Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   bprotector for Windows gefunden...Wie richtig entfernen? (https://www.trojaner-board.de/132065-bprotector-for-windows-gefunden-richtig-entfernen.html)

MysteriusGen 11.03.2013 10:57
bprotector for Windows gefunden...Wie richtig entfernen?
 
Hallo liebes Trojaner-Board Team.
Ich habe heute von einer bekannten einen Laptop bekommen um mal zu schauen was da los ist.
Der Laptop ist sehr langsam und nach ein wenig suchen habe ich dann gesehen das sich ein programm installiert hat namens bProtector for Windows.
Nach ein wenig googeln hab ich herausgefunden das es schadsoftware ist.
Habe auch hier im Board schon gelesen das man es entfernen kann, nur leider braucht es ein wenig arbeit und tools. Kann mir denn jemand helfen dabei?
Ich habe mir AdeCleaner geholt aber noch nicht ausgeführt da ich gerne auf eine Antwort hier im Board warte was ich denn wie genau machen soll.
Ich hoffe auf eure Hilfe.Danke schon mal im Voraus.
Mit freundlichen Grüßen
MysteriusGen

cosinus 11.03.2013 11:57
Hallo und :hallo:

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

MysteriusGen 11.03.2013 14:23
Erst mal vielen dank für die schnelle Hilfe.
Ich kann leider erst Morgen den Laptop weiter überprüfen.
Aber sobald ich otl durchhabe und die logs werde ich das sofort hier posten.
Nochmal danke bis Morgen...

cosinus 11.03.2013 14:29
Ok, aber eine Bitte: lass solche Zwischenrufe, poste nur wenn es Probleme gibt oder wenn du die Logs hast (diese dann auch posten in CODE-Tags)

MysteriusGen 12.03.2013 08:36
Hier die beiden Logs:

<script type="text/javascript">
<!--
alert("OTL Logfile:

Code:
OTL logfile created on: 12.03.2013 08:23:31 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Stina\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,92 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 73,43% Memory free
5,83 Gb Paging File | 4,82 Gb Available in Paging File | 82,65% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,85 Gb Total Space | 20,38 Gb Free Space | 37,84% Space Free | Partition Type: NTFS
Drive D: | 644,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 3,73 Gb Total Space | 3,23 Gb Free Space | 86,76% Space Free | Partition Type: FAT32
Drive G: | 238,28 Gb Total Space | 212,52 Gb Free Space | 89,19% Space Free | Partition Type: NTFS
Drive Z: | 5,86 Gb Total Space | 5,80 Gb Free Space | 99,03% Space Free | Partition Type: NTFS
 
Computer Name: STINA-PC | User Name: Stina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Stina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\Ask.com\AbineSDK\IE\DNTPService.exe (Abine Inc.)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Windows\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Programme\Lenovo\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Ask.com\AbineSDK\IE\DNTPButton.dll ()
MOD - C:\Windows\System32\IccLibDll.dll ()
MOD - C:\Programme\Lenovo\Energy Management\KbdHook.dll ()
MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll ()
MOD - C:\Programme\System\WinRAR\RarExt.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Programme\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (MSSQLServerADHelper100) -- C:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLAgent$SQLEXPRESS) -- C:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.)
DRV - (vmci) -- C:\Windows\System32\drivers\vmci.sys (VMware, Inc.)
DRV - (cjusb) -- C:\Windows\System32\drivers\cjusb.sys (REINER SCT)
DRV - (clwvd) -- C:\Windows\System32\drivers\clwvd.sys (CyberLink Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (FPSensor) -- C:\Windows\System32\drivers\FPSensor.sys (Egis Technology Inc.)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV - (MEI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (RSUSBVSTOR) -- C:\Windows\System32\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV - (LHDmgr) -- C:\Windows\System32\drivers\LhdX86.sys (Lenovo.)
DRV - (VSPerfDrv100) -- G:\Programme\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0DzzyC0C0A0C0DyCtDyEtN0D0Tzu0CtAtCyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1225978215
IE - HKLM\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Programme\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0DzzyC0C0A0C0DyCtDyEtN0D0Tzu0CtAtCyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1225978215
IE - HKLM\..\SearchScopes\{13CFF033-710C-B657-0D85-7AF4F2081FC3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED 6C C3 8A 35 BE CD 01  [binary data]
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Programme\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0DzzyC0C0A0C0DyCtDyEtN0D0Tzu0CtAtCyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1225978215
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\SearchScopes\{13CFF033-710C-B657-0D85-7AF4F2081FC3}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=4512_2&babsrc=SP_clro&mntrId=5e41d6040000000000009cb70d46afb7
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\SearchScopes\{396629D1-3698-4F0C-A751-084FAAD550CA}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=01700707-15fe-4467-a394-df2b49472b27&apn_sauid=16B8A508-D497-4BD7-BA0E-DFC711B3E201
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\SearchScopes\{6BB12CE0-99F2-4E1B-90B1-EE8B434BE9B9}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
IE - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE"
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.18.37268
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.11 08:39:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.11 08:39:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.11.19 19:34:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stina\AppData\Roaming\mozilla\Extensions
[2013.02.12 17:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stina\AppData\Roaming\mozilla\Firefox\Profiles\jqm8jeti.default\Extensions
[2013.03.10 20:17:44 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Stina\AppData\Roaming\mozilla\Firefox\Profiles\jqm8jeti.default\Extensions\toolbar@ask.com
[2013.02.19 19:07:05 | 000,002,413 | ---- | M] () -- C:\Users\Stina\AppData\Roaming\mozilla\firefox\profiles\jqm8jeti.default\searchplugins\askcom.xml
[2012.11.19 19:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.03.11 08:39:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.11 08:39:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.11 08:39:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.11 08:39:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.11 08:39:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.11 08:39:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.11 08:39:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
CHR - Extension: No name found = C:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.13.0\
CHR - Extension: No name found = C:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.0.1_0\
CHR - Extension: No name found = C:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\5.1_0\
CHR - Extension: No name found = C:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (WiseConvert 1.3 Toolbar) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Programme\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Microsoft-Webtestaufzeichnung 10.0-Hilfsprogramm) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - G:\Programme\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (WiseConvert 1.3 Toolbar) - {213c8ed6-1d78-4d8f-8729-25006aa86a76} - C:\Programme\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\Toolbar\WebBrowser: (WiseConvert 1.3 Toolbar) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - C:\Programme\WiseConvert_1.3\prxtbWise.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2380933962-3331389925-1504841794-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23F3FB21-7B03-4D95-910C-ECF47CF5EA4E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B563B082-C935-4864-AF7F-B87E36D541F6}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [1999.10.01 13:47:28 | 000,024,064 | R--- | M] (D) - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2002.08.27 21:37:48 | 000,000,052 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2005.02.19 03:37:44 | 000,000,171 | R--- | M] () - D:\AUTORUN.INI -- [ CDFS ]
O33 - MountPoints2\{4d81e83f-1912-11e2-8a56-b579936d9be9}\Shell - "" = AutoRun
O33 - MountPoints2\{4d81e83f-1912-11e2-8a56-b579936d9be9}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{4d81e83f-1912-11e2-8a56-b579936d9be9}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{4d81e83f-1912-11e2-8a56-b579936d9be9}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{a97c1c8e-190e-11e2-87ce-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a97c1c8e-190e-11e2-87ce-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- [1999.10.01 13:47:28 | 000,024,064 | R--- | M] (D)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.12 08:08:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stina\Desktop\OTL.exe
[2013.03.11 11:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013.03.11 11:37:32 | 000,000,000 | ---D | C] -- C:\Users\Stina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2013.03.11 11:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2013.03.11 11:36:21 | 085,525,104 | ---- | C] (Sophos Limited) -- C:\Users\Stina\Desktop\Sophos Virus Removal Tool.exe
[2013.03.11 08:59:20 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.11 08:59:20 | 000,071,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.03 10:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Terzio
[2013.03.02 17:44:59 | 000,086,016 | ---- | C] (MindVision) -- C:\Windows\unvise32qt.exe
[2013.03.02 17:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.03.02 17:42:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2013.03.02 17:42:47 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013.03.02 17:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime
[2013.03.02 17:40:58 | 000,000,000 | ---D | C] -- C:\Users\Stina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Terzio
[2013.03.02 17:40:44 | 000,000,000 | ---D | C] -- C:\Terzio
[2013.02.12 20:10:43 | 000,028,144 | ---- | C] (REINER SCT) -- C:\Windows\System32\drivers\cjusb.sys
[2013.02.12 20:10:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2013.02.12 19:55:54 | 000,000,000 | ---D | C] -- C:\Users\Stina\AppData\Local\DoNotTrackPlus
[2013.02.12 19:55:43 | 000,000,000 | ---D | C] -- C:\Users\Stina\AppData\Local\AskToolbar
[2013.02.12 19:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013.02.12 17:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects
[2013.02.12 17:52:30 | 000,000,000 | ---D | C] -- C:\Users\Stina\AppData\Roaming\Avira
[2013.02.12 17:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.02.12 17:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2013.02.12 17:48:31 | 000,000,000 | ---D | C] -- C:\Users\Stina\AppData\Local\APN
[2013.02.12 17:48:11 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.02.12 17:48:11 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.02.12 17:48:11 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.02.12 17:48:11 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.02.12 17:48:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.02.12 17:48:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.02.12 15:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.12 08:23:22 | 000,764,584 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.12 08:23:22 | 000,719,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.12 08:23:22 | 000,173,464 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.12 08:23:22 | 000,146,410 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.12 08:18:15 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.12 08:18:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.12 08:08:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stina\Desktop\OTL.exe
[2013.03.11 16:50:35 | 000,023,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 16:50:35 | 000,023,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.11 16:42:50 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.11 16:42:36 | 2349,969,408 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.11 11:41:24 | 085,525,104 | ---- | M] (Sophos Limited) -- C:\Users\Stina\Desktop\Sophos Virus Removal Tool.exe
[2013.03.11 11:37:32 | 000,003,193 | ---- | M] () -- C:\Users\Stina\Desktop\Sophos Virus Removal Tool.lnk
[2013.03.11 11:26:08 | 000,000,016 | ---- | M] () -- C:\Windows\hbcikrnl.ini
[2013.03.11 10:22:34 | 000,597,667 | ---- | M] () -- C:\Users\Stina\Desktop\adwcleaner.exe
[2013.03.11 08:59:20 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.11 08:59:20 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.06 10:49:18 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.03.02 17:45:05 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2013.03.02 17:45:05 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2013.02.21 16:05:32 | 000,410,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.12 17:49:04 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.02.12 17:46:51 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.02.12 17:46:51 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.02.12 17:46:49 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.02.12 17:46:48 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2013.03.11 11:37:32 | 000,003,193 | ---- | C] () -- C:\Users\Stina\Desktop\Sophos Virus Removal Tool.lnk
[2013.03.11 10:39:05 | 000,597,667 | ---- | C] () -- C:\Users\Stina\Desktop\adwcleaner.exe
[2013.03.02 17:43:01 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2013.03.02 17:43:01 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2013.02.12 20:10:42 | 000,000,016 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2013.02.12 17:49:04 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.11.10 21:24:25 | 000,290,500 | ---- | C] () -- C:\Users\Stina\AppData\Local\funmoods-speeddial_sf.crx
[2012.11.10 21:24:22 | 000,031,465 | ---- | C] () -- C:\Users\Stina\AppData\Local\funmoods.crx
[2012.11.07 11:57:24 | 000,696,277 | ---- | C] () -- C:\Users\Stina\AppData\Roaming\unins000.exe
[2012.11.07 11:57:24 | 000,001,281 | ---- | C] () -- C:\Users\Stina\AppData\Roaming\unins000.dat
[2012.11.07 11:46:30 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll
[2012.11.07 11:40:25 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.03.25 18:10:20 | 000,216,876 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin
[2011.03.25 18:10:20 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin
[2011.03.25 18:10:18 | 000,963,116 | ---- | C] () -- C:\Windows\System32\igkrng600.bin
[2011.03.25 17:33:50 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.03.25 17:31:52 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.03.25 17:28:22 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.20 22:29:11 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 12.03.2013 08:23:31 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Stina\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,92 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 73,43% Memory free
5,83 Gb Paging File | 4,82 Gb Available in Paging File | 82,65% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,85 Gb Total Space | 20,38 Gb Free Space | 37,84% Space Free | Partition Type: NTFS
Drive D: | 644,04 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 3,73 Gb Total Space | 3,23 Gb Free Space | 86,76% Space Free | Partition Type: FAT32
Drive G: | 238,28 Gb Total Space | 212,52 Gb Free Space | 89,19% Space Free | Partition Type: NTFS
Drive Z: | 5,86 Gb Total Space | 5,80 Gb Free Space | 99,03% Space Free | Partition Type: NTFS
 
