: (no name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [StartCal.exe] C:\Program Files\IdeaCom\TSC\StartCal.exe (IdeaCom Technology Inc.)
O4 - HKU\.DEFAULT..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKU\S-1-5-18..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\system32\UDDIjdlcn.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{577a8c28-8370-4d95-a804-69548d509e85}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{716FB368-5896-4B52-8AF2-C05A3D46DE1D}: DhcpNameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7862A30D-58BD-4301-9854-D68DEF14A18E}: DhcpNameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7862A30D-58BD-4301-9854-D68DEF14A18E}: Domain = goezy.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7862A30D-58BD-4301-9854-D68DEF14A18E}: NameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{d4817425-ae18-4a77-9d08-71acc98bd32c}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{f759e9d5-c984-4da0-b5a0-a2d9df02b1ff}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IdcNotify: DllName - (idcnotify.dll) - C:\Windows\System32\idcnotify.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1550962e-d83e-11e1-a9ca-0025d37d7501}\Shell - "" = AutoRun
O33 - MountPoints2\{1550962e-d83e-11e1-a9ca-0025d37d7501}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{28e63b4b-bb23-11e1-a36b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{28e63b4b-bb23-11e1-a36b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{698150b1-deaa-11df-971b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{698150b1-deaa-11df-971b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{698150b9-deaa-11df-971b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{698150b9-deaa-11df-971b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9cdf9d38-bcff-11e1-b74e-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{9cdf9d38-bcff-11e1-b74e-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/22 12:56:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe
[2013/02/20 12:40:44 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Malwarebytes
[2013/02/20 12:39:24 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Programs
[2013/02/17 14:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/17 14:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/02/15 16:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/02/15 16:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/02/15 13:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/14 00:47:10 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/02/14 00:47:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/02/14 00:47:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/02/14 00:47:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/02/14 00:47:04 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/02/14 00:47:01 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/02/14 00:47:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/02/14 00:46:57 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/02/13 15:47:39 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\Desktop\Scan
[2013/02/13 14:05:24 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/02/13 14:02:02 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/02/13 14:01:59 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/02/13 14:01:19 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013/02/13 14:00:13 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/02/11 17:08:00 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\TuneUp Software
[2013/02/11 16:48:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/02/11 16:48:27 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Local\MFAData
[2013/02/11 16:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/02/11 16:48:27 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Avg2013
[2013/02/08 09:21:13 | 016,365,936 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/02/07 17:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/02/05 15:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/01/23 14:33:44 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\Documents\Outlook-Dateien
[2012/05/08 10:11:07 | 001,638,400 | ---- | C] (LIGHTNING UK!) -- C:\Users\15G22J0290K0EU2Y\AppData\Local\ImgBurn.exe
[2011/12/08 23:02:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/22 13:40:22 | 000,001,041 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\vso_ts_preview.xml
[2013/02/22 13:21:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/22 12:57:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe
[2013/02/22 12:55:02 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/22 12:07:05 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1998982368-3054312690-3844566786-1000UA.job
[2013/02/22 10:49:11 | 000,039,424 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\Kea New Zealand -  Karlen  36985161 Booking Cancelled.msg
[2013/02/22 09:11:53 | 000,018,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/22 09:11:53 | 000,018,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/22 09:07:01 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1998982368-3054312690-3844566786-1000Core.job
[2013/02/22 09:06:54 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/02/22 09:06:18 | 000,000,431 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013/02/22 09:06:05 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/22 09:05:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/22 09:05:39 | 1408,638,976 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/21 23:30:05 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/02/21 23:30:04 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/02/21 15:41:02 | 004,381,412 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\Samsung 3d Fernseher.pdf
[2013/02/21 08:12:06 | 000,409,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/18 18:24:56 | 000,033,792 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\Türkman.msg
[2013/02/18 15:34:10 | 000,616,498 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/02/18 15:34:10 | 000,580,736 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/18 15:34:10 | 000,122,242 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/02/18 15:34:10 | 000,098,632 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/17 14:09:51 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/02/16 20:45:08 | 000,327,680 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/02/16 02:30:31 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/11 16:41:42 | 000,007,625 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Resmon.ResmonCfg
[2013/02/09 20:56:03 | 000,084,992 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\20% Off Easy Change.msg
[2013/02/09 18:57:42 | 000,555,429 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\QuoteDetail6BerthSTPremierUnitedCampervansNZ1302093898STW.pdf
[2013/02/08 09:21:15 | 016,365,936 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/01/30 16:53:03 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
 
