Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster) (https://www.trojaner-board.de/133522-vermute-trojaner-virus-schwarzer-bildschirm-pop-up-fenster.html)

levon 10.04.2013 19:50
Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster)
 
Hallo in die Runde,

ich denke bei mir hat sich leider ein Trojaner oder ein Virus eingenistet.
Es fing damit an, dass ich vor ein paar Tagen, nachdem ich den Laptop angemacht und mich bei Windows angemeldet habe, einen schwarzen Bildschirm bekam. Zusatzlich erschien noch ein kleines Info-Fenster mit einer Fehlermeldung zur Webplattform.
Dieses kam mir sehr komisch vor, also habe ich direkt mit meinem Virenprogramm (Avira) einen kompletten Suchlauf gestartet.
Tatsächlich wurde dieses hier entdeckt: JS/Agent.alf. Diesen Virus (durch Javascript?) habe ich in die Quarantäne gepackt und anschließend gelöscht.
Danach habe ich nochmal einen Suchlauf gestartet und zusätzlich "Spybot - Search & Destroy". Es wurde nichts mehr gefunden, also dachte ich, es sei alles okay.
Die Java-Software habe ich auch deinstalliert, da gab es ja auch anscheinend einige Sicherheitslücken und ich habe gelesen, dass JS auf einen Javascript-Virus hindeutet.

Als ich heute den PC angemacht habe, kam nach der Anmeldung bei Windows erneut ein Info-Fenster (Bildschirm war sonst normal), mit der Meldung das der Server ausgelastet sei. Da bekam ich dann doch leichte Panik und befürchte, dass sich bei mir noch irgendwas versteckt.

Ich habe eben Malwarebytes runtergeladen und einen Scan gemacht, dort wurde auch was gefunden.
Bevor ich hier jetzt irgendwelche Auswertungen poste, warte ich erstmal eure Antwort ab, was ich als erstes machen soll!

Ich bedanke mich schonmal ganz herzlich für eure Hilfe - toll, dass es dieses Forum gibt! :)

VG, levon

cosinus 11.04.2013 09:36
Hallo und :hallo:

Zitat:
Tatsächlich wurde dieses hier entdeckt: JS/Agent.alf.
Ich habe eben Malwarebytes runtergeladen und einen Scan gemacht, dort wurde auch was gefunden.
Schön und wo sind die Logs dazu? :glaskugel:

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

levon 11.04.2013 10:28
Hallo cosinus,

lieben Dank für deine Antwort! :-)

Bitte entschuldige, dass ich diese noch nicht gepostet habe.
Ich bin leider absoluter Laie was den PC angeht und war ein wenig unsicher, ob diese direkt als erstes wichtig sind. :o

Avira:

Code:

Exportierte Ereignisse:

08.04.2013 00:49 [System-Scanner] Malware gefunden
      Die Datei 'D:\PRIVATE\Backup Set 2011-11-06 190004\Backup Files 2011-11-27
      190005\Backup files 3.zip'
      enthielt einen Virus oder unerwünschtes Programm 'JS/Agent.alf' [virus].
      Durchgeführte Aktion(en):
      Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56615634.qua'
      verschoben!
Malwarebytes:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.10.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
admin :: PRIVATE [Administrator]

10.04.2013 18:17:43
mbam-log-2013-04-10 (18-17-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 490260
Laufzeit: 2 Stunde(n), 10 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEXD7DH5\MyPhoneExplorer_v2_5185[1].exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Dankeschön für deine Hilfe,

VG, levon

cosinus 11.04.2013 10:42
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

levon 11.04.2013 11:10
Hier die Auswertung:

OTL.Txt:

Code:
OTL logfile created on: 11.04.2013 11:50:34 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Ich\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 64,42% Memory free
5,93 Gb Paging File | 4,75 Gb Available in Paging File | 80,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 59,48 Gb Free Space | 41,86% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 2,55 Gb Free Space | 1,78% Space Free | Partition Type: NTFS
Drive F: | 33,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PRIVATE | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ich\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Mobile Partner\Mobile Partner.exe ()
PRC - C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe ()
PRC - C:\ProgramData\DatacardService\HWDeviceService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Mobile Partner\Mobile Partner.exe ()
MOD - C:\Program Files\Mobile Partner\XFramePlugin.dll ()
MOD - C:\Program Files\Mobile Partner\XCodec.dll ()
MOD - C:\Program Files\Mobile Partner\Win7Support.dll ()
MOD - C:\Program Files\Mobile Partner\QtGui4.dll ()
MOD - C:\Program Files\Mobile Partner\QtCore4.dll ()
MOD - C:\Program Files\Mobile Partner\QtNetwork4.dll ()
MOD - C:\Program Files\Mobile Partner\NDISAPI.dll ()
MOD - C:\Program Files\Mobile Partner\AddrBookPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\SMSUIPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\AddrBookUIPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\SmsAppPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\CallAppPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\CallLogSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\PluginContainer.dll ()
MOD - C:\Program Files\Mobile Partner\DeviceMgrUIPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\NetInfoUIExPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\DialupUIPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\USSDUIPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\core.dll ()
MOD - C:\Program Files\Mobile Partner\QtXml4.dll ()
MOD - C:\Program Files\Mobile Partner\Proxy.dll ()
MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qtiff4.dll ()
MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qmng4.dll ()
MOD - C:\Program Files\Mobile Partner\DeviceAppPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\NetConnectPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\StatusBarMgrPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\DeviceSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\MenuMgrPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\NetInfoSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\LiveUpdateInterface.dll ()
MOD - C:\Program Files\Mobile Partner\AddrBookSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\sdk.dll ()
MOD - C:\Program Files\Mobile Partner\AtCodec.dll ()
MOD - C:\Program Files\Mobile Partner\NetSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\Common.dll ()
MOD - C:\Program Files\Mobile Partner\SmsSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\DialUpPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\ToolBarMgrPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Mobile Partner\NDISPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\CallSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\NetConnectSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\DataServicePlugin.dll ()
MOD - C:\Program Files\Mobile Partner\STKSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\USSDSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\Trace.dll ()
MOD - C:\Program Files\Mobile Partner\OSDialup.dll ()
MOD - C:\Program Files\Mobile Partner\OSNDIS.dll ()
MOD - C:\Program Files\Mobile Partner\ATR2SMgr.dll ()
MOD - C:\Program Files\Mobile Partner\LayoutPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\OSAdapt.dll ()
MOD - C:\Program Files\Mobile Partner\NotifyServicePlugin.dll ()
MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files\Mobile Partner\OSPowerMgr.dll ()
MOD - C:\Program Files\Mobile Partner\OSCall.dll ()
MOD - C:\Program Files\Mobile Partner\libgcc_s_dw2-1.dll ()
MOD - C:\Program Files\Mobile Partner\mingwm10.dll ()
MOD - C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Mobile Partner. RunOuc) -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe ()
SRV - (HWDeviceService.exe) -- C:\ProgramData\DatacardService\HWDeviceService.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (massfilter_hs) -- system32\drivers\massfilter_hs.sys File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ANDModem) -- C:\Windows\System32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\Windows\System32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\Windows\System32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\Windows\System32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (ewusbmbb) -- C:\Windows\System32\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes\{22F0B17F-A86E-4C0A-AA5C-6119E3002EBA}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=0a52e595-6f8c-416f-a1d8-fac4f371e78f&apn_sauid=38AF023F-C93E-49BE-BAC0-5EF0E69E326B
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.18.100015
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.19 19:56:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.20 23:02:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.19 19:56:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.20 23:02:51 | 000,000,000 | ---D | M]
 