Computer Name: STINA-PC | User Name: Stina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-2380933962-3331389925-1504841794-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1997866E-6069-4C9C-B36A-25DC99451220}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C5B05B1-087C-408C-9995-221B27C98FCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2F09198D-E562-43FC-B470-16659FE91CCF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32F32D05-B790-4F3A-8274-EBA496ABE30C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3CBA034D-9060-4387-8C44-F48FC53F31F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{43349806-00AA-49E7-9DD4-DE94F89847CC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C71CB5F-9C7F-4817-905F-67C6DB627DD5}" = rport=138 | protocol=17 | dir=out | app=system |
"{5062FE8D-42E2-4767-B1A3-968A1A39B0FF}" = rport=445 | protocol=6 | dir=out | app=system |
"{584BA078-978D-4FA4-81B9-D67A52FE2620}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{667CF1AB-2AA3-492E-9979-46B2183A3ACB}" = lport=445 | protocol=6 | dir=in | app=system |
"{73972B69-2C52-440C-BD23-3C50C79538E6}" = rport=139 | protocol=6 | dir=out | app=system |
"{7F424DA0-1113-402B-A48E-C3027E60B554}" = lport=139 | protocol=6 | dir=in | app=system |
"{82E7EA54-BC78-4BBC-9020-05F9B9769621}" = lport=10243 | protocol=6 | dir=in | app=system |
"{83E37AC2-6CA8-46AE-8A47-B6AD37A4D2B2}" = rport=137 | protocol=17 | dir=out | app=system |
"{922293C4-936F-45D0-B9A4-F4B205BA555F}" = lport=137 | protocol=17 | dir=in | app=system |
"{A1D5132A-EF5F-434E-AB6D-258A3E9D5026}" = lport=138 | protocol=17 | dir=in | app=system |
"{A75EC814-77F1-4B33-BD9F-C3AE55C06E28}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{AC01CA5E-9400-448E-9E63-28D1075EA0B8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BC8A2F95-4F55-47CC-BC07-FFA4B7479503}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DE17EEA5-90A0-4FA6-81CA-BF1D7AB66FB9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F80CD9B5-B4D2-43B2-ACD6-F2B4369E9C56}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F8CC1CA5-2FDD-40BF-9249-4BA636FD7A6F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{128A7B3C-7E82-40C9-A5D8-624FE7F84BEB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2D7F4DE1-3F13-49CB-B194-B5E76273DAFA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{37CB4781-BD92-4A44-B718-335D34EFA441}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3BF4A21F-06C2-4F6F-8222-2944CB089F23}" = protocol=6 | dir=out | app=system |
"{45F85202-3157-437A-B77E-F72B52F0ABC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47A8A959-A213-4720-8843-E9742322123A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{58928560-FEC7-4E79-8A4A-66E263E195EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65B782CB-3307-4FF4-A270-8D7B6EDFC2FB}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{6780CB14-E884-49E1-92B0-D7D145F28300}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{84ED4427-B24B-4E55-91EE-AAAD73F22C41}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{96E521AD-5D72-4F5A-B603-9C30F58821B0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9778AA56-5AB6-4C27-9B1C-4C8A2D96EFDC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97B66885-3C48-4F7A-9F8E-B006F0AB59FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9B692EF9-A542-47AA-809E-FC8B271BF7FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A789C5EB-8571-44C9-BC56-484751FCB8D1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BB52B184-CB4A-4C6D-A226-8AEFAAA8DBDE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C4C3776B-E063-45D9-B19A-B6C2F46D7B89}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D328F6C8-B2D6-4147-8EC8-1A33AE6D58D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA66997C-245E-49A2-A0E3-47A5C48BD171}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E59BD98A-DC19-49E2-B6E4-3BC5A2172BFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E60D6159-BA94-4060-B9CD-2D9D4946F050}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EFC30984-EC29-4C7F-A5EE-2C69FF2F53CF}" = dir=in | app=c:\program files\vmware\vmware player\vmware-authd.exe |
"{F4B5CAF6-6BC2-4E97-8258-ADBFF4B2A0DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{6D9386B5-F32C-415D-9E54-8AECD3F708CC}G:\programme\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=g:\programme\xampp\mysql\bin\mysqld.exe |
"TCP Query User{B58DB663-2D9B-41A0-A0B6-BCCE9AF6A8A1}G:\programme\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=g:\programme\xampp\mysql\bin\mysqld.exe |
"UDP Query User{53709AD8-FA7B-4BDC-A7A8-AA7D10D0E1C8}G:\programme\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=g:\programme\xampp\mysql\bin\mysqld.exe |
"UDP Query User{93AA2431-3C1A-4AA6-BAF0-C1DE24435A19}G:\programme\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=g:\programme\xampp\mysql\bin\mysqld.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1570DE88-A78A-37FD-8A05-92620D160CCA}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - DEU
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{38C9BDE0-59DB-4DE0-B4C9-AB2A6258108C}" = Löwenzahn 1
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D339202-76E6-4815-89D0-B59A8654B812}" = Loewenzahn 2
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC04B19-F01D-49E2-B5E3-4025B7A4B07A}" = StarMoney
"{8EAA9D70-C912-3708-92DD-0CCC26F386E1}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9757062A-CF62-47C3-B649-C91BBB8CA9DE}" = VmciSockets
"{993B26A3-3BA8-4EA5-9099-E96C1BF236AF}" = StarMoney
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = ES603 WDM Driver
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1" = UBitMenuDE
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de
"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de
"{DBE8431C-CF9A-38C3-B42D-28B6FCE1EA3B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HeidiSQL_is1" = HeidiSQL 7.0.0.4053
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = EgisTec ES603 WDM Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"QuickTime" = QuickTime
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VMware_Player" = VMware Player
"WinRAR archiver" = WinRAR Archivierer
"WiseConvert_1.3 Toolbar" = WiseConvert 1.3 Toolbar
"xampp" = XAMPP 1.7.4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2380933962-3331389925-1504841794-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.03.2013 05:11:50 | Computer Name = Stina-PC | Source = MsiInstaller | ID = 11609
Description =
 
Error - 10.03.2013 12:48:36 | Computer Name = Stina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
 Zeitstempel: 0x503723f6  Name des fehlerhaften Moduls: YontooIEClient.dll, Version:
 1.10.1.0, Zeitstempel: 0x508737fe  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00008fff
ID
 des fehlerhaften Prozesses: 0x1ef0  Startzeit der fehlerhaften Anwendung: 0x01ce1b5e359182aa
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\Yontoo\YontooIEClient.dll  Berichtskennung:
 59d14e16-89a2-11e2-8a9d-005056c00008
 
Error - 10.03.2013 12:59:02 | Computer Name = Stina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
 Zeitstempel: 0x503723f6  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00056bf4  ID des fehlerhaften
 Prozesses: 0x1204  Startzeit der fehlerhaften Anwendung: 0x01ce1502fcb62e64  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: ce94841d-89a3-11e2-8a9d-005056c00008
 
Error - 10.03.2013 13:24:12 | Computer Name = Stina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
 Zeitstempel: 0x503723f6  Name des fehlerhaften Moduls: AcroPDF.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x50d0b8e1  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6689f747
ID
 des fehlerhaften Prozesses: 0x278c  Startzeit der fehlerhaften Anwendung: 0x01ce1db3c7d612da
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: AcroPDF.dll  Berichtskennung: 52bddbb2-89a7-11e2-8a9d-005056c00008
 
Error - 10.03.2013 13:47:19 | Computer Name = Stina-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10.03.2013 15:17:26 | Computer Name = Stina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16450,
 Zeitstempel: 0x503723f6  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e2111c0  Ausnahmecode: 0xe06d7363  Fehleroffset: 0x0000d36f  ID des fehlerhaften
 Prozesses: 0x1384  Startzeit der fehlerhaften Anwendung: 0x01ce1dc3e5d43c52  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 2452404a-89b7-11e2-88c7-9e87dd9f6a74
 
Error - 10.03.2013 17:42:44 | Computer Name = Stina-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.03.2013 02:20:15 | Computer Name = Stina-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.03.2013 06:30:19 | Computer Name = Stina-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.03.2013 11:44:31 | Computer Name = Stina-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 11.03.2013 05:37:28 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.
 