========== Files Created - No Company Name ==========
 
[2013/02/22 10:49:10 | 000,039,424 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\Kea New Zealand -  Karlen  36985161 Booking Cancelled.msg
[2013/02/21 15:40:58 | 004,381,412 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\Samsung 3d Fernseher.pdf
[2013/02/21 08:11:45 | 000,409,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/18 18:24:54 | 000,033,792 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\Türkman.msg
[2013/02/11 16:41:42 | 000,007,625 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Resmon.ResmonCfg
[2013/02/09 20:56:02 | 000,084,992 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\20% Off Easy Change.msg
[2013/02/09 18:57:42 | 000,555,429 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\QuoteDetail6BerthSTPremierUnitedCampervansNZ1302093898STW.pdf
[2012/12/07 21:19:13 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012/12/07 21:19:12 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012/12/07 21:19:11 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012/12/07 21:19:10 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012/12/07 21:19:10 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012/10/27 18:13:50 | 000,003,584 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/27 15:17:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/07/02 22:59:09 | 000,283,097 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/07/02 19:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/06/16 15:52:46 | 000,000,130 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\default.rss
[2012/06/09 18:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/06/08 00:59:27 | 000,002,272 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012/06/08 00:54:38 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012/05/30 10:52:20 | 004,305,920 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012/05/21 17:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\System32\mlc.dll
[2012/02/22 12:05:36 | 015,495,729 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\SMRBackup250.dat
[2011/12/08 23:02:17 | 000,087,608 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\inst.exe
[2011/12/08 23:02:17 | 000,007,887 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.cat
[2011/12/08 23:02:17 | 000,001,144 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.inf
[2011/12/08 22:20:53 | 000,001,041 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\vso_ts_preview.xml
[2011/12/08 20:25:00 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/12/08 17:03:53 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011/12/07 22:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

cosinus 22.02.2013 14:18
Sagmal hast du wirklich nen CustomScan gemacht? Irgendwie hab ich da etwas mehr erwartet :wtf:

karlshagen 22.02.2013 14:26
Was meinst Du mit CustomScan?

cosinus 22.02.2013 14:27
Was mein ich wohl damit, was stand denn in meiner Anweisung wie du das OTL-Log machen solltest?!

karlshagen 22.02.2013 14:43
Code:
OTL logfile created on: 22.02.2013 14:28:05 - Run 3
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\15G22J0290K0EU2Y\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 49,05% Memory free
6,12 Gb Paging File | 5,03 Gb Available in Paging File | 82,15% Paging File free
Paging file location(s): c:\pagefile.sys 2686 2686d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98,59 Gb Total Space | 55,79 Gb Free Space | 56,59% Space Free | Partition Type: NTFS
Drive D: | 191,46 Gb Total Space | 121,75 Gb Free Space | 63,59% Space Free | Partition Type: NTFS
Drive I: | 3,78 Gb Total Space | 3,60 Gb Free Space | 95,21% Space Free | Partition Type: FAT
Drive J: | 537,11 Gb Total Space | 2,07 Gb Free Space | 0,38% Space Free | Partition Type: NTFS
Drive K: | 390,63 Gb Total Space | 122,90 Gb Free Space | 31,46% Space Free | Partition Type: NTFS
Drive L: | 298,05 Mb Total Space | 7,75 Mb Free Space | 2,60% Space Free | Partition Type: NTFS
Drive M: | 194,00 Mb Total Space | 124,86 Mb Free Space | 64,36% Space Free | Partition Type: NTFS
Drive O: | 209,87 Gb Total Space | 174,23 Gb Free Space | 83,02% Space Free | Partition Type: NTFS
Drive U: | 488,28 Gb Total Space | 472,89 Gb Free Space | 96,85% Space Free | Partition Type: NTFS
 