[2010.01.31 12:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2013.04.09 18:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\hynkrtid.default\extensions
[2010.04.28 17:44:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\hynkrtid.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.03.21 13:53:16 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\hynkrtid.default\extensions\toolbar@ask.com
[2013.01.13 21:58:36 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\hynkrtid.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013.04.07 19:55:06 | 000,002,413 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\hynkrtid.default\searchplugins\askcom.xml
[2013.03.19 19:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.03.19 19:56:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.12 20:50:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.12 20:50:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.12 20:50:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.12 20:50:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.12 20:50:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.12 20:50:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.07 20:39:35 | 000,446,350 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 15326 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000..\Run: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001..\Run: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{207CF46E-06F6-44F9-92EF-6BCE91A74B41}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46D50210-7A62-4338-A6F6-8303BF35686A}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48A0CE4C-692F-4871-BA11-49398ABF9F30}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A50637DA-74A3-4D25-B99E-82B4B23F0C5E}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA47CB26-4693-46AE-A6C4-16926F19FBD4}: NameServer = 193.189.244.206 193.189.244.225
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.03.15 01:27:21 | 000,148,320 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.10.16 11:12:34 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{131565f8-5a26-11e1-b43b-0c6076db69af}\Shell - "" = AutoRun
O33 - MountPoints2\{131565f8-5a26-11e1-b43b-0c6076db69af}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011.03.15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{3870bd6a-384c-11e1-8dca-0c6076db69af}\Shell - "" = AutoRun
O33 - MountPoints2\{3870bd6a-384c-11e1-8dca-0c6076db69af}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011.03.15 01:27:21 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{7d5ecb83-0e4c-11df-9ac3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7d5ecb83-0e4c-11df-9ac3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{9700b04f-0e52-11df-8eba-0c6076db69af}\Shell - "" = AutoRun
O33 - MountPoints2\{9700b04f-0e52-11df-8eba-0c6076db69af}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{d3c71fb3-4f25-11e1-b97e-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{d3c71fb3-4f25-11e1-b97e-001e101f9843}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011.03.15 01:27:21 | 000,148,320 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.10 22:11:11 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 22:11:10 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.10 22:11:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.10 22:11:10 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 22:11:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 22:11:08 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 22:11:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.10 22:11:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.04.10 22:11:08 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.10 22:11:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.10 18:14:51 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2013.04.10 18:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.10 18:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.10 18:14:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.10 18:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.04.10 18:13:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Programs
[2013.04.10 18:05:04 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 18:05:00 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.10 18:05:00 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.10 18:04:54 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 18:04:54 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 18:04:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.05 23:43:49 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.04.05 23:43:49 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.04.05 23:43:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.04.05 23:43:49 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.04.05 23:43:49 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.04.05 23:43:49 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.04.05 23:43:49 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.05 23:43:49 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.05 23:43:49 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.04.05 23:43:49 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.04.05 23:43:49 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.04.05 23:43:49 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.04.05 23:43:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.04.05 23:43:49 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.05 23:43:49 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.04.05 23:43:49 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.05 23:43:48 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.05 23:43:48 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.04.05 23:43:48 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.04.05 23:43:48 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.04.05 23:43:48 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.05 23:43:48 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.04.05 23:43:48 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.05 23:43:48 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.05 23:43:48 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.04.05 23:43:48 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.05 23:42:46 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.04.05 23:42:46 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.04.05 23:42:46 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.04.05 23:42:46 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.04.05 23:42:46 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.04.05 23:42:46 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.04.05 23:42:46 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.04.05 23:42:46 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.04.05 23:42:46 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.04.05 23:42:46 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.04.05 23:42:46 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.04.05 23:42:46 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.04.05 23:42:46 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.04.05 23:42:46 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.04.05 23:42:46 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.04.05 23:42:46 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.04.05 23:42:46 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.05 23:42:46 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.05 23:42:46 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.05 23:42:46 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.05 23:42:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.05 23:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.05 23:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.04.05 23:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.05 23:42:46 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.31 00:30:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\OpenOffice.org
[2013.03.31 00:28:20 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Avira
[2013.03.24 11:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.24 11:54:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.24 11:54:54 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.24 11:54:54 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.24 11:54:54 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.24 11:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.03.20 23:05:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.19 19:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.11 11:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.11 10:29:45 | 000,010,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 10:29:45 | 000,010,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.11 10:29:31 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.11 10:29:31 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.11 10:29:31 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.11 10:29:31 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.11 10:22:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.11 10:21:09 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.10 23:19:22 | 000,330,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.07 20:39:35 | 000,446,350 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.05 23:43:49 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.04.05 23:43:49 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.04.05 23:43:49 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.04.05 23:43:49 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.04.05 23:43:49 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.04.05 23:43:49 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.04.05 23:43:49 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.05 23:43:49 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.05 23:43:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.04.05 23:43:49 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.04.05 23:43:49 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.04.05 23:43:49 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.04.05 23:43:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.04.05 23:43:49 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.05 23:43:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.04.05 23:43:49 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.05 23:43:48 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.05 23:43:48 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.04.05 23:43:48 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.04.05 23:43:48 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.04.05 23:43:48 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.05 23:43:48 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.04.05 23:43:48 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.05 23:43:48 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.05 23:43:48 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.04.05 23:43:48 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.04.05 23:43:48 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.05 23:42:46 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.04.05 23:42:46 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.04.05 23:42:46 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.04.05 23:42:46 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.04.05 23:42:46 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.04.05 23:42:46 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.04.05 23:42:46 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.04.05 23:42:46 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.04.05 23:42:46 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.04.05 23:42:46 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.04.05 23:42:46 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.04.05 23:42:46 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.04.05 23:42:46 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.04.05 23:42:46 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.04.05 23:42:46 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.04.05 23:42:46 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.04.05 23:42:46 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.05 23:42:46 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.05 23:42:46 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.05 23:42:46 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.05 23:42:46 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.05 23:42:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.05 23:42:46 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.04.05 23:42:46 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.05 23:42:46 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.31 00:31:22 | 000,001,157 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.03.28 11:12:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.28 11:12:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.28 11:12:36 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.24 11:50:04 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.21 13:54:07 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.21 13:54:07 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.19 20:34:16 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.19 20:34:16 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.03.19 06:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.05 23:43:48 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.03.31 00:31:22 | 000,001,157 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012.09.21 17:58:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012.09.21 17:58:16 | 000,002,411 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.04.29 19:15:47 | 000,015,326 | ---- | C] () -- C:\Users\admin\AppData\Local\internal.grp
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
Extras.Txt:

Code:
OTL Extras logfile created on: 11.04.2013 11:50:34 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Ich\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 64,42% Memory free
5,93 Gb Paging File | 4,75 Gb Available in Paging File | 80,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 59,48 Gb Free Space | 41,86% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 2,55 Gb Free Space | 1,78% Space Free | Partition Type: NTFS
Drive F: | 33,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PRIVATE | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Müller Foto\Müller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files\Müller Foto\Müller Foto\Müller Foto.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27E75EEB-A94E-4D1F-8461-D2F1411F7B9D}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{464D0401-2C66-4BB3-A2E8-A84BF952ED07}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{638EA069-B42F-4006-BA51-52739EB7889E}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{766A7AEA-FEA6-4E7B-98C4-29BD878FFE34}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{8C3DAF3A-1D27-4342-9548-1671CDA331CE}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{CF1B2582-3850-4169-BD4F-07C5F1A24855}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{DB6A46AB-61EA-4FF3-A96D-87E49571190B}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{F542A838-0F15-4678-B6EB-5468758969A6}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"TCP Query User{FA0336ED-FC52-46F1-B103-01DE328BC69B}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{4BA8973F-35B0-448E-AC70-CEABA5FFAFFD}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3BCC5640-5360-11D4-A44A-0000E86D2305}" = Ulead Drop Spot 1.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DEAED7D-E85E-48EB-999E-5B4576A22369}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{764143D0-CBA1-4699-B6D6-4D39A4DB75FB}" = Ulead PhotoImpact 7 SE
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{82CED69E-C96D-401F-A6F3-1128C460712C}" = NetObjects Fusion 9.0
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{99FFFFC6-1A78-4837-AFED-55FAA854AF1F}" = Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C9E6AC9C-4C9A-430C-8CF2-896A6755B6E6}" = SiteStyles Volume 2
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{E2AE8456-CCFE-46C0-8629-71CC507660FC}" = LG SP USB Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"DPP" = Canon Utilities Digital Photo Professional 3.10
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"FormatFactory" = FormatFactory 2.96
"HP Photo Creations" = HP Photo Creations
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Müller Foto" = Müller Foto
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Philips Songbird" = Philips Songbird
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Sarah’s Ranch" = Sarah’s Ranch
"Sarah’s Ranch 2" = Sarah’s Ranch 2
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.03.2013 15:27:44 | Computer Name = PRIVATE | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.03.2013 15:29:39 | Computer Name = PRIVATE | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 31.03.2013 13:05:06 | Computer Name = PRIVATE | Source = Windows Backup | ID = 4104
Description =
 