Error - 11.03.2013 05:37:28 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR5 gefunden.
 
Error - 11.03.2013 06:36:04 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 11.03.2013 06:36:05 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 11.03.2013 06:36:05 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 11.03.2013 06:36:06 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 12.03.2013 03:22:07 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.03.2013 03:22:08 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.03.2013 03:22:08 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.03.2013 03:22:09 | Computer Name = Stina-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >
--- --- ---
!");
//-->
</script>

cosinus 12.03.2013 16:54
Zitat:
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

MysteriusGen 12.03.2013 18:11
Das ist ein Uni Rechner.Meine Bekannte hat diesen Laptop so gekauft. Warum auch immer.

Das ist ein Uni Laptop. Sie hat sich den so kaufen lassen. Warum auch immer.
Grüße MysteriusGenius

cosinus 12.03.2013 23:14
Ok, danke für die Erklärung :daumenhoc

Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

MysteriusGen 13.03.2013 09:28
Hier die Gmer.txt

<script type="text/javascript">
<!--
alert("GMER Logfile:
Code:
GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-13 08:51:07
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BPVT-24JJ5T0 rev.01.01A01 298,09GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\Stina\AppData\Local\Temp\ugloypog.sys


---- System - GMER 2.1 ----

SSDT            92E58076                                                                  ZwCreateSection
SSDT            92E58080                                                                  ZwRequestWaitReplyPort
SSDT            92E5807B                                                                  ZwSetContextThread
SSDT            92E58085                                                                  ZwSetSecurityObject
SSDT            92E5808A                                                                  ZwSystemDebugControl
SSDT            92E58017                                                                  ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                  82C8EA49 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                    82CC84D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                      82CCF62C 4 Bytes  [76, 80, E5, 92] {JBE 0xffffff82; IN EAX, 0x92}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1553                                      82CCF988 4 Bytes  [80, 80, E5, 92]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1597                                      82CCF9CC 4 Bytes  [7B, 80, E5, 92] {JNP 0xffffff82; IN EAX, 0x92}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1613                                      82CCFA48 2 Bytes  [85, 80]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1616                                      82CCFA4B 1 Byte  [92]
.text          ...                                                                     

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                  VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                  Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                  VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                  Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\usbehci \Device\USBPDO-0                                          hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbehci \Device\USBPDO-1                                          hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\USBPDO-2                                          hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\USBPDO-3                                          hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\USBPDO-4                                          hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\USBPDO-5                                          hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\00000071                                          hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\00000072                                          hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\00000078                                          hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbhub \Device\00000079                                          hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbehci \Device\USBFDO-0                                          hcmon.sys (VMware USB monitor/VMware, Inc.)
Device          \Driver\usbehci \Device\USBFDO-1                                          hcmon.sys (VMware USB monitor/VMware, Inc.)

AttachedDevice  \FileSystem\fastfat \Fat                                                  fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 2.1 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\FPSensor\Parameters@ContactSensor  1

---- EOF - GMER 2.1 ----
--- --- ---



");
//-->
</script>

hier die mbar log nummer 1

Code:
<script type="text/javascript">
<!--
    alert("Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.02.15.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Stina :: STINA-PC [administrator]

13.03.2013 08:59:39
mbar-log-2013-03-13 (08-59-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29612
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 10
HKLM\SOFTWARE\CLASSES\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\esrv.funmoodsESrvc (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Delete on reboot.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Delete on reboot.
HKCU\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Delete on reboot.
HKCU\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Delete on reboot.
HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page (PUP.FunMoods) -> Bad: (hxxp://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0DzzyC0C0A0C0DyCtDyEtN0D0Tzu0CtAtCyDtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1225978215) Good: (hxxp://www.google.com) -> Delete on reboot.

Folders Detected: 3
c:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.
c:\Users\Stina\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Delete on reboot.
c:\Users\Stina\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Delete on reboot.

Files Detected: 5
c:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Delete on reboot.
c:\Users\Stina\AppData\Local\funmoods.crx (PUP.Funmoods) -> Delete on reboot.
c:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Delete on reboot.
c:\Users\Stina\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Delete on reboot.
c:\Users\Stina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Delete on reboot.

(end)
");
//-->
</script>
und die mbar log nummer 2 nach neustart

Code:
<script type="text/javascript">
<!--
    alert("Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.02.15.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Stina :: STINA-PC [administrator]

13.03.2013 09:14:50
mbar-log-2013-03-13 (09-14-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29603
Time elapsed: 8 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
");
//-->
</script>

cosinus 13.03.2013 11:38
Zitat:
Database version: v2013.02.15.09
Warum wurde MBAR vorher nicht aktualisiert?

MysteriusGen 13.03.2013 12:29
Wurde nicht aktualisiert da da wo ich den Laptop mache keine Internetverbindung verfügbar ist.Habe nur daheim Zugriff auf Internet

cosinus 13.03.2013 12:42
Dann wiederhole MBAR bitte mit Internetzugriff und aktuellen Signaturen, sonst macht das ganze nicht viel Sinn

MysteriusGen 14.03.2013 09:02
Hier die mbar log mit den aktuellen signaturen

Code:
<script type="text/javascript">
<!--
    alert("Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.14.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Stina :: STINA-PC [administrator]

14.03.2013 08:42:26
mbar-log-2013-03-14 (08-42-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29381
Time elapsed: 6 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Stina\AppData\Local\Temp\is2036094744\PricePeepInstaller.exe (Adware.Shopper) -> Delete on reboot.

(end)
");
//-->
</script>
Die mbar log nach dem Neustart

Code:
<script type="text/javascript">
<!--
    alert("Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.14.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Stina :: STINA-PC [administrator]

14.03.2013 08:56:12
mbar-log-2013-03-14 (08-56-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29385
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
");
//-->
</script>

cosinus 14.03.2013 15:43
Code:
<script type="text/javascript">
<!--
");
//-->
</script>
Wieso steht das in den Logs bei dir am Anfang und Ende?

MysteriusGen 16.03.2013 11:09
Das steht jedes mal da da ich mich mit den Code Tags nicht auskenne und ich mir die Syntax kopiere und den Text da reinkopieren wo ich denke das es richtig ist.

cosinus 16.03.2013 23:38
Nein das kann nicht sein. Welchen Browser verwendest du?

MysteriusGen 19.03.2013 07:54
Ich verwende Chrome. Aber habe meinen Fehler gefunden. Danke für den Hinweis

cosinus 19.03.2013 12:26
Welchen Fehler genau meinst du?

MysteriusGen 19.03.2013 15:20
Den Fehler mit dem Code. Jetzt weiß ich wie es geht.

cosinus 19.03.2013 15:32
aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

MysteriusGen 25.03.2013 10:22
Hier die Log der aswMBR:

Code:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-25 10:13:44
-----------------------------
10:13:44.047    OS Version: Windows 6.1.7601 Service Pack 1
10:13:44.047    Number of processors: 2 586 0x2A07
10:13:44.049    ComputerName: STINA-PC  UserName: Stina
10:13:45.763    Initialize success
10:13:59.789    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:13:59.791    Disk 0 Vendor: WDC_WD3200BPVT-24JJ5T0 01.01A01 Size: 305245MB BusType: 11
10:13:59.895    Disk 0 MBR read successfully
10:13:59.899    Disk 0 MBR scan
10:13:59.903    Disk 0 Windows 7 default MBR code
10:13:59.907    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
10:13:59.915    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        55142 MB offset 206848
10:13:59.929    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      244000 MB offset 113137664
10:13:59.932    Disk 0 Partition - 00    0F Extended LBA              6001 MB offset 612849664
10:13:59.973    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS        6000 MB offset 612851712
10:13:59.980    Disk 0 scanning sectors +625139712
10:14:00.030    Disk 0 scanning C:\Windows\system32\drivers
10:14:11.329    Service scanning
10:14:27.340    Modules scanning
10:14:35.709    Disk 0 trace - called modules:
10:14:35.726    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
10:14:35.731    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8614f780]
10:14:35.736    3 CLASSPNP.SYS[8afaa59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85ccf338]
10:14:35.740    Scan finished successfully
10:14:55.180    Disk 0 MBR has been saved successfully to "C:\Users\Stina\Desktop\MBR.dat"
10:14:55.186    The log file has been saved successfully to "C:\Users\Stina\Desktop\aswMBR.txt"
Hier die Log des tdsskiller:

Code:

10:16:03.0627 7556  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:16:03.0680 7556  ============================================================
10:16:03.0680 7556  Current date / time: 2013/03/25 10:16:03.0680
10:16:03.0680 7556  SystemInfo:
10:16:03.0680 7556 
10:16:03.0680 7556  OS Version: 6.1.7601 ServicePack: 1.0
10:16:03.0680 7556  Product type: Workstation
10:16:03.0680 7556  ComputerName: STINA-PC
10:16:03.0680 7556  UserName: Stina
10:16:03.0680 7556  Windows directory: C:\Windows
10:16:03.0680 7556  System windows directory: C:\Windows
10:16:03.0680 7556  Processor architecture: Intel x86
10:16:03.0680 7556  Number of processors: 2
10:16:03.0680 7556  Page size: 0x1000
10:16:03.0680 7556  Boot type: Normal boot
10:16:03.0680 7556  ============================================================
10:16:05.0046 7556  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:16:05.0047 7556  ============================================================
10:16:05.0047 7556  \Device\Harddisk0\DR0:
10:16:05.0048 7556  MBR partitions:
10:16:05.0048 7556  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:16:05.0048 7556  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6BB3000
10:16:05.0048 7556  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6BE5800, BlocksNum 0x1DC90000
10:16:05.0082 7556  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x24876000, BlocksNum 0xBB8000
10:16:05.0082 7556  ============================================================
10:16:05.0126 7556  C: <-> \Device\Harddisk0\DR0\Partition2
10:16:05.0166 7556  G: <-> \Device\Harddisk0\DR0\Partition3
10:16:05.0219 7556  Z: <-> \Device\Harddisk0\DR0\Partition4
10:16:05.0219 7556  ============================================================
10:16:05.0219 7556  Initialize success
10:16:05.0220 7556  ============================================================
10:16:56.0368 1768  ============================================================
10:16:56.0368 1768  Scan started
10:16:56.0368 1768  Mode: Manual; SigCheck; TDLFS;
10:16:56.0368 1768  ============================================================
10:16:57.0307 1768  ================ Scan system memory ========================
10:16:57.0307 1768  System memory - ok
10:16:57.0309 1768  ================ Scan services =============================
10:16:57.0518 1768  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:16:57.0592 1768  1394ohci - ok
10:16:57.0626 1768  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:16:57.0641 1768  ACPI - ok
10:16:57.0671 1768  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
10:16:57.0732 1768  AcpiPmi - ok
10:16:57.0771 1768  [ 7E9AEC303D9AEEAE9CF523FBE23F2C89 ] ACPIVPC        C:\Windows\system32\DRIVERS\AcpiVpc.sys
10:16:57.0784 1768  ACPIVPC - ok
10:16:57.0849 1768  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:16:57.0880 1768  AdobeARMservice - ok
10:16:57.0959 1768  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:16:57.0972 1768  AdobeFlashPlayerUpdateSvc - ok
10:16:58.0030 1768  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
10:16:58.0047 1768  adp94xx - ok
10:16:58.0069 1768  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\drivers\adpahci.sys
10:16:58.0084 1768  adpahci - ok
10:16:58.0105 1768  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
10:16:58.0116 1768  adpu320 - ok
10:16:58.0148 1768  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
10:16:58.0182 1768  AeLookupSvc - ok
10:16:58.0239 1768  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD            C:\Windows\system32\drivers\afd.sys
10:16:58.0295 1768  AFD - ok
10:16:58.0314 1768  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
10:16:58.0324 1768  agp440 - ok
10:16:58.0361 1768  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
10:16:58.0371 1768  aic78xx - ok
10:16:58.0402 1768  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
10:16:58.0457 1768  ALG - ok
10:16:58.0473 1768  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:16:58.0482 1768  aliide - ok
10:16:58.0496 1768  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
10:16:58.0506 1768  amdagp - ok
10:16:58.0509 1768  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:16:58.0519 1768  amdide - ok
10:16:58.0535 1768  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
10:16:58.0560 1768  AmdK8 - ok
10:16:58.0572 1768  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
10:16:58.0589 1768  AmdPPM - ok
10:16:58.0613 1768  [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata        C:\Windows\system32\drivers\amdsata.sys
10:16:58.0623 1768  amdsata - ok
10:16:58.0642 1768  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:16:58.0653 1768  amdsbs - ok
10:16:58.0665 1768  [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
10:16:58.0674 1768  amdxata - ok
10:16:58.0948 1768  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:16:58.0959 1768  AntiVirSchedulerService - ok
10:16:59.0020 1768  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:16:59.0030 1768  AntiVirService - ok
10:16:59.0059 1768  [ D05B3EB1F1C8C7199D84C9D68D35FD78 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
10:16:59.0078 1768  AntiVirWebService - ok
10:16:59.0108 1768  [ AEA177F783E20150ACE5383EE368DA19 ] AppID          C:\Windows\system32\drivers\appid.sys
10:16:59.0144 1768  AppID - ok
10:16:59.0187 1768  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:16:59.0217 1768  AppIDSvc - ok
10:16:59.0226 1768  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo        C:\Windows\System32\appinfo.dll
10:16:59.0264 1768  Appinfo - ok
10:16:59.0300 1768  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt        C:\Windows\System32\appmgmts.dll
10:16:59.0342 1768  AppMgmt - ok
10:16:59.0383 1768  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\drivers\arc.sys
10:16:59.0394 1768  arc - ok
10:16:59.0402 1768  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:16:59.0412 1768  arcsas - ok
10:16:59.0525 1768  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:16:59.0573 1768  aspnet_state - ok
10:16:59.0605 1768  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:16:59.0656 1768  AsyncMac - ok
10:16:59.0694 1768  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\Windows\system32\drivers\atapi.sys
10:16:59.0705 1768  atapi - ok
10:16:59.0786 1768  [ FD08D220342C0F5556EE1D1A618817DD ] athr            C:\Windows\system32\DRIVERS\athr.sys
10:16:59.0984 1768  athr - ok
10:17:00.0018 1768  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:17:00.0070 1768  AudioEndpointBuilder - ok
10:17:00.0077 1768  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
10:17:00.0106 1768  Audiosrv - ok
10:17:00.0144 1768  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
10:17:00.0155 1768  avgntflt - ok
10:17:00.0212 1768  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
10:17:00.0226 1768  avipbb - ok
10:17:00.0254 1768  [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
10:17:00.0266 1768  avkmgr - ok
10:17:00.0285 1768  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:17:00.0371 1768  AxInstSV - ok
10:17:00.0422 1768  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\drivers\bxvbdx.sys
10:17:00.0556 1768  b06bdrv - ok
10:17:00.0589 1768  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
10:17:00.0603 1768  b57nd60x - ok
10:17:00.0671 1768  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:17:00.0971 1768  BDESVC - ok
10:17:00.0980 1768  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:17:01.0005 1768  Beep - ok
10:17:01.0033 1768  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE            C:\Windows\System32\bfe.dll
10:17:01.0195 1768  BFE - ok
10:17:01.0219 1768  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
10:17:01.0357 1768  BITS - ok
10:17:01.0397 1768  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:17:01.0426 1768  blbdrive - ok
10:17:01.0457 1768  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:17:01.0510 1768  bowser - ok
10:17:01.0528 1768  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
10:17:01.0548 1768  BrFiltLo - ok
10:17:01.0552 1768  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
10:17:01.0576 1768  BrFiltUp - ok
10:17:01.0605 1768  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser        C:\Windows\System32\browser.dll
10:17:01.0653 1768  Browser - ok
10:17:01.0680 1768  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
10:17:01.0723 1768  Brserid - ok
10:17:01.0740 1768  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:17:01.0766 1768  BrSerWdm - ok
10:17:01.0781 1768  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:17:01.0798 1768  BrUsbMdm - ok
10:17:01.0802 1768  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:17:01.0824 1768  BrUsbSer - ok
10:17:01.0835 1768  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:17:01.0862 1768  BTHMODEM - ok
10:17:01.0890 1768  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
10:17:01.0963 1768  bthserv - ok
10:17:01.0986 1768  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:17:02.0025 1768  cdfs - ok
10:17:02.0068 1768  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
10:17:02.0083 1768  cdrom - ok
10:17:02.0112 1768  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc    C:\Windows\System32\certprop.dll
10:17:02.0183 1768  CertPropSvc - ok
10:17:02.0202 1768  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\drivers\circlass.sys
10:17:02.0217 1768  circlass - ok
10:17:02.0257 1768  [ B0DFC4ADB1FF150AC466F3DAD323196A ] cjusb          C:\Windows\system32\DRIVERS\cjusb.sys
10:17:02.0266 1768  cjusb - ok
10:17:02.0284 1768  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
10:17:02.0299 1768  CLFS - ok
10:17:02.0356 1768  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:17:02.0383 1768  clr_optimization_v2.0.50727_32 - ok
10:17:02.0430 1768  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:17:02.0496 1768  clr_optimization_v4.0.30319_32 - ok
10:17:02.0538 1768  [ 125C828BF3673406DFD642D7BEE8434F ] clwvd          C:\Windows\system32\DRIVERS\clwvd.sys
10:17:02.0548 1768  clwvd - ok
10:17:02.0569 1768  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:17:02.0593 1768  CmBatt - ok
10:17:02.0600 1768  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:17:02.0609 1768  cmdide - ok
10:17:02.0647 1768  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG            C:\Windows\system32\Drivers\cng.sys
10:17:02.0682 1768  CNG - ok
10:17:02.0698 1768  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:17:02.0708 1768  Compbatt - ok
10:17:02.0737 1768  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
10:17:02.0767 1768  CompositeBus - ok
10:17:02.0780 1768  COMSysApp - ok
10:17:02.0799 1768  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
10:17:02.0809 1768  crcdisk - ok
10:17:02.0865 1768  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:17:02.0914 1768  CryptSvc - ok
10:17:02.0947 1768  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC            C:\Windows\system32\drivers\csc.sys
10:17:02.0994 1768  CSC - ok
10:17:03.0021 1768  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
10:17:03.0049 1768  CscService - ok
10:17:03.0079 1768  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:17:03.0124 1768  DcomLaunch - ok
10:17:03.0159 1768  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
10:17:03.0215 1768  defragsvc - ok
10:17:03.0237 1768  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:17:03.0274 1768  DfsC - ok
10:17:03.0321 1768  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:17:03.0349 1768  Dhcp - ok
10:17:03.0366 1768  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
10:17:03.0407 1768  discache - ok
10:17:03.0452 1768  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\drivers\disk.sys
10:17:03.0463 1768  Disk - ok
10:17:03.0494 1768  [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc          C:\Windows\system32\drivers\dmvsc.sys
10:17:03.0539 1768  dmvsc - ok
10:17:03.0577 1768  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:17:03.0626 1768  Dnscache - ok
10:17:03.0659 1768  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc        C:\Windows\System32\dot3svc.dll
10:17:03.0707 1768  dot3svc - ok
10:17:03.0722 1768  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS            C:\Windows\system32\dps.dll
10:17:03.0757 1768  DPS - ok
10:17:03.0791 1768  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
10:17:03.0813 1768  drmkaud - ok
10:17:03.0843 1768  [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01    C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:17:03.0857 1768  dtsoftbus01 - ok
10:17:03.0972 1768  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
10:17:04.0029 1768  DXGKrnl - ok
10:17:04.0146 1768  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
10:17:04.0203 1768  EapHost - ok
10:17:04.0288 1768  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\drivers\evbdx.sys
10:17:04.0380 1768  ebdrv - ok
10:17:04.0412 1768  [ 81951F51E318AECC2D68559E47485CC4 ] EFS            C:\Windows\System32\lsass.exe
10:17:04.0453 1768  EFS - ok
10:17:04.0506 1768  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
10:17:04.0590 1768  ehRecvr - ok
10:17:04.0605 1768  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\Windows\ehome\ehsched.exe
10:17:04.0650 1768  ehSched - ok
10:17:04.0698 1768  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\drivers\elxstor.sys
10:17:04.0716 1768  elxstor - ok
10:17:04.0738 1768  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:17:04.0761 1768  ErrDev - ok
10:17:04.0803 1768  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