Computer Name: BIBA | User Name: 15G22J0290K0EU2Y | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\ProgramData\MobileBrServ\mbbService.exe ()
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IdeaCom\TSC\IdcSrv.exe (IdeaCom Technology Inc.)
PRC - C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe (IdeaCom Technology Inc.)
PRC - C:\Program Files\ASUS\Eee Manager\EMMessageParser.exe (ASUSTeK)
PRC - C:\Program Files\ASUS\Eee Manager\EeeManager.exe (ASUSTeK)
PRC - C:\Program Files\ASUS\Message Controller\AsMessageController.exe (ASUSTeK)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\SqliteShared\1.0.3524.15966__0d0f4b69e50e559b\SqliteShared.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\Program Files\ASUS\Asus WebStorage\EcaremeDLL.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsACPINotify.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsRemoteControlHooker.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\ImageMgr.dll ()
MOD - C:\Program Files\ASUS\Message Controller\AsKeyboardHooker.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\MessageParser\AsMultiLang.dll ()
MOD - C:\Program Files\ASUS\Eee Manager\AsMultiLang.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Guard.Mail.ru) --  File not found
SRV - (Dnscache) -- %SystemRoot%\System32\pouae2gyp.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe ()
SRV - (Update-Service) -- C:\Windows\System32\UpdSvc.dll (Joosoft.com GmbH)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (IdcSrv) -- C:\Program Files\IdeaCom\TSC\IdcSrv.exe (IdeaCom Technology Inc.)
SRV - (ETSCSERVICE) -- C:\Program Files\IdeaCom\TSC\ETSCSERVICE.exe (IdeaCom Technology Inc.)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (iwaozptt) --  File not found
DRV - (ivtpxjih) --  File not found
DRV - (islxmqgh) --  File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (cooonihv) --  File not found
DRV - (aqyj3d4q) --  File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvamacpi) -- C:\Windows\System32\drivers\nvamacpi.sys (NVIDIA Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (IdcFltr) -- C:\Windows\System32\drivers\idcfltr.sys (IdeaCom Technology Inc.)
DRV - (AmUStor) -- C:\Windows\System32\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (enecirhid) -- C:\Windows\System32\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV - (enecirhidma) -- C:\Windows\System32\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (s1029unic) -- C:\Windows\System32\drivers\s1029unic.sys (MCCI Corporation)
DRV - (s1029mdm) -- C:\Windows\System32\drivers\s1029mdm.sys (MCCI Corporation)
DRV - (s1029bus) -- C:\Windows\System32\drivers\s1029bus.sys (MCCI Corporation)
DRV - (s1029mdfl) -- C:\Windows\System32\drivers\s1029mdfl.sys (MCCI Corporation)
DRV - (s1029mgmt) -- C:\Windows\System32\drivers\s1029mgmt.sys (MCCI Corporation)
DRV - (s1029obex) -- C:\Windows\System32\drivers\s1029obex.sys (MCCI Corporation)
DRV - (s1029nd5) -- C:\Windows\System32\drivers\s1029nd5.sys (MCCI Corporation)
DRV - (ASInsHelp) -- C:\Windows\System32\drivers\AsInsHelp32.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\Downloads
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com/
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = hxxp://start.gamesagogo.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.startup.homepage: "hxxp://office-manager/Account/LogOn"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: D:\Program Files\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\15G22J0290K0EU2Y\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files\RelevantKnowledge\firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.20 23:21:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.12 08:43:15 | 000,000,000 | ---D | M]
 
[2012.08.28 19:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\mozilla\Extensions
[2012.12.28 09:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\mozilla\Firefox\Profiles\pz396p4t.default\extensions
[2012.12.10 18:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.12.10 18:04:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.02.20 23:21:56 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.18 21:02:20 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 11:27:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.18 21:02:20 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.18 21:02:20 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.18 21:02:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.18 21:02:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
[2012.12.22 17:18:38 | 000,000,786 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Yahooober14387457.xml
 