Error - 02.04.2013 14:29:12 | Computer Name = PRIVATE | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.04.2013 14:30:47 | Computer Name = PRIVATE | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 07.04.2013 07:01:08 | Computer Name = PRIVATE | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.04.2013 07:03:25 | Computer Name = PRIVATE | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 07.04.2013 14:08:41 | Computer Name = PRIVATE | Source = Windows Backup | ID = 4104
Description =
 
Error - 08.04.2013 09:55:03 | Computer Name = PRIVATE | Source = VSS | ID = 12310
Description =
 
Error - 08.04.2013 09:55:03 | Computer Name = PRIVATE | Source = VSS | ID = 12298
Description =
 
[ Media Center Events ]
Error - 28.12.2012 18:13:35 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 23:13:30 - Fehler beim Herstellen der Internetverbindung.  23:13:30
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 28.12.2012 19:13:44 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 00:13:43 - Fehler beim Herstellen der Internetverbindung.  00:13:43
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 09.01.2013 16:01:14 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 21:01:14 - Fehler beim Herstellen der Internetverbindung.  21:01:14
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 09.01.2013 16:01:28 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 21:01:19 - Fehler beim Herstellen der Internetverbindung.  21:01:19
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 23.01.2013 15:45:43 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 20:45:43 - Fehler beim Herstellen der Internetverbindung.  20:45:43
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 23.01.2013 15:45:57 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 20:45:49 - Fehler beim Herstellen der Internetverbindung.  20:45:49
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 27.01.2013 05:17:42 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 10:17:35 - Fehler beim Herstellen der Internetverbindung.  10:17:35
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 05.02.2013 15:27:20 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 20:27:20 - Fehler beim Herstellen der Internetverbindung.  20:27:20
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 05.02.2013 15:27:30 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 20:27:25 - Fehler beim Herstellen der Internetverbindung.  20:27:25
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 28.02.2013 08:06:11 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 13:05:56 - Fehler beim Herstellen der Internetverbindung.  13:05:56
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 10.04.2013 14:36:35 | Computer Name = PRIVATE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet:  %%1053
 
Error - 10.04.2013 17:19:29 | Computer Name = PRIVATE | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 10.04.2013 17:19:29 | Computer Name = PRIVATE | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 10.04.2013 17:19:45 | Computer Name = PRIVATE | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
Error - 10.04.2013 17:19:45 | Computer Name = PRIVATE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet:  %%1053
 
Error - 10.04.2013 18:29:30 | Computer Name = PRIVATE | Source = DCOM | ID = 10010
Description =
 
Error - 11.04.2013 04:22:07 | Computer Name = PRIVATE | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 11.04.2013 04:22:07 | Computer Name = PRIVATE | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 11.04.2013 04:22:13 | Computer Name = PRIVATE | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
Error - 11.04.2013 04:22:13 | Computer Name = PRIVATE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet:  %%1053
 
 
< End of report >

cosinus 11.04.2013 12:37
Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

levon 11.04.2013 14:25
GMER:

Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-11 14:48:49
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM320II rev.2AC101C4 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\admin\AppData\Local\Temp\ugddapob.sys


---- System - GMER 2.1 ----

SSDT  932783A6                                                                                        ZwCreateSection
SSDT  932783B0                                                                                        ZwRequestWaitReplyPort
SSDT  932783AB                                                                                        ZwSetContextThread
SSDT  932783B5                                                                                        ZwSetSecurityObject
SSDT  932783BA                                                                                        ZwSystemDebugControl
SSDT  93278347                                                                                        ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text  ntoskrnl.exe!ZwRollbackEnlistment + 140D                                                        830389A9 1 Byte  [06]
.text  ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                          830584F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntoskrnl.exe!KeRemoveQueueEx + 14BF                                                              8305F894 4 Bytes  [A6, 83, 27, 93] {CMPSB ; AND DWORD [EDI], -0x6d}
.text  ntoskrnl.exe!KeRemoveQueueEx + 181B                                                              8305FBF0 4 Bytes  [B0, 83, 27, 93] {MOV AL, 0x83; DAA ; XCHG EBX, EAX}
.text  ntoskrnl.exe!KeRemoveQueueEx + 185F                                                              8305FC34 4 Bytes  [AB, 83, 27, 93] {STOSD ; AND DWORD [EDI], -0x6d}
.text  ntoskrnl.exe!KeRemoveQueueEx + 18DB                                                              8305FCB0 4 Bytes  [B5, 83, 27, 93] {MOV CH, 0x83; DAA ; XCHG EBX, EAX}
.text  ntoskrnl.exe!KeRemoveQueueEx + 192F                                                              8305FD04 4 Bytes  [BA, 83, 27, 93]
.text  ...                                                                                             
.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                                        section is writeable [0x93C2D000, 0x2D5378, 0xE8000020]

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076db69af                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076db69af@001813315da0        0xCB 0xB2 0xBD 0xF2 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076db69af@74a722875fc5        0x9E 0xBE 0x2A 0x52 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076db69af (not active ControlSet) 
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076db69af@001813315da0            0xCB 0xB2 0xBD 0xF2 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076db69af@74a722875fc5            0x9E 0xBE 0x2A 0x52 ...

---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk0\DR0                                                                            unknown MBR code

---- EOF - GMER 2.1 ----
MBAR:

Congratulations, no cleanup is required!
Scan Finished: No malware found!

Code:
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.11.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
admin :: PRIVATE [administrator]

11.04.2013 15:17:06
mbar-log-2013-04-11 (15-17-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27798
Time elapsed: 8 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

cosinus 11.04.2013 14:55
aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

levon 11.04.2013 15:30
aswMBR.txt:

Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-11 16:00:01
-----------------------------
16:00:01.885    OS Version: Windows 6.1.7601 Service Pack 1
16:00:01.885    Number of processors: 2 586 0x170A
16:00:01.885    ComputerName: PRIVATE  UserName: admin
16:00:02.384    Initialize success
16:04:53.441    AVAST engine defs: 13041100
16:05:32.738    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:05:32.738    Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 11
16:05:32.894    Disk 0 MBR read successfully
16:05:32.909    Disk 0 MBR scan
16:05:32.925    Disk 0 unknown MBR code
16:05:32.940    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        13312 MB offset 2048
16:05:32.972    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      145497 MB offset 27265024
16:05:33.018    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      146434 MB offset 325242880
16:05:33.034    Disk 0 scanning sectors +625139712
16:05:33.174    Disk 0 scanning C:\Windows\system32\drivers
16:05:52.160    Service scanning
16:06:19.382    Modules scanning
16:06:54.388    Disk 0 trace - called modules:
16:06:54.919    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
16:06:54.919    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86479030]
16:06:54.934    3 CLASSPNP.SYS[8c28359e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86395030]
16:06:56.042    AVAST engine scan C:\Windows
16:07:00.207    AVAST engine scan C:\Windows\system32
16:10:42.398    AVAST engine scan C:\Windows\system32\drivers
16:11:00.635    AVAST engine scan C:\Users\admin
16:14:02.749    AVAST engine scan C:\ProgramData
16:15:47.535    Scan finished successfully
16:17:18.015    Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
16:17:18.015    The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"
TDSS-Killer:

Code:
16:19:47.0449 2504  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:19:49.0477 2504  ============================================================
16:19:49.0477 2504  Current date / time: 2013/04/11 16:19:49.0477
16:19:49.0477 2504  SystemInfo:
16:19:49.0477 2504 
16:19:49.0477 2504  OS Version: 6.1.7601 ServicePack: 1.0
16:19:49.0477 2504  Product type: Workstation
16:19:49.0477 2504  ComputerName: PRIVATE
16:19:49.0477 2504  UserName: admin
16:19:49.0477 2504  Windows directory: C:\Windows
16:19:49.0477 2504  System windows directory: C:\Windows
16:19:49.0477 2504  Processor architecture: Intel x86
16:19:49.0477 2504  Number of processors: 2
16:19:49.0477 2504  Page size: 0x1000
16:19:49.0477 2504  Boot type: Normal boot
16:19:49.0477 2504  ============================================================
16:19:50.0694 2504  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:19:50.0709 2504  ============================================================
16:19:50.0709 2504  \Device\Harddisk0\DR0:
16:19:50.0709 2504  MBR partitions:
16:19:50.0709 2504  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x11C2C800
16:19:50.0709 2504  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1362D000, BlocksNum 0x11E01000
16:19:50.0709 2504  ============================================================
16:19:50.0756 2504  C: <-> \Device\Harddisk0\DR0\Partition1
16:19:50.0803 2504  D: <-> \Device\Harddisk0\DR0\Partition2
16:19:50.0803 2504  ============================================================
16:19:50.0803 2504  Initialize success
16:19:50.0803 2504  ============================================================
16:22:14.0261 3588  ============================================================
16:22:14.0261 3588  Scan started
16:22:14.0261 3588  Mode: Manual;
16:22:14.0261 3588  ============================================================
16:22:15.0088 3588  ================ Scan system memory ========================
16:22:15.0088 3588  System memory - ok
16:22:15.0088 3588  ================ Scan services =============================
16:22:15.0275 3588  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:22:15.0290 3588  1394ohci - ok
16:22:15.0337 3588  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:22:15.0337 3588  ACPI - ok
16:22:15.0368 3588  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
16:22:15.0368 3588  AcpiPmi - ok
16:22:15.0524 3588  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:22:15.0524 3588  AdobeARMservice - ok
16:22:15.0665 3588  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:22:15.0665 3588  AdobeFlashPlayerUpdateSvc - ok
16:22:15.0743 3588  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
16:22:15.0758 3588  adp94xx - ok
16:22:15.0758 3588  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
16:22:15.0774 3588  adpahci - ok
16:22:15.0790 3588  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
16:22:15.0790 3588  adpu320 - ok
16:22:15.0836 3588  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
16:22:15.0836 3588  AeLookupSvc - ok
16:22:15.0899 3588  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD            C:\Windows\system32\drivers\afd.sys
16:22:15.0899 3588  AFD - ok
16:22:15.0930 3588  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
16:22:15.0930 3588  agp440 - ok
16:22:15.0977 3588  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
16:22:15.0977 3588  aic78xx - ok
16:22:16.0008 3588  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
16:22:16.0008 3588  ALG - ok
16:22:16.0024 3588  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:22:16.0024 3588  aliide - ok
16:22:16.0086 3588  [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:22:16.0086 3588  AMD External Events Utility - ok
16:22:16.0102 3588  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:22:16.0102 3588  amdagp - ok
16:22:16.0117 3588  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:22:16.0117 3588  amdide - ok
16:22:16.0164 3588  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
16:22:16.0180 3588  AmdK8 - ok
16:22:16.0195 3588  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:22:16.0195 3588  AmdPPM - ok
16:22:16.0242 3588  [ D320BF87125326F996D4904FE24300FC ] amdsata        C:\Windows\system32\drivers\amdsata.sys
16:22:16.0242 3588  amdsata - ok
16:22:16.0273 3588  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:22:16.0273 3588  amdsbs - ok
16:22:16.0304 3588  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
16:22:16.0304 3588  amdxata - ok
16:22:16.0351 3588  [ 3E59DF4984FBD6800D6621480B38A34E ] Andbus          C:\Windows\system32\DRIVERS\lgandbus.sys
16:22:16.0351 3588  Andbus - ok
16:22:16.0398 3588  [ 8E0BF6F3B2C9C292BC7CE0DE727CDD56 ] AndDiag        C:\Windows\system32\DRIVERS\lganddiag.sys
16:22:16.0398 3588  AndDiag - ok
16:22:16.0414 3588  [ 1D2C90E25483363D54B652898BBC8F2A ] AndGps          C:\Windows\system32\DRIVERS\lgandgps.sys
16:22:16.0414 3588  AndGps - ok
16:22:16.0445 3588  [ B1B06A95DA2CAC7FA19832C60C348C85 ] ANDModem        C:\Windows\system32\DRIVERS\lgandmodem.sys
16:22:16.0445 3588  ANDModem - ok
16:22:16.0601 3588  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:22:16.0616 3588  AntiVirSchedulerService - ok
16:22:16.0679 3588  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:22:16.0679 3588  AntiVirService - ok
16:22:16.0741 3588  [ 5A123AABB571AEA78AE63AF5E372F796 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:22:16.0757 3588  AntiVirWebService - ok
16:22:16.0788 3588  [ AEA177F783E20150ACE5383EE368DA19 ] AppID          C:\Windows\system32\drivers\appid.sys
16:22:16.0788 3588  AppID - ok
16:22:16.0850 3588  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:22:16.0850 3588  AppIDSvc - ok
16:22:16.0897 3588  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo        C:\Windows\System32\appinfo.dll
16:22:16.0913 3588  Appinfo - ok
16:22:16.0960 3588  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\DRIVERS\arc.sys
16:22:16.0975 3588  arc - ok
16:22:16.0975 3588  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:22:16.0975 3588  arcsas - ok
16:22:17.0006 3588  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:22:17.0006 3588  AsyncMac - ok
16:22:17.0053 3588  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\Windows\system32\drivers\atapi.sys
16:22:17.0053 3588  atapi - ok
16:22:17.0131 3588  [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr            C:\Windows\system32\DRIVERS\athr.sys
16:22:17.0147 3588  athr - ok
16:22:17.0318 3588  [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:22:17.0443 3588  atikmdag - ok
16:22:17.0537 3588  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:22:17.0537 3588  AudioEndpointBuilder - ok
16:22:17.0552 3588  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:22:17.0552 3588  Audiosrv - ok
16:22:17.0615 3588  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:22:17.0615 3588  avgntflt - ok
16:22:17.0677 3588  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:22:17.0677 3588  avipbb - ok
16:22:17.0724 3588  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:22:17.0724 3588  avkmgr - ok
16:22:17.0771 3588  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:22:17.0771 3588  AxInstSV - ok
16:22:17.0833 3588  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
16:22:17.0833 3588  b06bdrv - ok
16:22:17.0864 3588  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
16:22:17.0880 3588  b57nd60x - ok
16:22:17.0927 3588  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:22:17.0927 3588  BDESVC - ok
16:22:17.0958 3588  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:22:17.0958 3588  Beep - ok
16:22:18.0020 3588  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE            C:\Windows\System32\bfe.dll
16:22:18.0020 3588  BFE - ok
16:22:18.0067 3588  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
16:22:18.0083 3588  BITS - ok
16:22:18.0098 3588  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:22:18.0098 3588  blbdrive - ok
16:22:18.0130 3588  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:22:18.0130 3588  bowser - ok
16:22:18.0161 3588  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:22:18.0161 3588  BrFiltLo - ok
16:22:18.0176 3588  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:22:18.0176 3588  BrFiltUp - ok
16:22:18.0208 3588  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser        C:\Windows\System32\browser.dll
16:22:18.0208 3588  Browser - ok
16:22:18.0254 3588  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
16:22:18.0254 3588  Brserid - ok
16:22:18.0270 3588  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:22:18.0270 3588  BrSerWdm - ok
16:22:18.0301 3588  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:22:18.0301 3588  BrUsbMdm - ok
16:22:18.0301 3588  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:22:18.0301 3588  BrUsbSer - ok
16:22:18.0364 3588  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum        C:\Windows\system32\drivers\BthEnum.sys
16:22:18.0364 3588  BthEnum - ok