10:17:04.0841 1768  EventSystem - ok
10:17:04.0852 1768  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
10:17:04.0878 1768  exfat - ok
10:17:04.0900 1768  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
10:17:04.0927 1768  fastfat - ok
10:17:04.0960 1768  [ 967EA5B213E9984CBE270205DF37755B ] Fax            C:\Windows\system32\fxssvc.exe
10:17:05.0027 1768  Fax - ok
10:17:05.0061 1768  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\drivers\fdc.sys
10:17:05.0074 1768  fdc - ok
10:17:05.0090 1768  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
10:17:05.0134 1768  fdPHost - ok
10:17:05.0154 1768  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
10:17:05.0180 1768  FDResPub - ok
10:17:05.0193 1768  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:17:05.0203 1768  FileInfo - ok
10:17:05.0219 1768  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
10:17:05.0259 1768  Filetrace - ok
10:17:05.0269 1768  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
10:17:05.0286 1768  flpydisk - ok
10:17:05.0314 1768  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:17:05.0341 1768  FltMgr - ok
10:17:05.0370 1768  [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache      C:\Windows\system32\FntCache.dll
10:17:05.0421 1768  FontCache - ok
10:17:05.0474 1768  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:17:05.0504 1768  FontCache3.0.0.0 - ok
10:17:05.0550 1768  [ EFBE9DCBCE946D96D6A7E25E439A768B ] FPSensor        C:\Windows\system32\Drivers\FPSensor.sys
10:17:05.0561 1768  FPSensor - ok
10:17:05.0596 1768  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
10:17:05.0607 1768  FsDepends - ok
10:17:05.0645 1768  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:17:05.0655 1768  Fs_Rec - ok
10:17:05.0675 1768  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:17:05.0690 1768  fvevol - ok
10:17:05.0710 1768  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:17:05.0720 1768  gagp30kx - ok
10:17:05.0751 1768  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc          C:\Windows\System32\gpsvc.dll
10:17:05.0803 1768  gpsvc - ok
10:17:05.0870 1768  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
10:17:05.0881 1768  gupdate - ok
10:17:05.0893 1768  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
10:17:05.0902 1768  gupdatem - ok
10:17:05.0952 1768  [ 88A6F2571405B3A4ABC4ED2F52136317 ] hcmon          C:\Windows\system32\drivers\hcmon.sys
10:17:05.0963 1768  hcmon - ok
10:17:05.0981 1768  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:17:06.0028 1768  hcw85cir - ok
10:17:06.0081 1768  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:17:06.0099 1768  HdAudAddService - ok
10:17:06.0133 1768  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:17:06.0149 1768  HDAudBus - ok
10:17:06.0171 1768  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
10:17:06.0192 1768  HidBatt - ok
10:17:06.0207 1768  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:17:06.0239 1768  HidBth - ok
10:17:06.0257 1768  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\drivers\hidir.sys
10:17:06.0281 1768  HidIr - ok
10:17:06.0300 1768  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\system32\hidserv.dll
10:17:06.0361 1768  hidserv - ok
10:17:06.0388 1768  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:17:06.0414 1768  HidUsb - ok
10:17:06.0434 1768  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:17:06.0466 1768  hkmsvc - ok
10:17:06.0486 1768  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:17:06.0530 1768  HomeGroupListener - ok
10:17:06.0564 1768  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:17:06.0595 1768  HomeGroupProvider - ok
10:17:06.0635 1768  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:17:06.0646 1768  HpSAMD - ok
10:17:06.0672 1768  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:17:06.0702 1768  HTTP - ok
10:17:06.0710 1768  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:17:06.0719 1768  hwpolicy - ok
10:17:06.0747 1768  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:17:06.0769 1768  i8042prt - ok
10:17:06.0811 1768  [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
10:17:06.0827 1768  iaStorV - ok
10:17:06.0878 1768  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:17:06.0957 1768  idsvc - ok
10:17:07.0179 1768  [ 60CC34AD19AF2716FF18EC756D55B9AB ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
10:17:07.0482 1768  igfx - ok
10:17:07.0517 1768  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
10:17:07.0527 1768  iirsp - ok
10:17:07.0569 1768  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
10:17:07.0647 1768  IKEEXT - ok
10:17:07.0673 1768  [ 5576AD2F0039D2BCCCA3567FC0BF981C ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
10:17:07.0709 1768  IntcDAud - ok
10:17:07.0736 1768  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:17:07.0746 1768  intelide - ok
10:17:07.0783 1768  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:17:07.0798 1768  intelppm - ok
10:17:07.0821 1768  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
10:17:07.0869 1768  IPBusEnum - ok
10:17:07.0895 1768  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:17:07.0921 1768  IpFilterDriver - ok
10:17:07.0961 1768  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:17:08.0006 1768  iphlpsvc - ok
10:17:08.0028 1768  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
10:17:08.0039 1768  IPMIDRV - ok
10:17:08.0043 1768  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
10:17:08.0085 1768  IPNAT - ok
10:17:08.0109 1768  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:17:08.0135 1768  IRENUM - ok
10:17:08.0156 1768  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:17:08.0166 1768  isapnp - ok
10:17:08.0183 1768  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:17:08.0196 1768  iScsiPrt - ok
10:17:08.0227 1768  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:17:08.0237 1768  kbdclass - ok
10:17:08.0266 1768  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
10:17:08.0286 1768  kbdhid - ok
10:17:08.0300 1768  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
10:17:08.0311 1768  KeyIso - ok
10:17:08.0343 1768  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:17:08.0355 1768  KSecDD - ok
10:17:08.0371 1768  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
10:17:08.0382 1768  KSecPkg - ok
10:17:08.0413 1768  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
10:17:08.0469 1768  KtmRm - ok
10:17:08.0505 1768  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:17:08.0548 1768  LanmanServer - ok
10:17:08.0562 1768  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:17:08.0636 1768  LanmanWorkstation - ok
10:17:08.0670 1768  [ 8FF8B5F04AC4D57F9A965BB4DF07813E ] LHDmgr          C:\Windows\system32\DRIVERS\LhdX86.sys
10:17:08.0680 1768  LHDmgr - ok
10:17:08.0730 1768  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:17:08.0763 1768  lltdio - ok
10:17:08.0814 1768  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
10:17:08.0851 1768  lltdsvc - ok
10:17:08.0866 1768  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
10:17:08.0906 1768  lmhosts - ok
10:17:08.0984 1768  [ 926EBA26A8B49D1597751CED06B50862 ] LMS            C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:17:09.0002 1768  LMS - ok
10:17:09.0042 1768  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:17:09.0053 1768  LSI_FC - ok
10:17:09.0070 1768  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
10:17:09.0081 1768  LSI_SAS - ok
10:17:09.0102 1768  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:17:09.0112 1768  LSI_SAS2 - ok
10:17:09.0132 1768  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:17:09.0143 1768  LSI_SCSI - ok
10:17:09.0193 1768  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
10:17:09.0222 1768  luafv - ok
10:17:09.0264 1768  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
10:17:09.0292 1768  Mcx2Svc - ok
10:17:09.0309 1768  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\drivers\megasas.sys
10:17:09.0319 1768  megasas - ok
10:17:09.0336 1768  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
10:17:09.0349 1768  MegaSR - ok
10:17:09.0396 1768  [ CFCB18986426A2D8E66F1992636221D0 ] MEI            C:\Windows\system32\DRIVERS\HECI.sys
10:17:09.0431 1768  MEI - ok
10:17:09.0503 1768  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
10:17:09.0525 1768  Microsoft Office Groove Audit Service - ok
10:17:09.0557 1768  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
10:17:09.0596 1768  MMCSS - ok
10:17:09.0617 1768  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
10:17:09.0649 1768  Modem - ok
10:17:09.0679 1768  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
10:17:09.0706 1768  monitor - ok
10:17:09.0730 1768  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:17:09.0740 1768  mouclass - ok
10:17:09.0767 1768  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\drivers\mouhid.sys
10:17:09.0794 1768  mouhid - ok
10:17:09.0808 1768  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:17:09.0819 1768  mountmgr - ok
10:17:09.0898 1768  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:17:09.0924 1768  MozillaMaintenance - ok
10:17:09.0941 1768  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:17:09.0953 1768  mpio - ok
10:17:09.0966 1768  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:17:09.0990 1768  mpsdrv - ok
10:17:10.0032 1768  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:17:10.0103 1768  MpsSvc - ok
10:17:10.0119 1768  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:17:10.0152 1768  MRxDAV - ok
10:17:10.0188 1768  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:17:10.0230 1768  mrxsmb - ok
10:17:10.0247 1768  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:17:10.0269 1768  mrxsmb10 - ok
10:17:10.0280 1768  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:17:10.0301 1768  mrxsmb20 - ok
10:17:10.0316 1768  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
10:17:10.0326 1768  msahci - ok
10:17:10.0340 1768  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
10:17:10.0351 1768  msdsm - ok
10:17:10.0382 1768  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
10:17:10.0432 1768  MSDTC - ok
10:17:10.0447 1768  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:17:10.0473 1768  Msfs - ok
10:17:10.0489 1768  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
10:17:10.0521 1768  mshidkmdf - ok
10:17:10.0535 1768  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:17:10.0545 1768  msisadrv - ok
10:17:10.0588 1768  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
10:17:10.0654 1768  MSiSCSI - ok
10:17:10.0658 1768  msiserver - ok
10:17:10.0680 1768  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
10:17:10.0705 1768  MSKSSRV - ok
10:17:10.0723 1768  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:17:10.0762 1768  MSPCLOCK - ok
10:17:10.0773 1768  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
10:17:10.0812 1768  MSPQM - ok
10:17:10.0828 1768  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
10:17:10.0840 1768  MsRPC - ok
10:17:10.0857 1768  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
10:17:10.0866 1768  mssmbios - ok
10:17:10.0930 1768  MSSQL$SQLEXPRESS - ok
10:17:11.0003 1768  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
10:17:11.0031 1768  MSSQLServerADHelper100 - ok
10:17:11.0046 1768  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
10:17:11.0071 1768  MSTEE - ok
10:17:11.0107 1768  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
10:17:11.0130 1768  MTConfig - ok
10:17:11.0146 1768  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
10:17:11.0157 1768  Mup - ok
10:17:11.0189 1768  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
10:17:11.0238 1768  napagent - ok
10:17:11.0287 1768  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
10:17:11.0304 1768  NativeWifiP - ok
10:17:11.0333 1768  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:17:11.0357 1768  NDIS - ok
10:17:11.0369 1768  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
10:17:11.0405 1768  NdisCap - ok
10:17:11.0439 1768  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:17:11.0470 1768  NdisTapi - ok
10:17:11.0481 1768  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
10:17:11.0505 1768  Ndisuio - ok
10:17:11.0517 1768  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
10:17:11.0555 1768  NdisWan - ok
10:17:11.0583 1768  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
10:17:11.0607 1768  NDProxy - ok
10:17:11.0630 1768  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
10:17:11.0669 1768  NetBIOS - ok
10:17:11.0687 1768  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
10:17:11.0725 1768  NetBT - ok
10:17:11.0745 1768  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
10:17:11.0757 1768  Netlogon - ok
10:17:11.0797 1768  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
10:17:11.0827 1768  Netman - ok
10:17:11.0866 1768  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:17:11.0896 1768  NetMsmqActivator - ok
10:17:11.0900 1768  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:17:11.0911 1768  NetPipeActivator - ok
10:17:11.0932 1768  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
10:17:11.0981 1768  netprofm - ok
10:17:11.0985 1768  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:17:11.0995 1768  NetTcpActivator - ok
10:17:11.0999 1768  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:17:12.0009 1768  NetTcpPortSharing - ok
10:17:12.0052 1768  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