Hosts file not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\Toolbar\WebBrowser: (no name) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - No CLSID value found.
O3 - HKU\S-1-5-21-1998982368-3054312690-3844566786-1000\..\Toolbar\WebBrowser: (no name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PrivitizeVPN] C:\Program Files\PrivitizeVPN\PrivitizeVPN.exe (OOO Industry)
O4 - HKLM..\Run: [StartCal.exe] C:\Program Files\IdeaCom\TSC\StartCal.exe (IdeaCom Technology Inc.)
O4 - HKU\.DEFAULT..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKU\S-1-5-18..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\system32\UDDIjdlcn.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{577a8c28-8370-4d95-a804-69548d509e85}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{716FB368-5896-4B52-8AF2-C05A3D46DE1D}: DhcpNameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7862A30D-58BD-4301-9854-D68DEF14A18E}: DhcpNameServer = 10.1.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{d4817425-ae18-4a77-9d08-71acc98bd32c}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{f759e9d5-c984-4da0-b5a0-a2d9df02b1ff}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IdcNotify: DllName - (idcnotify.dll) - C:\Windows\System32\idcnotify.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1550962e-d83e-11e1-a9ca-0025d37d7501}\Shell - "" = AutoRun
O33 - MountPoints2\{1550962e-d83e-11e1-a9ca-0025d37d7501}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{28e63b4b-bb23-11e1-a36b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{28e63b4b-bb23-11e1-a36b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{698150b1-deaa-11df-971b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{698150b1-deaa-11df-971b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{698150b9-deaa-11df-971b-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{698150b9-deaa-11df-971b-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9cdf9d38-bcff-11e1-b74e-90e6ba5b36a3}\Shell - "" = AutoRun
O33 - MountPoints2\{9cdf9d38-bcff-11e1-b74e-90e6ba5b36a3}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.22 12:56:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe
[2013.02.20 12:40:44 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Malwarebytes
[2013.02.20 12:39:24 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Programs
[2013.02.17 14:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.17 14:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.02.15 16:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.02.15 16:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.02.15 13:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.13 15:47:39 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\Desktop\Scan
[2013.02.11 17:08:00 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\TuneUp Software
[2013.02.11 16:48:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.02.11 16:48:27 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Local\MFAData
[2013.02.11 16:48:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.02.11 16:48:27 | 000,000,000 | ---D | C] -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Avg2013
[2013.02.07 17:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.02.05 15:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.05.08 10:11:07 | 001,638,400 | ---- | C] (LIGHTNING UK!) -- C:\Users\15G22J0290K0EU2Y\AppData\Local\ImgBurn.exe
[2011.12.08 23:02:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.22 14:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.22 13:55:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.22 13:40:22 | 000,001,041 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\vso_ts_preview.xml
[2013.02.22 12:57:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\15G22J0290K0EU2Y\Desktop\OTL.exe
[2013.02.22 12:07:05 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1998982368-3054312690-3844566786-1000UA.job
[2013.02.22 10:49:11 | 000,039,424 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\Kea New Zealand -  Karlen  36985161 Booking Cancelled.msg
[2013.02.22 09:11:53 | 000,018,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 09:11:53 | 000,018,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.22 09:07:01 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1998982368-3054312690-3844566786-1000Core.job
[2013.02.22 09:06:54 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013.02.22 09:06:18 | 000,000,431 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013.02.22 09:06:05 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.22 09:05:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.22 09:05:39 | 1408,638,976 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.21 15:41:02 | 004,381,412 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\Samsung 3d Fernseher.pdf
[2013.02.21 08:12:06 | 000,409,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.18 18:24:56 | 000,033,792 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\Türkman.msg
[2013.02.18 15:34:10 | 000,616,498 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.18 15:34:10 | 000,580,736 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.18 15:34:10 | 000,122,242 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.18 15:34:10 | 000,098,632 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.17 14:09:51 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.16 20:45:08 | 000,327,680 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.02.16 02:30:31 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.11 16:41:42 | 000,007,625 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Resmon.ResmonCfg
[2013.02.09 20:56:03 | 000,084,992 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\20% Off Easy Change.msg
[2013.02.09 18:57:42 | 000,555,429 | ---- | M] () -- C:\Users\15G22J0290K0EU2Y\Desktop\QuoteDetail6BerthSTPremierUnitedCampervansNZ1302093898STW.pdf
[2013.01.30 16:53:03 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.22 10:49:10 | 000,039,424 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\Kea New Zealand -  Karlen  36985161 Booking Cancelled.msg
[2013.02.21 15:40:58 | 004,381,412 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\Samsung 3d Fernseher.pdf
[2013.02.21 08:11:45 | 000,409,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.18 18:24:54 | 000,033,792 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\Türkman.msg
[2013.02.11 16:41:42 | 000,007,625 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\Resmon.ResmonCfg
[2013.02.09 20:56:02 | 000,084,992 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\20% Off Easy Change.msg
[2013.02.09 18:57:42 | 000,555,429 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\Desktop\QuoteDetail6BerthSTPremierUnitedCampervansNZ1302093898STW.pdf
[2012.12.07 21:19:13 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012.12.07 21:19:12 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012.12.07 21:19:11 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012.12.07 21:19:10 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012.12.07 21:19:10 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012.10.27 18:13:50 | 000,003,584 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.27 15:17:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012.07.02 22:59:09 | 000,283,097 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.07.02 19:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.06.16 15:52:46 | 000,000,130 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\default.rss
[2012.06.09 18:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012.06.08 00:59:27 | 000,002,272 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2012.06.08 00:54:38 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012.05.30 10:52:20 | 004,305,920 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2012.05.21 17:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\System32\mlc.dll
[2012.02.22 12:05:36 | 015,495,729 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\SMRBackup250.dat
[2011.12.08 23:02:17 | 000,087,608 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\inst.exe
[2011.12.08 23:02:17 | 000,007,887 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.cat
[2011.12.08 23:02:17 | 000,001,144 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\pcouffin.inf
[2011.12.08 22:20:53 | 000,001,041 | ---- | C] () -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\vso_ts_preview.xml
[2011.12.08 20:25:00 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.12.08 17:03:53 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011.12.07 22:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.08.28 19:37:12 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Asus WebStorage
[2013.01.12 23:11:05 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\DAEMON Tools Lite
[2012.07.03 17:59:26 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\DVDVideoSoft
[2012.07.03 17:44:29 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.07 13:25:37 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\elsterformular
[2012.12.21 09:12:47 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\ImgBurn
[2012.12.22 17:18:39 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Oberon Media
[2011.11.28 21:18:31 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\PhotoFiltre
[2012.06.20 23:07:33 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Sony
[2012.06.20 23:08:20 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Sony Setup
[2012.06.08 00:59:47 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\systweak
[2013.02.03 14:32:52 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\TeamViewer
[2013.02.11 17:08:00 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\TuneUp Software
[2012.07.06 08:44:00 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Uniblue
[2012.12.22 17:18:32 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\VisicomToolBar
[2013.02.22 13:40:21 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Vso
[2012.07.05 21:42:20 | 000,000,000 | ---D | M] -- C:\Users\15G22J0290K0EU2Y\AppData\Roaming\Win7codecs
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 7
"ProviderFileName0" = unimdm.tsp -- [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 5
"ProviderID4" = 6
"ProviderFilename4" = MICBx19zz.tsp
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters >
"ServiceDll" = %SystemRoot%\System32\pouae2gyp.dll
"ServiceDllUnloadOnStop" = 1
"extension" = %SystemRoot%\System32\dnsext.dll -- [2009.07.14 02:15:12 | 000,006,656 | ---- | M] (Microsoft Corporation)
"CacheHashTableBucketSize" = 1
"CacheHashTableSize" = 180
"MaxCacheEntryTtlLimit" = 65280
"MaxSOACacheEntryTtlLimit" = 301
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"OtherDomains" =  [binary data]
"RequireSecuritySignature" = 0
"ServiceMain" = SetAccessPolicy
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache]
 