16:22:18.0379 3588  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:22:18.0379 3588  BTHMODEM - ok
16:22:18.0426 3588  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:22:18.0426 3588  BthPan - ok
16:22:18.0457 3588  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT        C:\Windows\System32\Drivers\BTHport.sys
16:22:18.0457 3588  BTHPORT - ok
16:22:18.0504 3588  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
16:22:18.0504 3588  bthserv - ok
16:22:18.0535 3588  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
16:22:18.0535 3588  BTHUSB - ok
16:22:18.0566 3588  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:22:18.0582 3588  cdfs - ok
16:22:18.0644 3588  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
16:22:18.0644 3588  cdrom - ok
16:22:18.0691 3588  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc    C:\Windows\System32\certprop.dll
16:22:18.0707 3588  CertPropSvc - ok
16:22:18.0754 3588  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:22:18.0754 3588  circlass - ok
16:22:18.0785 3588  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
16:22:18.0800 3588  CLFS - ok
16:22:18.0878 3588  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:22:18.0894 3588  clr_optimization_v2.0.50727_32 - ok
16:22:18.0988 3588  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:22:18.0988 3588  clr_optimization_v4.0.30319_32 - ok
16:22:19.0003 3588  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:22:19.0003 3588  CmBatt - ok
16:22:19.0019 3588  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:22:19.0019 3588  cmdide - ok
16:22:19.0081 3588  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG            C:\Windows\system32\Drivers\cng.sys
16:22:19.0081 3588  CNG - ok
16:22:19.0097 3588  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:22:19.0097 3588  Compbatt - ok
16:22:19.0144 3588  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:22:19.0144 3588  CompositeBus - ok
16:22:19.0159 3588  COMSysApp - ok
16:22:19.0206 3588  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
16:22:19.0206 3588  crcdisk - ok
16:22:19.0284 3588  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:22:19.0284 3588  CryptSvc - ok
16:22:19.0331 3588  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:22:19.0346 3588  DcomLaunch - ok
16:22:19.0378 3588  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
16:22:19.0378 3588  defragsvc - ok
16:22:19.0424 3588  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:22:19.0440 3588  DfsC - ok
16:22:19.0456 3588  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:22:19.0471 3588  Dhcp - ok
16:22:19.0502 3588  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
16:22:19.0518 3588  discache - ok
16:22:19.0549 3588  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:22:19.0549 3588  Disk - ok
16:22:19.0596 3588  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:22:19.0596 3588  Dnscache - ok
16:22:19.0643 3588  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc        C:\Windows\System32\dot3svc.dll
16:22:19.0643 3588  dot3svc - ok
16:22:19.0690 3588  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS            C:\Windows\system32\dps.dll
16:22:19.0690 3588  DPS - ok
16:22:19.0736 3588  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
16:22:19.0736 3588  drmkaud - ok
16:22:19.0783 3588  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
16:22:19.0799 3588  DXGKrnl - ok
16:22:19.0846 3588  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
16:22:19.0846 3588  EapHost - ok
16:22:19.0970 3588  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
16:22:20.0002 3588  ebdrv - ok
16:22:20.0033 3588  [ 81951F51E318AECC2D68559E47485CC4 ] EFS            C:\Windows\System32\lsass.exe
16:22:20.0033 3588  EFS - ok
16:22:20.0095 3588  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
16:22:20.0111 3588  ehRecvr - ok
16:22:20.0142 3588  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\Windows\ehome\ehsched.exe
16:22:20.0142 3588  ehSched - ok
16:22:20.0204 3588  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
16:22:20.0204 3588  elxstor - ok
16:22:20.0220 3588  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:22:20.0220 3588  ErrDev - ok
16:22:20.0298 3588  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
16:22:20.0298 3588  EventSystem - ok
16:22:20.0360 3588  [ 026F6D48CC5293C7B8A696376618B9D2 ] ewusbmbb        C:\Windows\system32\DRIVERS\ewusbwwan.sys
16:22:20.0360 3588  ewusbmbb - ok
16:22:20.0423 3588  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev    C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:22:20.0423 3588  ew_hwusbdev - ok
16:22:20.0438 3588  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
16:22:20.0438 3588  exfat - ok
16:22:20.0454 3588  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
16:22:20.0454 3588  fastfat - ok
16:22:20.0516 3588  [ 967EA5B213E9984CBE270205DF37755B ] Fax            C:\Windows\system32\fxssvc.exe
16:22:20.0516 3588  Fax - ok
16:22:20.0548 3588  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
16:22:20.0548 3588  fdc - ok
16:22:20.0594 3588  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
16:22:20.0594 3588  fdPHost - ok
16:22:20.0610 3588  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
16:22:20.0610 3588  FDResPub - ok
16:22:20.0626 3588  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:22:20.0641 3588  FileInfo - ok
16:22:20.0657 3588  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
16:22:20.0657 3588  Filetrace - ok
16:22:20.0672 3588  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:22:20.0672 3588  flpydisk - ok
16:22:20.0704 3588  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:22:20.0704 3588  FltMgr - ok
16:22:20.0766 3588  [ E12C4928B32ACE04610259647F072635 ] FontCache      C:\Windows\system32\FntCache.dll
16:22:20.0782 3588  FontCache - ok
16:22:20.0860 3588  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:22:20.0860 3588  FontCache3.0.0.0 - ok
16:22:20.0875 3588  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
16:22:20.0875 3588  FsDepends - ok
16:22:20.0922 3588  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:22:20.0922 3588  Fs_Rec - ok
16:22:20.0984 3588  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:22:20.0984 3588  fvevol - ok
16:22:21.0031 3588  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:22:21.0031 3588  gagp30kx - ok
16:22:21.0094 3588  [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM    C:\Windows\system32\Drivers\GEARAspiWDM.sys
16:22:21.0094 3588  GEARAspiWDM - ok
16:22:21.0156 3588  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc          C:\Windows\System32\gpsvc.dll
16:22:21.0172 3588  gpsvc - ok
16:22:21.0203 3588  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:22:21.0203 3588  hcw85cir - ok
16:22:21.0281 3588  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:22:21.0281 3588  HdAudAddService - ok
16:22:21.0359 3588  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:22:21.0359 3588  HDAudBus - ok
16:22:21.0374 3588  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
16:22:21.0374 3588  HidBatt - ok
16:22:21.0421 3588  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:22:21.0421 3588  HidBth - ok
16:22:21.0452 3588  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
16:22:21.0452 3588  HidIr - ok
16:22:21.0484 3588  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\system32\hidserv.dll
16:22:21.0499 3588  hidserv - ok
16:22:21.0546 3588  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
16:22:21.0546 3588  HidUsb - ok
16:22:21.0608 3588  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:22:21.0640 3588  hkmsvc - ok
16:22:21.0764 3588  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:22:21.0827 3588  HomeGroupListener - ok
16:22:21.0889 3588  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:22:21.0889 3588  HomeGroupProvider - ok
16:22:21.0936 3588  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:22:21.0936 3588  HpSAMD - ok
16:22:22.0014 3588  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:22:22.0030 3588  HTTP - ok
16:22:22.0076 3588  [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:22:22.0076 3588  huawei_enumerator - ok
16:22:22.0139 3588  [ B50E1D8627354BA8E4DF83470F1272C8 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:22:22.0154 3588  hwdatacard - ok
16:22:22.0248 3588  [ 5EF3427AE503B5C03A48F7C9FF458B69 ] HWDeviceService.exe C:\ProgramData\DatacardService\HWDeviceService.exe
16:22:22.0248 3588  HWDeviceService.exe - ok
16:22:22.0310 3588  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:22:22.0310 3588  hwpolicy - ok
16:22:22.0388 3588  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:22:22.0388 3588  i8042prt - ok
16:22:22.0435 3588  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
16:22:22.0451 3588  iaStorV - ok
16:22:22.0513 3588  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:22:22.0529 3588  idsvc - ok
16:22:22.0576 3588  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
16:22:22.0576 3588  iirsp - ok