10:17:12.0062 1768  nfrd960 - ok
10:17:12.0078 1768  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:17:12.0115 1768  NlaSvc - ok
10:17:12.0136 1768  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:17:12.0162 1768  Npfs - ok
10:17:12.0171 1768  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
10:17:12.0198 1768  nsi - ok
10:17:12.0215 1768  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:17:12.0240 1768  nsiproxy - ok
10:17:12.0274 1768  [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:17:12.0326 1768  Ntfs - ok
10:17:12.0335 1768  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
10:17:12.0360 1768  Null - ok
10:17:12.0387 1768  [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:17:12.0398 1768  nvraid - ok
10:17:12.0413 1768  [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:17:12.0425 1768  nvstor - ok
10:17:12.0437 1768  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:17:12.0448 1768  nv_agp - ok
10:17:12.0531 1768  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:17:12.0581 1768  odserv - ok
10:17:12.0593 1768  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:17:12.0618 1768  ohci1394 - ok
10:17:12.0672 1768  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:17:12.0704 1768  ose - ok
10:17:12.0745 1768  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:17:12.0795 1768  p2pimsvc - ok
10:17:12.0824 1768  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:17:12.0851 1768  p2psvc - ok
10:17:12.0877 1768  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\drivers\parport.sys
10:17:12.0889 1768  Parport - ok
10:17:12.0914 1768  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr        C:\Windows\system32\drivers\partmgr.sys
10:17:12.0924 1768  partmgr - ok
10:17:12.0939 1768  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
10:17:12.0950 1768  Parvdm - ok
10:17:12.0970 1768  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:17:12.0988 1768  PcaSvc - ok
10:17:12.0999 1768  [ 673E55C3498EB970088E812EA820AA8F ] pci            C:\Windows\system32\drivers\pci.sys
10:17:13.0012 1768  pci - ok
10:17:13.0036 1768  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
10:17:13.0046 1768  pciide - ok
10:17:13.0061 1768  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:17:13.0073 1768  pcmcia - ok
10:17:13.0095 1768  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
10:17:13.0107 1768  pcw - ok
10:17:13.0133 1768  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:17:13.0182 1768  PEAUTH - ok
10:17:13.0222 1768  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
10:17:13.0291 1768  PeerDistSvc - ok
10:17:13.0347 1768  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla            C:\Windows\system32\pla.dll
10:17:13.0476 1768  pla - ok
10:17:13.0521 1768  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:17:13.0558 1768  PlugPlay - ok
10:17:13.0575 1768  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
10:17:13.0609 1768  PNRPAutoReg - ok
10:17:13.0634 1768  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
10:17:13.0650 1768  PNRPsvc - ok
10:17:13.0687 1768  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
10:17:13.0745 1768  PolicyAgent - ok
10:17:13.0798 1768  [ F87D30E72E03D579A5199CCB3831D6EA ] Power          C:\Windows\system32\umpo.dll
10:17:13.0844 1768  Power - ok
10:17:13.0891 1768  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:17:13.0927 1768  PptpMiniport - ok
10:17:13.0943 1768  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\drivers\processr.sys
10:17:13.0963 1768  Processor - ok
10:17:13.0990 1768  [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc        C:\Windows\system32\profsvc.dll
10:17:14.0018 1768  ProfSvc - ok
10:17:14.0034 1768  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:17:14.0046 1768  ProtectedStorage - ok
10:17:14.0073 1768  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:17:14.0106 1768  Psched - ok
10:17:14.0151 1768  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:17:14.0204 1768  ql2300 - ok
10:17:14.0232 1768  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:17:14.0245 1768  ql40xx - ok
10:17:14.0298 1768  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
10:17:14.0435 1768  QWAVE - ok
10:17:14.0452 1768  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:17:14.0466 1768  QWAVEdrv - ok
10:17:14.0477 1768  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:17:14.0511 1768  RasAcd - ok
10:17:14.0553 1768  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
10:17:14.0578 1768  RasAgileVpn - ok
10:17:14.0592 1768  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
10:17:14.0652 1768  RasAuto - ok
10:17:14.0668 1768  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
10:17:14.0710 1768  Rasl2tp - ok
10:17:14.0727 1768  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
10:17:14.0780 1768  RasMan - ok
10:17:14.0799 1768  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:17:14.0825 1768  RasPppoe - ok
10:17:14.0836 1768  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
10:17:14.0877 1768  RasSstp - ok
10:17:14.0901 1768  [ D528BC58A489409BA40334EBF96A311B ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
10:17:14.0939 1768  rdbss - ok
10:17:14.0958 1768  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:17:14.0970 1768  rdpbus - ok
10:17:14.0983 1768  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:17:15.0017 1768  RDPCDD - ok
10:17:15.0052 1768  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
10:17:15.0096 1768  RDPDR - ok
10:17:15.0123 1768  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:17:15.0159 1768  RDPENCDD - ok
10:17:15.0176 1768  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:17:15.0214 1768  RDPREFMP - ok
10:17:15.0242 1768  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
10:17:15.0276 1768  RDPWD - ok
10:17:15.0303 1768  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:17:15.0315 1768  rdyboost - ok
10:17:15.0338 1768  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:17:15.0364 1768  RemoteAccess - ok
10:17:15.0396 1768  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:17:15.0442 1768  RemoteRegistry - ok
10:17:15.0470 1768  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:17:15.0506 1768  RpcEptMapper - ok
10:17:15.0533 1768  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
10:17:15.0574 1768  RpcLocator - ok
10:17:15.0590 1768  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs          C:\Windows\system32\rpcss.dll
10:17:15.0619 1768  RpcSs - ok
10:17:15.0657 1768  [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103        C:\Windows\system32\DRIVERS\RsFx0103.sys
10:17:15.0670 1768  RsFx0103 - ok
10:17:15.0713 1768  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:17:15.0747 1768  rspndr - ok
10:17:15.0791 1768  [ BE466AFA453D1AC73DB0F02FDDB519B5 ] RSUSBVSTOR      C:\Windows\system32\Drivers\RtsUVStor.sys
10:17:15.0804 1768  RSUSBVSTOR - ok
10:17:15.0837 1768  [ 0516998076AD894AE7E362C3110AA071 ] RTL8167        C:\Windows\system32\DRIVERS\Rt86win7.sys
10:17:15.0850 1768  RTL8167 - ok
10:17:15.0878 1768  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap          C:\Windows\system32\drivers\vms3cap.sys
10:17:15.0895 1768  s3cap - ok
10:17:15.0912 1768  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs          C:\Windows\system32\lsass.exe
10:17:15.0923 1768  SamSs - ok
10:17:15.0953 1768  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:17:15.0964 1768  sbp2port - ok
10:17:15.0994 1768  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:17:16.0038 1768  SCardSvr - ok
10:17:16.0067 1768  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:17:16.0104 1768  scfilter - ok
10:17:16.0135 1768  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
10:17:16.0172 1768  Schedule - ok
10:17:16.0190 1768  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc    C:\Windows\System32\certprop.dll
10:17:16.0214 1768  SCPolicySvc - ok
10:17:16.0237 1768  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:17:16.0294 1768  SDRSVC - ok
10:17:16.0316 1768  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:17:16.0351 1768  secdrv - ok
10:17:16.0365 1768  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
10:17:16.0407 1768  seclogon - ok
10:17:16.0428 1768  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
10:17:16.0465 1768  SENS - ok
10:17:16.0486 1768  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:17:16.0553 1768  SensrSvc - ok
10:17:16.0572 1768  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\drivers\serenum.sys
10:17:16.0585 1768  Serenum - ok
10:17:16.0632 1768  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\drivers\serial.sys
10:17:16.0653 1768  Serial - ok
10:17:16.0656 1768  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:17:16.0667 1768  sermouse - ok
10:17:16.0698 1768  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:17:16.0754 1768  SessionEnv - ok
10:17:16.0757 1768  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
10:17:16.0781 1768  sffdisk - ok
10:17:16.0785 1768  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:17:16.0797 1768  sffp_mmc - ok
10:17:16.0801 1768  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
10:17:16.0823 1768  sffp_sd - ok
10:17:16.0826 1768  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
10:17:16.0841 1768  sfloppy - ok
10:17:16.0863 1768  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:17:16.0930 1768  SharedAccess - ok
10:17:16.0956 1768  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:17:16.0997 1768  ShellHWDetection - ok
10:17:17.0018 1768  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
10:17:17.0028 1768  sisagp - ok
10:17:17.0057 1768  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
10:17:17.0068 1768  SiSRaid2 - ok
10:17:17.0082 1768  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:17:17.0092 1768  SiSRaid4 - ok
10:17:17.0255 1768  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:17:17.0360 1768  Skype C2C Service - ok
10:17:17.0420 1768  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
10:17:17.0499 1768  SkypeUpdate - ok
10:17:17.0527 1768  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
10:17:17.0571 1768  Smb - ok
10:17:17.0605 1768  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:17:17.0641 1768  SNMPTRAP - ok
10:17:17.0668 1768  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
10:17:17.0679 1768  spldr - ok
10:17:17.0699 1768  [ 866A43013535DC8587C258E43579C764 ] Spooler        C:\Windows\System32\spoolsv.exe
10:17:17.0729 1768  Spooler - ok
10:17:17.0795 1768  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
10:17:17.0967 1768  sppsvc - ok
10:17:17.0981 1768  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
10:17:18.0038 1768  sppuinotify - ok
10:17:18.0076 1768  [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
10:17:18.0138 1768  SQLAgent$SQLEXPRESS - ok
10:17:18.0190 1768  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:17:18.0241 1768  SQLBrowser - ok
10:17:18.0261 1768  [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:17:18.0272 1768  SQLWriter - ok
10:17:18.0301 1768  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv            C:\Windows\system32\DRIVERS\srv.sys
10:17:18.0354 1768  srv - ok
10:17:18.0382 1768  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:17:18.0397 1768  srv2 - ok
10:17:18.0432 1768  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:17:18.0458 1768  srvnet - ok
10:17:18.0487 1768  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
10:17:18.0517 1768  SSDPSRV - ok
10:17:18.0557 1768  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
10:17:18.0581 1768  ssmdrv - ok
10:17:18.0592 1768  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
10:17:18.0635 1768  SstpSvc - ok
10:17:18.0668 1768  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\drivers\stexstor.sys
10:17:18.0678 1768  stexstor - ok
10:17:18.0730 1768  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
10:17:18.0762 1768  StiSvc - ok
10:17:18.0785 1768  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
10:17:18.0794 1768  storflt - ok
10:17:18.0825 1768  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc        C:\Windows\system32\storsvc.dll
10:17:18.0880 1768  StorSvc - ok
10:17:18.0893 1768  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc        C:\Windows\system32\drivers\storvsc.sys
10:17:18.0903 1768  storvsc - ok
10:17:18.0933 1768  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
10:17:18.0944 1768  swenum - ok
10:17:18.0973 1768  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
10:17:19.0034 1768  swprv - ok
10:17:19.0100 1768  [ B769710846D690ADB6D25ED9329D5DB7 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
10:17:19.0153 1768  SynTP - ok
10:17:19.0180 1768  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain        C:\Windows\system32\sysmain.dll
10:17:19.0233 1768  SysMain - ok
10:17:19.0249 1768  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:17:19.0302 1768  TabletInputService - ok
10:17:19.0319 1768  [ 613BF4820361543956909043A265C6AC ] TapiSrv        C:\Windows\System32\tapisrv.dll
10:17:19.0373 1768  TapiSrv - ok
10:17:19.0389 1768  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
10:17:19.0449 1768  TBS - ok
10:17:19.0512 1768  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
10:17:19.0563 1768  Tcpip - ok
10:17:19.0606 1768  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:17:19.0635 1768  TCPIP6 - ok
10:17:19.0665 1768  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:17:19.0704 1768  tcpipreg - ok