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"RPCSS" = RpcEptMapperRpcSs [binary data]
"defragsvc" = defragsvc [binary data] -- [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation)
"LocalSystemNetworkRestricted" = UxSmsWdiSystemHostNetmantrkwks [Binary data over 200 bytes]
"LocalService" = nsiWdiServiceHostw32timeEventSy [Binary data over 200 bytes]
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"WerSvcGroup" = wersvc [binary data] -- [2009.07.14 02:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation)
"LocalServiceNoNetwork" = DPSPLABFEmpssvcWwanSvc [binary data]
"termsvcs" = TermService [binary data]
"swprv" = swprv [binary data] -- [2009.07.14 02:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation)
"LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvBthHFSrvLm [Binary data over 200 bytes]
"LocalServicePeerNet" = PNRPSvcp2pimsvcp2psvcPnrpAutoReg [binary data]
"NetworkServiceAndNoImpersonation" = KtmRm [binary data]
"regsvc" = RemoteRegistry [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSFont [Binary data over 200 bytes]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkServiceNetworkRestricted" = PolicyAgent [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"sdrsvc" = sdrsvc [binary data] -- [2010.11.20 13:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation)
"WbioSvcGroup" = WbioSrvc [binary data] -- [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation)
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 02:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"AxInstSVGroup" = AxInstSV [binary data] -- [2010.11.20 13:18:06 | 000,088,064 | ---- | M] (Microsoft Corporation)
"secsvcs" = WinDefend [binary data]
"bthsvcs" = bthserv [binary data] -- [2009.07.14 02:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation)
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"Update-Service" = Update-Service [binary data]
"GPSvcGroup" = GPSvc [binary data] -- [2010.11.20 13:19:09 | 000,593,408 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\AxInstSVGroup]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\defragsvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\GPSvcGroup]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com\UpdateClient]
 