16:22:22.0654 3588  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:22:22.0654 3588  IKEEXT - ok
16:22:22.0716 3588  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:22:22.0716 3588  intelide - ok
16:22:22.0747 3588  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:22:22.0747 3588  intelppm - ok
16:22:22.0778 3588  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
16:22:22.0778 3588  IPBusEnum - ok
16:22:22.0810 3588  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:22:22.0810 3588  IpFilterDriver - ok
16:22:22.0856 3588  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:22:22.0856 3588  iphlpsvc - ok
16:22:22.0903 3588  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
16:22:22.0903 3588  IPMIDRV - ok
16:22:22.0919 3588  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
16:22:22.0919 3588  IPNAT - ok
16:22:22.0966 3588  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:22:22.0966 3588  IRENUM - ok
16:22:22.0997 3588  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:22:22.0997 3588  isapnp - ok
16:22:23.0012 3588  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:22:23.0028 3588  iScsiPrt - ok
16:22:23.0059 3588  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:22:23.0059 3588  kbdclass - ok
16:22:23.0090 3588  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:22:23.0090 3588  kbdhid - ok
16:22:23.0122 3588  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
16:22:23.0122 3588  KeyIso - ok
16:22:23.0153 3588  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:22:23.0153 3588  KSecDD - ok
16:22:23.0215 3588  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
16:22:23.0215 3588  KSecPkg - ok
16:22:23.0262 3588  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
16:22:23.0262 3588  KtmRm - ok
16:22:23.0293 3588  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:22:23.0293 3588  LanmanServer - ok
16:22:23.0309 3588  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:22:23.0309 3588  LanmanWorkstation - ok
16:22:23.0371 3588  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:22:23.0371 3588  lltdio - ok
16:22:23.0418 3588  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
16:22:23.0434 3588  lltdsvc - ok
16:22:23.0449 3588  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
16:22:23.0449 3588  lmhosts - ok
16:22:23.0496 3588  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:22:23.0496 3588  LSI_FC - ok
16:22:23.0496 3588  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
16:22:23.0496 3588  LSI_SAS - ok
16:22:23.0512 3588  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:22:23.0527 3588  LSI_SAS2 - ok
16:22:23.0543 3588  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:22:23.0543 3588  LSI_SCSI - ok
16:22:23.0558 3588  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
16:22:23.0558 3588  luafv - ok
16:22:23.0590 3588  massfilter - ok
16:22:23.0590 3588  massfilter_hs - ok
16:22:23.0621 3588  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
16:22:23.0636 3588  Mcx2Svc - ok
16:22:23.0668 3588  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
16:22:23.0668 3588  megasas - ok
16:22:23.0683 3588  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:22:23.0683 3588  MegaSR - ok
16:22:23.0730 3588  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
16:22:23.0730 3588  MMCSS - ok
16:22:23.0839 3588  [ 1CE0621B591913C12BECAA5B50E88BB2 ] Mobile Partner. RunOuc C:\Program Files\Mobile Partner\UpdateDog\ouc.exe
16:22:23.0839 3588  Mobile Partner. RunOuc - ok
16:22:23.0855 3588  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
16:22:23.0855 3588  Modem - ok
16:22:23.0886 3588  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
16:22:23.0886 3588  monitor - ok
16:22:23.0917 3588  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:22:23.0933 3588  mouclass - ok
16:22:23.0948 3588  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:22:23.0948 3588  mouhid - ok
16:22:23.0980 3588  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:22:23.0995 3588  mountmgr - ok
16:22:24.0058 3588  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:22:24.0058 3588  MozillaMaintenance - ok
16:22:24.0089 3588  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:22:24.0089 3588  mpio - ok
16:22:24.0104 3588  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:22:24.0120 3588  mpsdrv - ok
16:22:24.0167 3588  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:22:24.0182 3588  MpsSvc - ok
16:22:24.0214 3588  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:22:24.0214 3588  MRxDAV - ok
16:22:24.0276 3588  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:22:24.0276 3588  mrxsmb - ok
16:22:24.0323 3588  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:22:24.0338 3588  mrxsmb10 - ok
16:22:24.0354 3588  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:22:24.0354 3588  mrxsmb20 - ok
16:22:24.0385 3588  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
16:22:24.0385 3588  msahci - ok
16:22:24.0432 3588  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
16:22:24.0448 3588  msdsm - ok
16:22:24.0463 3588  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
16:22:24.0463 3588  MSDTC - ok
16:22:24.0510 3588  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:22:24.0510 3588  Msfs - ok
16:22:24.0541 3588  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
16:22:24.0541 3588  mshidkmdf - ok
16:22:24.0557 3588  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:22:24.0557 3588  msisadrv - ok
16:22:24.0604 3588  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
16:22:24.0604 3588  MSiSCSI - ok
16:22:24.0619 3588  msiserver - ok
16:22:24.0650 3588  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
16:22:24.0650 3588  MSKSSRV - ok
16:22:24.0682 3588  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:22:24.0682 3588  MSPCLOCK - ok
16:22:24.0697 3588  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
16:22:24.0697 3588  MSPQM - ok
16:22:24.0713 3588  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
16:22:24.0713 3588  MsRPC - ok
16:22:24.0760 3588  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:22:24.0760 3588  mssmbios - ok
16:22:24.0775 3588  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
16:22:24.0791 3588  MSTEE - ok
16:22:24.0791 3588  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:22:24.0791 3588  MTConfig - ok
16:22:24.0822 3588  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
16:22:24.0822 3588  Mup - ok
16:22:24.0869 3588  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
16:22:24.0884 3588  napagent - ok
16:22:24.0916 3588  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
16:22:24.0916 3588  NativeWifiP - ok
16:22:24.0978 3588  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:22:24.0978 3588  NDIS - ok
16:22:25.0009 3588  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
16:22:25.0009 3588  NdisCap - ok
16:22:25.0025 3588  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:22:25.0025 3588  NdisTapi - ok
16:22:25.0072 3588  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
16:22:25.0087 3588  Ndisuio - ok
16:22:25.0134 3588  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
16:22:25.0134 3588  NdisWan - ok
16:22:25.0150 3588  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
16:22:25.0150 3588  NDProxy - ok
16:22:25.0165 3588  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
16:22:25.0165 3588  NetBIOS - ok
16:22:25.0212 3588  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
16:22:25.0228 3588  NetBT - ok
16:22:25.0259 3588  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
16:22:25.0259 3588  Netlogon - ok
16:22:25.0321 3588  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
16:22:25.0337 3588  Netman - ok
16:22:25.0368 3588  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
16:22:25.0368 3588  netprofm - ok
16:22:25.0415 3588  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:22:25.0415 3588  NetTcpPortSharing - ok
16:22:25.0462 3588  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
16:22:25.0462 3588  nfrd960 - ok
16:22:25.0508 3588  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:22:25.0508 3588  NlaSvc - ok
16:22:25.0524 3588  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:22:25.0524 3588  Npfs - ok
16:22:25.0571 3588  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
16:22:25.0571 3588  nsi - ok
16:22:25.0586 3588  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:22:25.0586 3588  nsiproxy - ok
16:22:25.0664 3588  [ 9CDAEBE5160B9AF02AE17C62BDB6C4B5 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:22:25.0680 3588  Ntfs - ok
16:22:25.0711 3588  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
16:22:25.0711 3588  Null - ok
16:22:25.0742 3588  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:22:25.0742 3588  nvraid - ok
16:22:25.0774 3588  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:22:25.0789 3588  nvstor - ok
16:22:25.0805 3588  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:22:25.0820 3588  nv_agp - ok