10:17:19.0718 1768  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:17:19.0743 1768  TDPIPE - ok
10:17:19.0776 1768  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
10:17:19.0787 1768  TDTCP - ok
10:17:19.0800 1768  [ B459575348C20E8121D6039DA063C704 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
10:17:19.0824 1768  tdx - ok
10:17:19.0841 1768  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
10:17:19.0852 1768  TermDD - ok
10:17:19.0881 1768  [ 382C804C92811BE57829D8E550A900E2 ] TermService    C:\Windows\System32\termsrv.dll
10:17:19.0937 1768  TermService - ok
10:17:19.0947 1768  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
10:17:19.0976 1768  Themes - ok
10:17:19.0990 1768  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
10:17:20.0016 1768  THREADORDER - ok
10:17:20.0038 1768  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
10:17:20.0097 1768  TrkWks - ok
10:17:20.0151 1768  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:17:20.0196 1768  TrustedInstaller - ok
10:17:20.0209 1768  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:17:20.0232 1768  tssecsrv - ok
10:17:20.0265 1768  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:17:20.0298 1768  TsUsbFlt - ok
10:17:20.0319 1768  [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
10:17:20.0330 1768  TsUsbGD - ok
10:17:20.0361 1768  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:17:20.0385 1768  tunnel - ok
10:17:20.0407 1768  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:17:20.0417 1768  uagp35 - ok
10:17:20.0441 1768  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:17:20.0485 1768  udfs - ok
10:17:20.0505 1768  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
10:17:20.0547 1768  UI0Detect - ok
10:17:20.0559 1768  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:17:20.0569 1768  uliagpkx - ok
10:17:20.0600 1768  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
10:17:20.0612 1768  umbus - ok
10:17:20.0622 1768  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\drivers\umpass.sys
10:17:20.0647 1768  UmPass - ok
10:17:20.0672 1768  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
10:17:20.0711 1768  UmRdpService - ok
10:17:20.0799 1768  [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS            C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:17:20.0901 1768  UNS - ok
10:17:20.0940 1768  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
10:17:20.0980 1768  upnphost - ok
10:17:21.0033 1768  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:17:21.0049 1768  usbaudio - ok
10:17:21.0079 1768  [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
10:17:21.0107 1768  usbccgp - ok
10:17:21.0126 1768  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:17:21.0140 1768  usbcir - ok
10:17:21.0165 1768  [ CFBCE999C057D78979A181C9C60F208E ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
10:17:21.0177 1768  usbehci - ok
10:17:21.0210 1768  [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:17:21.0225 1768  usbhub - ok
10:17:21.0249 1768  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
10:17:21.0272 1768  usbohci - ok
10:17:21.0275 1768  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
10:17:21.0288 1768  usbprint - ok
10:17:21.0306 1768  [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:17:21.0317 1768  USBSTOR - ok
10:17:21.0335 1768  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
10:17:21.0357 1768  usbuhci - ok
10:17:21.0408 1768  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
10:17:21.0423 1768  usbvideo - ok
10:17:21.0454 1768  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
10:17:21.0488 1768  UxSms - ok
10:17:21.0522 1768  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
10:17:21.0538 1768  VaultSvc - ok
10:17:21.0576 1768  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:17:21.0586 1768  vdrvroot - ok
10:17:21.0611 1768  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds            C:\Windows\System32\vds.exe
10:17:21.0685 1768  vds - ok
10:17:21.0695 1768  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
10:17:21.0716 1768  vga - ok
10:17:21.0735 1768  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
10:17:21.0760 1768  VgaSave - ok
10:17:21.0772 1768  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
10:17:21.0784 1768  vhdmp - ok
10:17:21.0801 1768  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
10:17:21.0812 1768  viaagp - ok
10:17:21.0822 1768  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\drivers\viac7.sys
10:17:21.0840 1768  ViaC7 - ok
10:17:21.0854 1768  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
10:17:21.0864 1768  viaide - ok
10:17:21.0931 1768  [ 3ACCF0C817A2BB34EFBFB72B57B00252 ] VMAuthdService  C:\Program Files\VMware\VMware Player\vmware-authd.exe
10:17:21.0939 1768  VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
10:17:21.0939 1768  VMAuthdService - detected UnsignedFile.Multi.Generic (1)
10:17:21.0965 1768  [ C2F2911156FDC7817C52829C86DA494E ] vmbus          C:\Windows\system32\drivers\vmbus.sys
10:17:21.0978 1768  vmbus - ok
10:17:21.0992 1768  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
10:17:22.0010 1768  VMBusHID - ok
10:17:22.0050 1768  [ 15759158F7531853616B2B43AF962FCB ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
10:17:22.0061 1768  vmci - ok
10:17:22.0091 1768  [ E5FA574436B840D071DBFE74300741CE ] vmkbd          C:\Windows\system32\drivers\VMkbd.sys
10:17:22.0100 1768  vmkbd - ok
10:17:22.0109 1768  [ 1AFA4AF55CBEA579A4BBE4F90967F720 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
10:17:22.0117 1768  VMnetAdapter - ok
10:17:22.0139 1768  [ 392964A7BF46986FBD44B24A3BEC2088 ] VMnetBridge    C:\Windows\system32\DRIVERS\vmnetbridge.sys
10:17:22.0148 1768  VMnetBridge - ok
10:17:22.0164 1768  [ 6F5FE74A4713290E6309B45904403798 ] VMnetDHCP      C:\Windows\system32\vmnetdhcp.exe
10:17:22.0182 1768  VMnetDHCP - ok
10:17:22.0186 1768  [ C88E5F414C567FF10343DF18F8C3E3F0 ] VMnetuserif    C:\Windows\system32\drivers\vmnetuserif.sys
10:17:22.0196 1768  VMnetuserif - ok
10:17:22.0244 1768  [ AFB10AD9AA91D2F70C9F0E6BDA0D119B ] vmusb          C:\Windows\system32\Drivers\vmusb.sys
10:17:22.0255 1768  vmusb - ok
10:17:22.0347 1768  [ AF76C6D3F5053459E18E4C519FB496C8 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
10:17:22.0369 1768  VMUSBArbService - ok
10:17:22.0392 1768  [ 5CC206036B6648CD3990D77E5117E1D9 ] VMware NAT Service C:\Windows\system32\vmnat.exe
10:17:22.0412 1768  VMware NAT Service - ok
10:17:22.0439 1768  [ 847909A1FC0C8EB46FF975747D673A7F ] vmx86          C:\Windows\system32\Drivers\vmx86.sys
10:17:22.0450 1768  vmx86 - ok
10:17:22.0480 1768  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:17:22.0490 1768  volmgr - ok
10:17:22.0508 1768  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
10:17:22.0523 1768  volmgrx - ok
10:17:22.0538 1768  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
10:17:22.0551 1768  volsnap - ok
10:17:22.0587 1768  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
10:17:22.0601 1768  vsmraid - ok
10:17:22.0693 1768  [ 5A2DDC5411A092BEDB1A07755E087784 ] VSPerfDrv100    G:\Programme\Team Tools\Performance Tools\VSPerfDrv100.sys
10:17:22.0703 1768  VSPerfDrv100 ( UnsignedFile.Multi.Generic ) - warning
10:17:22.0703 1768  VSPerfDrv100 - detected UnsignedFile.Multi.Generic (1)
10:17:22.0749 1768  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS            C:\Windows\system32\vssvc.exe
10:17:22.0854 1768  VSS - ok
10:17:22.0879 1768  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:17:22.0906 1768  vwifibus - ok
10:17:22.0925 1768  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:17:22.0957 1768  vwififlt - ok
10:17:22.0977 1768  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
10:17:23.0010 1768  W32Time - ok
10:17:23.0031 1768  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:17:23.0047 1768  WacomPen - ok
10:17:23.0070 1768  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:17:23.0108 1768  WANARP - ok
10:17:23.0111 1768  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:17:23.0135 1768  Wanarpv6 - ok
10:17:23.0171 1768  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
10:17:23.0246 1768  wbengine - ok
10:17:23.0267 1768  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:17:23.0314 1768  WbioSrvc - ok
10:17:23.0338 1768  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc        C:\Windows\System32\wcncsvc.dll
10:17:23.0374 1768  wcncsvc - ok
10:17:23.0385 1768  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:17:23.0445 1768  WcsPlugInService - ok
10:17:23.0474 1768  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\drivers\wd.sys
10:17:23.0485 1768  Wd - ok
10:17:23.0510 1768  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:17:23.0528 1768  Wdf01000 - ok
10:17:23.0536 1768  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:17:23.0610 1768  WdiServiceHost - ok
10:17:23.0613 1768  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
10:17:23.0628 1768  WdiSystemHost - ok
10:17:23.0646 1768  [ A9D880F97530D5B8FEE278923349929D ] WebClient      C:\Windows\System32\webclnt.dll
10:17:23.0705 1768  WebClient - ok
10:17:23.0718 1768  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:17:23.0763 1768  Wecsvc - ok
10:17:23.0776 1768  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
10:17:23.0802 1768  wercplsupport - ok
10:17:23.0829 1768  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:17:23.0867 1768  WerSvc - ok
10:17:23.0907 1768  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:17:23.0934 1768  WfpLwf - ok
10:17:23.0949 1768  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:17:23.0959 1768  WIMMount - ok
10:17:24.0020 1768  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
10:17:24.0058 1768  WinDefend - ok
10:17:24.0064 1768  WinHttpAutoProxySvc - ok
10:17:24.0124 1768  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
10:17:24.0152 1768  Winmgmt - ok
10:17:24.0199 1768  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\Windows\system32\WsmSvc.dll
10:17:24.0265 1768  WinRM - ok
10:17:24.0349 1768  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:17:24.0371 1768  WinUsb - ok
10:17:24.0418 1768  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
10:17:24.0534 1768  Wlansvc - ok
10:17:24.0645 1768  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
10:17:24.0703 1768  WmiAcpi - ok
10:17:24.0737 1768  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:17:24.0783 1768  wmiApSrv - ok
10:17:24.0873 1768  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
10:17:24.0958 1768  WMPNetworkSvc - ok
10:17:24.0986 1768  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:17:25.0052 1768  WPCSvc - ok
10:17:25.0069 1768  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:17:25.0089 1768  WPDBusEnum - ok
10:17:25.0102 1768  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
10:17:25.0146 1768  ws2ifsl - ok
10:17:25.0166 1768  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
10:17:25.0185 1768  wscsvc - ok
10:17:25.0188 1768  WSearch - ok
10:17:25.0259 1768  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
10:17:25.0331 1768  wuauserv - ok
10:17:25.0360 1768  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:17:25.0398 1768  WudfPf - ok
10:17:25.0430 1768  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:17:25.0472 1768  WUDFRd - ok
10:17:25.0489 1768  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
10:17:25.0516 1768  wudfsvc - ok
10:17:25.0531 1768  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
10:17:25.0564 1768  WwanSvc - ok
10:17:25.0585 1768  ================ Scan global ===============================
10:17:25.0618 1768  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
10:17:25.0652 1768  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
10:17:25.0661 1768  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
10:17:25.0686 1768  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
10:17:25.0724 1768  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
10:17:25.0730 1768  [Global] - ok
10:17:25.0730 1768  ================ Scan MBR ==================================
10:17:25.0743 1768  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:17:26.0325 1768  \Device\Harddisk0\DR0 - ok
10:17:26.0326 1768  ================ Scan VBR ==================================
10:17:26.0330 1768  [ ADE339E06DBDFA25D2346739294744DD ] \Device\Harddisk0\DR0\Partition1
10:17:26.0332 1768  \Device\Harddisk0\DR0\Partition1 - ok
10:17:26.0365 1768  [ C0084F66E84DA04FA606018ED544C96B ] \Device\Harddisk0\DR0\Partition2
10:17:26.0368 1768  \Device\Harddisk0\DR0\Partition2 - ok
10:17:26.0390 1768  [ A7C7DE074E5D77D914DBC63935C5A3B9 ] \Device\Harddisk0\DR0\Partition3
10:17:26.0393 1768  \Device\Harddisk0\DR0\Partition3 - ok
10:17:26.0424 1768  [ EA4197EBC3B845F7871DD91632527CA1 ] \Device\Harddisk0\DR0\Partition4
10:17:26.0426 1768  \Device\Harddisk0\DR0\Partition4 - ok
10:17:26.0427 1768  ============================================================
10:17:26.0427 1768  Scan finished
10:17:26.0427 1768  ============================================================
10:17:26.0437 10024  Detected object count: 2
10:17:26.0437 10024  Actual detected object count: 2
10:17:41.0181 10024  VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:41.0181 10024  VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:17:41.0182 10024  VSPerfDrv100 ( UnsignedFile.Multi.Generic ) - skipped by user
10:17:41.0183 10024  VSPerfDrv100 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:18:03.0342 4784  Deinitialize success