< %SystemRoot%\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< C:\Windows\system32\*.dll /360 >
[2012.08.23 12:15:57 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aaclient.dll
[2012.03.08 10:47:00 | 000,176,736 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\system32\AERTACap.dll
[2012.03.08 10:47:34 | 000,095,840 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\system32\AERTARen.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 05:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 03:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 03:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 03:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2012.11.30 03:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2012.07.04 22:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.07.04 22:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browser.dll
[2012.12.04 01:12:16 | 001,534,464 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\BrWia09b.dll
[2012.06.06 06:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll
[2012.06.02 05:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2012.06.02 05:36:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2012.06.02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2012.08.02 17:57:20 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll
[2012.12.10 16:07:27 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll
[2012.10.09 18:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcore6.dll
[2012.10.09 18:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcsvc6.dll
[2012.11.02 06:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2012.03.03 06:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2012.07.02 19:28:06 | 000,112,640 | ---- | M] () -- C:\Windows\system32\ff_vfw.dll
[2012.04.10 13:40:00 | 002,193,472 | ---- | M] (Fortemedia Corporation) -- C:\Windows\system32\FMAPO.dll
[2012.12.07 13:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gameux.dll
[2013.01.08 23:09:18 | 009,738,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2013.01.08 22:56:51 | 001,796,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2013.01.08 22:53:13 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2012.03.01 06:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2012.10.03 17:40:35 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iphlpsvc.dll
[2012.06.25 15:12:07 | 000,744,960 | ---- | M] (Intel Corporation) -- C:\Windows\system32\IR41_32.DLL
[2013.01.08 22:58:43 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2013.01.08 23:11:21 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2013.01.08 23:00:14 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.08.11 00:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll
[2012.11.30 05:47:44 | 000,868,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2012.11.30 05:47:45 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
[2012.05.14 05:33:42 | 000,769,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\localspl.dll
[2012.08.24 17:56:48 | 001,039,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lsasrv.dll
[2012.04.03 17:41:58 | 000,709,976 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\system32\MaxxAudioAPOShell.dll
[2012.04.03 17:41:54 | 001,185,112 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\system32\MaxxAudioRealtek2.dll
[2012.05.21 17:28:58 | 000,155,648 | ---- | M] () -- C:\Windows\system32\mlc.dll
[2013.01.08 22:57:49 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2013.01.08 23:23:25 | 012,321,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2013.01.08 22:56:37 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2012.04.07 12:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll
[2012.08.23 14:47:20 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MsRdpWebAccess.dll
[2012.08.23 09:19:01 | 004,916,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll
[2012.06.06 06:05:52 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.11.01 05:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2012.11.20 05:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.10.03 17:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncsi.dll
[2012.07.04 22:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012.10.03 17:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netcorehc.dll
[2012.10.03 17:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netevent.dll
[2012.06.22 15:32:30 | 000,405,144 | ---- | M] (Newtonsoft) -- C:\Windows\system32\Newtonsoft.Json.Net20.dll
[2012.10.03 17:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlaapi.dll
[2012.10.03 17:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlasvc.dll
[2012.12.10 16:07:27 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npDeployJava1.dll
[2012.10.10 20:14:44 | 002,428,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvapi.dll
[2012.10.10 20:14:46 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcompiler.dll
[2012.10.02 20:28:53 | 003,965,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcpl.dll
[2012.10.10 20:14:42 | 007,697,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuda.dll
[2012.10.10 20:15:04 | 001,867,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvenc.dll
[2012.10.10 20:15:00 | 002,574,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvid.dll
[2012.10.10 20:14:16 | 015,309,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvd3dum.dll
[2012.10.10 20:14:22 | 001,009,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvdispco32.dll
[2012.10.10 20:14:50 | 000,888,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvdispgenco32.dll
[2012.03.01 00:59:00 | 000,881,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvgenco32.dll
[2012.10.02 20:29:41 | 000,108,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvmctray.dll
[2012.10.10 20:14:22 | 019,906,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvoglv32.dll
[2012.10.10 20:14:16 | 006,127,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvopencl.dll