16:22:25.0836 3588  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:22:25.0836 3588  ohci1394 - ok
16:22:25.0883 3588  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:22:25.0883 3588  p2pimsvc - ok
16:22:25.0914 3588  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:22:25.0930 3588  p2psvc - ok
16:22:25.0961 3588  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
16:22:25.0976 3588  Parport - ok
16:22:26.0023 3588  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr        C:\Windows\system32\drivers\partmgr.sys
16:22:26.0023 3588  partmgr - ok
16:22:26.0039 3588  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
16:22:26.0039 3588  Parvdm - ok
16:22:26.0054 3588  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:22:26.0070 3588  PcaSvc - ok
16:22:26.0101 3588  [ 673E55C3498EB970088E812EA820AA8F ] pci            C:\Windows\system32\drivers\pci.sys
16:22:26.0117 3588  pci - ok
16:22:26.0132 3588  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
16:22:26.0132 3588  pciide - ok
16:22:26.0148 3588  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:22:26.0148 3588  pcmcia - ok
16:22:26.0164 3588  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
16:22:26.0164 3588  pcw - ok
16:22:26.0210 3588  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:22:26.0210 3588  PEAUTH - ok
16:22:26.0304 3588  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla            C:\Windows\system32\pla.dll
16:22:26.0320 3588  pla - ok
16:22:26.0382 3588  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:22:26.0382 3588  PlugPlay - ok
16:22:26.0444 3588  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
16:22:26.0444 3588  PNRPAutoReg - ok
16:22:26.0460 3588  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
16:22:26.0460 3588  PNRPsvc - ok
16:22:26.0491 3588  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
16:22:26.0491 3588  PolicyAgent - ok
16:22:26.0538 3588  [ F87D30E72E03D579A5199CCB3831D6EA ] Power          C:\Windows\system32\umpo.dll
16:22:26.0538 3588  Power - ok
16:22:26.0585 3588  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:22:26.0585 3588  PptpMiniport - ok
16:22:26.0616 3588  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
16:22:26.0616 3588  Processor - ok
16:22:26.0663 3588  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc        C:\Windows\system32\profsvc.dll
16:22:26.0678 3588  ProfSvc - ok
16:22:26.0694 3588  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:22:26.0694 3588  ProtectedStorage - ok
16:22:26.0725 3588  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:22:26.0741 3588  Psched - ok
16:22:26.0772 3588  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:22:26.0788 3588  ql2300 - ok
16:22:26.0819 3588  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:22:26.0819 3588  ql40xx - ok
16:22:26.0850 3588  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
16:22:26.0850 3588  QWAVE - ok
16:22:26.0897 3588  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:22:26.0897 3588  QWAVEdrv - ok
16:22:26.0912 3588  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:22:26.0912 3588  RasAcd - ok
16:22:26.0959 3588  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
16:22:26.0959 3588  RasAgileVpn - ok
16:22:26.0975 3588  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
16:22:26.0990 3588  RasAuto - ok
16:22:27.0022 3588  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
16:22:27.0037 3588  Rasl2tp - ok
16:22:27.0084 3588  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
16:22:27.0100 3588  RasMan - ok
16:22:27.0115 3588  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:22:27.0115 3588  RasPppoe - ok
16:22:27.0146 3588  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
16:22:27.0146 3588  RasSstp - ok
16:22:27.0193 3588  [ D528BC58A489409BA40334EBF96A311B ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
16:22:27.0193 3588  rdbss - ok
16:22:27.0209 3588  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:22:27.0209 3588  rdpbus - ok
16:22:27.0256 3588  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:22:27.0256 3588  RDPCDD - ok
16:22:27.0302 3588  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:22:27.0302 3588  RDPENCDD - ok
16:22:27.0318 3588  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:22:27.0318 3588  RDPREFMP - ok
16:22:27.0365 3588  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
16:22:27.0365 3588  RDPWD - ok
16:22:27.0427 3588  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:22:27.0427 3588  rdyboost - ok
16:22:27.0458 3588  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:22:27.0474 3588  RemoteAccess - ok
16:22:27.0505 3588  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:22:27.0521 3588  RemoteRegistry - ok
16:22:27.0552 3588  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:22:27.0568 3588  RFCOMM - ok
16:22:27.0583 3588  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:22:27.0583 3588  RpcEptMapper - ok
16:22:27.0614 3588  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
16:22:27.0630 3588  RpcLocator - ok
16:22:27.0661 3588  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs          C:\Windows\system32\rpcss.dll
16:22:27.0661 3588  RpcSs - ok
16:22:27.0739 3588  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:22:27.0739 3588  rspndr - ok
16:22:27.0802 3588  [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI            C:\Windows\system32\Drivers\SABI.sys
16:22:27.0802 3588  SABI - ok
16:22:27.0817 3588  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs          C:\Windows\system32\lsass.exe
16:22:27.0817 3588  SamSs - ok
16:22:27.0848 3588  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:22:27.0848 3588  sbp2port - ok
16:22:27.0958 3588  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
16:22:27.0989 3588  SBSDWSCService - ok
16:22:28.0020 3588  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:22:28.0036 3588  SCardSvr - ok
16:22:28.0067 3588  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:22:28.0067 3588  scfilter - ok
16:22:28.0129 3588  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
16:22:28.0145 3588  Schedule - ok
16:22:28.0160 3588  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc    C:\Windows\System32\certprop.dll
16:22:28.0160 3588  SCPolicySvc - ok
16:22:28.0192 3588  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:22:28.0207 3588  SDRSVC - ok
16:22:28.0254 3588  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:22:28.0254 3588  secdrv - ok
16:22:28.0270 3588  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
16:22:28.0270 3588  seclogon - ok
16:22:28.0316 3588  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
16:22:28.0332 3588  SENS - ok
16:22:28.0379 3588  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:22:28.0379 3588  SensrSvc - ok
16:22:28.0394 3588  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
16:22:28.0394 3588  Serenum - ok
16:22:28.0441 3588  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:22:28.0441 3588  Serial - ok
16:22:28.0457 3588  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:22:28.0457 3588  sermouse - ok
16:22:28.0504 3588  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:22:28.0519 3588  SessionEnv - ok
16:22:28.0550 3588  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
16:22:28.0550 3588  sffdisk - ok
16:22:28.0566 3588  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:22:28.0566 3588  sffp_mmc - ok
16:22:28.0582 3588  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
16:22:28.0582 3588  sffp_sd - ok
16:22:28.0613 3588  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
16:22:28.0613 3588  sfloppy - ok
16:22:28.0675 3588  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:22:28.0675 3588  SharedAccess - ok
16:22:28.0722 3588  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:22:28.0738 3588  ShellHWDetection - ok
16:22:28.0753 3588  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:22:28.0753 3588  sisagp - ok
16:22:28.0816 3588  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:22:28.0816 3588  SiSRaid2 - ok
16:22:28.0831 3588  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:22:28.0831 3588  SiSRaid4 - ok
16:22:28.0878 3588  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
16:22:28.0878 3588  Smb - ok
16:22:28.0940 3588  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:22:28.0940 3588  SNMPTRAP - ok
16:22:28.0956 3588  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
16:22:28.0956 3588  spldr - ok
16:22:29.0003 3588  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler        C:\Windows\System32\spoolsv.exe
16:22:29.0003 3588  Spooler - ok
16:22:29.0112 3588  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:22:29.0159 3588  sppsvc - ok
16:22:29.0206 3588  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
16:22:29.0206 3588  sppuinotify - ok
16:22:29.0284 3588  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv            C:\Windows\system32\DRIVERS\srv.sys