cosinus 25.03.2013 15:31
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

MysteriusGen 26.03.2013 10:34
Hier die Combofix Logfile:

Code:
ComboFix 13-03-25.01 - Stina 26.03.2013  10:15:00.1.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2988.2204 [GMT 1:00]
ausgeführt von:: c:\users\Stina\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Stina\AppData\Local\assembly\tmp
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-02-26 bis 2013-03-26  ))))))))))))))))))))))))))))))
.
.
2013-03-26 09:19 . 2013-03-26 09:19        --------        d-----w-        c:\users\Stina\AppData\Local\temp
2013-03-26 09:19 . 2013-03-26 09:19        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-03-21 16:04 . 2013-03-21 16:04        --------        d-----w-        c:\users\Stina\AppData\Local\Macromedia
2013-03-13 07:53 . 2013-03-13 07:53        --------        d-----w-        c:\programdata\Malwarebytes
2013-03-11 10:37 . 2013-03-11 10:37        --------        d-----w-        c:\programdata\Sophos
2013-03-11 10:37 . 2013-03-11 10:37        73728        ----a-r-        c:\users\Stina\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-11 10:37 . 2013-03-11 10:37        73728        ----a-r-        c:\users\Stina\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-11 10:37 . 2013-03-11 10:37        73728        ----a-r-        c:\users\Stina\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-03-11 10:37 . 2013-03-11 10:37        --------        d-----w-        c:\program files\Sophos
2013-03-11 07:59 . 2013-03-18 10:36        73432        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-11 07:59 . 2013-03-18 10:36        693976        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-03-03 09:48 . 2013-03-03 09:48        --------        d-----w-        c:\programdata\Terzio
2013-03-03 09:45 . 2013-03-03 09:45        65536        ----a-r-        c:\users\Stina\AppData\Roaming\Microsoft\Installer\{3D339202-76E6-4815-89D0-B59A8654B812}\AppName_3D33920276E6481589D0B59A8654B812.exe
2013-03-02 16:44 . 2000-01-04 22:20        86016        ----a-w-        c:\windows\unvise32qt.exe
2013-03-02 16:44 . 2013-03-02 16:44        106496        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-03-02 16:44 . 2013-03-02 16:44        106496        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-03-02 16:44 . 2013-03-02 16:44        106496        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-03-02 16:44 . 2013-03-02 16:44        106496        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-03-02 16:44 . 2013-03-02 16:44        106496        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-03-02 16:44 . 2013-03-02 16:44        106496        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-03-02 16:44 . 2013-03-02 16:44        106496        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-03-02 16:43 . 2013-03-02 16:45        1409        ----a-w-        c:\windows\QTFont.for
2013-03-02 16:42 . 2013-03-02 16:45        --------        d-----w-        c:\program files\QuickTime
2013-03-02 16:42 . 2013-03-02 16:44        --------        d-----w-        c:\windows\system32\QuickTime
2013-03-02 16:41 . 2013-03-02 16:45        --------        d-----w-        c:\programdata\QuickTime
2013-03-02 16:40 . 2013-03-03 09:45        --------        d-----w-        C:\Terzio
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 16:46 . 2013-02-12 16:48        36552        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-02-12 16:46 . 2013-02-12 16:48        134336        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-02-12 16:46 . 2013-02-12 16:48        83944        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-03-21 16:19 . 2013-03-21 16:19        263064        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-03-10 1521800]
"{213c8ed6-1d78-4d8f-8729-25006aa86a76}"= "c:\program files\WiseConvert_1.3\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{213c8ed6-1d78-4d8f-8729-25006aa86a76}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{213c8ed6-1d78-4d8f-8729-25006aa86a76}]
2011-05-09 09:49        176936        ----a-w-        c:\program files\WiseConvert_1.3\prxtbWise.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{213c8ed6-1d78-4d8f-8729-25006aa86a76}"= "c:\program files\WiseConvert_1.3\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{213c8ed6-1d78-4d8f-8729-25006aa86a76}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{213C8ED6-1D78-4D8F-8729-25006AA86A76}"= "c:\program files\WiseConvert_1.3\prxtbWise.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{213c8ed6-1d78-4d8f-8729-25006aa86a76}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 176664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 178200]
"YouCam Mirage"="c:\program files\Lenovo\YouCam\YCMMirage.exe" [2010-12-05 136488]
"YouCam Tray"="c:\program files\Lenovo\YouCam\YouCam.exe" [2010-12-05 224352]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2010-11-12 8644512]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\Utility.exe" [2010-11-12 5052320]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-12-22 2049320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-03-10 1644680]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-03-02 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;g:\programme\Team Tools\Performance Tools\VSPerfDrv100.sys [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX86.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 26915084
*NewlyCreated* - 35530276
*NewlyCreated* - ASWMBR
*Deregistered* - 26915084
*Deregistered* - 35530276
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 09:08        1629648        ----a-w-        c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-11 10:37]
.
2013-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-14 12:35]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-14 12:35]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
mStart Page = hxxp://www.google.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
LSP: %SystemRoot%\system32\vsocklib.dll
FF - ProfilePath - c:\users\Stina\AppData\Roaming\Mozilla\Firefox\Profiles\jqm8jeti.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
FF - ExtSQL: 2013-02-12 17:48; toolbar@ask.com; c:\users\Stina\AppData\Roaming\Mozilla\Firefox\Profiles\jqm8jeti.default\extensions\toolbar@ask.com
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-26  10:21:10
ComboFix-quarantined-files.txt  2013-03-26 09:21
.
Vor Suchlauf: 9 Verzeichnis(se), 23.433.224.192 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 24.646.176.768 Bytes frei
.
- - End Of File - - C2FB9C70AEB02E6389E9EDCC72B244C1

cosinus 26.03.2013 12:24
JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131