[2012.10.02 20:29:41 | 000,062,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvshext.dll
[2012.10.02 20:29:22 | 002,853,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvsvc.dll
[2012.10.02 20:29:41 | 002,557,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvsvcr.dll
[2012.10.10 20:14:50 | 012,501,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvwgf2um.dll
[2012.03.01 00:59:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\system32\OpenCL.dll
[2012.05.01 05:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\profsvc.dll
[2012.05.04 10:59:54 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll
[2012.04.26 05:45:54 | 000,129,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcorekmts.dll
[2012.08.23 11:08:49 | 002,739,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcorets.dll
[2012.08.23 12:12:17 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpendp_winip.dll
[2012.08.23 14:52:25 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\RdpGroupPolicyExtension.dll
[2012.08.23 15:48:14 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpudd.dll
[2012.04.26 05:45:55 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpwsx.dll
[2012.05.09 14:57:36 | 003,166,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\RtkAPO.dll
[2012.05.29 15:34:44 | 000,637,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\RtkApoApi.dll
[2012.05.31 17:08:16 | 000,087,696 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\RtkCoInstII.dll
[2012.05.09 14:57:36 | 002,415,720 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\RtkPgExt.dll
[2012.08.24 17:57:40 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2012.05.05 08:46:52 | 000,400,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srcore.dll
[2012.09.25 23:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll
[2012.08.23 14:18:14 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll
[2012.08.23 14:32:59 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TsUsbGDCoInstaller.dll
[2012.08.23 15:10:04 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
[2012.11.09 05:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2012.06.09 18:21:56 | 000,178,688 | ---- | M] () -- C:\Windows\system32\unrar.dll
[2013.01.08 23:01:48 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2013.01.08 23:03:57 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2012.11.22 05:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll
[2013.01.08 22:58:29 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2012.06.22 22:28:30 | 001,282,048 | ---- | M] (xy-VSFilter Team) -- C:\Windows\system32\VSFilter.dll
[2012.07.26 03:46:47 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wdfres.dll
[2012.11.09 05:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2013.01.08 23:03:20 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2013.01.04 05:50:52 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winsrv.dll
[2012.08.24 17:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2012.08.23 14:46:20 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wksprtPS.dll
[2012.03.01 06:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll
[2012.12.07 13:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wpc.dll
[2012.06.02 23:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll
[2012.06.02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuaueng.dll
[2012.06.02 23:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wucltux.dll
[2012.07.26 04:20:40 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFCoinstaller.dll
[2012.07.26 04:20:40 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFPlatform.dll
[2012.07.26 04:20:40 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFSvc.dll
[2012.07.26 04:20:40 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFx.dll
[2012.06.02 23:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wudriver.dll
[2012.06.02 23:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll
[2012.06.02 23:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups2.dll
[2012.06.02 14:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuwebv.dll
[2012.05.30 10:52:20 | 004,305,920 | ---- | M] () -- C:\Windows\system32\x264vfw.dll
[2009.07.14 05:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.01.25 17:20:32 | 000,001,114 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.01.25 17:20:34 | 000,001,118 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.04.02 09:33:05 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.06.07 14:44:12 | 000,000,266 | ---- | C] () -- C:\Windows\Tasks\AutoKMS.job
[2012.07.30 08:02:36 | 000,000,950 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1998982368-3054312690-3844566786-1000Core.job
[2012.07.30 08:02:37 | 000,000,972 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1998982368-3054312690-3844566786-1000UA.job
 
< C:\Windows\SysNative\*.dll /360 >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
Ist das jetzt richtig.

cosinus 22.02.2013 21:43
Sagmal aus welcher Quelle stammt eigentlich dein Office 2010? Wer hat das installiert?

karlshagen 22.02.2013 23:23
Keine Ahnung. Das war schon drauf als ich den PC gebraucht gekauft habe. Warum?

cosinus 22.02.2013 23:42
Deswegen:

Zitat:
[2013.02.22 09:06:54 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
autoKMS weist auf eine gecrackte Office-2010-Installation hin, die ist mir leider jetzt erst aufgefallen

Wie wurde der Rechner gebraucht gekauft?
Mit Windows- und Office-Lizenz? Hast du die teuer zusätzlich bezahlt?

karlshagen 23.02.2013 10:23
Also ich hab mal nachgeschaut. Die Windows CD war dabei aber nix von Office.

Ist das jetzt die Ursache für meine Probleme?

cosinus 24.02.2013 21:06
Zitat:
Ist das jetzt die Ursache für meine Probleme?
Problem dabei ist, dass wir die Verwendung von gecrackter Software nicht supporten


Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:04 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131