16:22:29.0284 3588  srv - ok
16:22:29.0346 3588  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:22:29.0346 3588  srv2 - ok
16:22:29.0362 3588  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:22:29.0377 3588  srvnet - ok
16:22:29.0408 3588  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
16:22:29.0424 3588  SSDPSRV - ok
16:22:29.0486 3588  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
16:22:29.0486 3588  ssmdrv - ok
16:22:29.0502 3588  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
16:22:29.0518 3588  SstpSvc - ok
16:22:29.0549 3588  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:22:29.0549 3588  stexstor - ok
16:22:29.0627 3588  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
16:22:29.0642 3588  StiSvc - ok
16:22:29.0689 3588  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:22:29.0689 3588  swenum - ok
16:22:29.0752 3588  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
16:22:29.0752 3588  swprv - ok
16:22:29.0814 3588  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain        C:\Windows\system32\sysmain.dll
16:22:29.0845 3588  SysMain - ok
16:22:29.0861 3588  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:22:29.0876 3588  TabletInputService - ok
16:22:29.0908 3588  [ 613BF4820361543956909043A265C6AC ] TapiSrv        C:\Windows\System32\tapisrv.dll
16:22:29.0923 3588  TapiSrv - ok
16:22:29.0939 3588  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
16:22:29.0939 3588  TBS - ok
16:22:30.0001 3588  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
16:22:30.0032 3588  Tcpip - ok
16:22:30.0048 3588  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:22:30.0064 3588  TCPIP6 - ok
16:22:30.0095 3588  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:22:30.0095 3588  tcpipreg - ok
16:22:30.0142 3588  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:22:30.0142 3588  TDPIPE - ok
16:22:30.0173 3588  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
16:22:30.0173 3588  TDTCP - ok
16:22:30.0220 3588  [ B459575348C20E8121D6039DA063C704 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
16:22:30.0220 3588  tdx - ok
16:22:30.0235 3588  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:22:30.0235 3588  TermDD - ok
16:22:30.0298 3588  [ 382C804C92811BE57829D8E550A900E2 ] TermService    C:\Windows\System32\termsrv.dll
16:22:30.0298 3588  TermService - ok
16:22:30.0344 3588  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
16:22:30.0344 3588  Themes - ok
16:22:30.0360 3588  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
16:22:30.0360 3588  THREADORDER - ok
16:22:30.0391 3588  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
16:22:30.0391 3588  TrkWks - ok
16:22:30.0438 3588  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:22:30.0438 3588  TrustedInstaller - ok
16:22:30.0485 3588  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:22:30.0485 3588  tssecsrv - ok
16:22:30.0532 3588  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:22:30.0532 3588  TsUsbFlt - ok
16:22:30.0594 3588  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:22:30.0594 3588  tunnel - ok
16:22:30.0641 3588  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:22:30.0641 3588  uagp35 - ok
16:22:30.0688 3588  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:22:30.0688 3588  udfs - ok
16:22:30.0719 3588  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
16:22:30.0719 3588  UI0Detect - ok
16:22:30.0750 3588  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:22:30.0766 3588  uliagpkx - ok
16:22:30.0781 3588  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus          C:\Windows\system32\drivers\umbus.sys
16:22:30.0797 3588  umbus - ok
16:22:30.0812 3588  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:22:30.0812 3588  UmPass - ok
16:22:30.0828 3588  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
16:22:30.0844 3588  upnphost - ok
16:22:30.0890 3588  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
16:22:30.0890 3588  usbccgp - ok
16:22:30.0937 3588  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:22:30.0953 3588  usbcir - ok
16:22:30.0968 3588  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
16:22:30.0968 3588  usbehci - ok
16:22:31.0015 3588  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:22:31.0031 3588  usbhub - ok
16:22:31.0046 3588  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
16:22:31.0046 3588  usbohci - ok
16:22:31.0109 3588  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:22:31.0109 3588  usbprint - ok
16:22:31.0140 3588  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
16:22:31.0156 3588  usbscan - ok
16:22:31.0171 3588  [ F991AB9CC6B908DB552166768176896A ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:22:31.0171 3588  USBSTOR - ok
16:22:31.0187 3588  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
16:22:31.0187 3588  usbuhci - ok
16:22:31.0234 3588  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:22:31.0249 3588  usbvideo - ok
16:22:31.0280 3588  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
16:22:31.0280 3588  UxSms - ok
16:22:31.0312 3588  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
16:22:31.0312 3588  VaultSvc - ok
16:22:31.0327 3588  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:22:31.0327 3588  vdrvroot - ok
16:22:31.0374 3588  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds            C:\Windows\System32\vds.exe
16:22:31.0390 3588  vds - ok
16:22:31.0421 3588  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
16:22:31.0421 3588  vga - ok
16:22:31.0452 3588  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
16:22:31.0452 3588  VgaSave - ok
16:22:31.0483 3588  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
16:22:31.0483 3588  vhdmp - ok
16:22:31.0514 3588  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:22:31.0514 3588  viaagp - ok
16:22:31.0546 3588  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
16:22:31.0546 3588  ViaC7 - ok
16:22:31.0561 3588  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
16:22:31.0561 3588  viaide - ok
16:22:31.0592 3588  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:22:31.0592 3588  volmgr - ok
16:22:31.0624 3588  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
16:22:31.0624 3588  volmgrx - ok
16:22:31.0639 3588  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
16:22:31.0655 3588  volsnap - ok
16:22:31.0686 3588  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
16:22:31.0686 3588  vsmraid - ok
16:22:31.0748 3588  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS            C:\Windows\system32\vssvc.exe
16:22:31.0764 3588  VSS - ok
16:22:31.0795 3588  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:22:31.0795 3588  vwifibus - ok
16:22:31.0795 3588  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:22:31.0795 3588  vwififlt - ok
16:22:31.0842 3588  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
16:22:31.0842 3588  vwifimp - ok
16:22:31.0873 3588  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
16:22:31.0904 3588  W32Time - ok
16:22:31.0967 3588  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:22:32.0014 3588  WacomPen - ok
16:22:32.0092 3588  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:22:32.0123 3588  WANARP - ok
16:22:32.0138 3588  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:22:32.0138 3588  Wanarpv6 - ok
16:22:32.0201 3588  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
16:22:32.0216 3588  wbengine - ok
16:22:32.0248 3588  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:22:32.0248 3588  WbioSrvc - ok
16:22:32.0279 3588  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc        C:\Windows\System32\wcncsvc.dll
16:22:32.0294 3588  wcncsvc - ok
16:22:32.0310 3588  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:22:32.0310 3588  WcsPlugInService - ok
16:22:32.0357 3588  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:22:32.0357 3588  Wd - ok
16:22:32.0404 3588  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:22:32.0419 3588  Wdf01000 - ok
16:22:32.0435 3588  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:22:32.0435 3588  WdiServiceHost - ok
16:22:32.0435 3588  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
16:22:32.0450 3588  WdiSystemHost - ok
16:22:32.0482 3588  [ A9D880F97530D5B8FEE278923349929D ] WebClient      C:\Windows\System32\webclnt.dll
16:22:32.0497 3588  WebClient - ok
16:22:32.0528 3588  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:22:32.0544 3588  Wecsvc - ok
16:22:32.0560 3588  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
16:22:32.0560 3588  wercplsupport - ok
16:22:32.0591 3588  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:22:32.0606 3588  WerSvc - ok
16:22:32.0622 3588  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:22:32.0622 3588  WfpLwf - ok
16:22:32.0653 3588  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:22:32.0653 3588  WIMMount - ok
16:22:32.0731 3588  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
16:22:32.0747 3588  WinDefend - ok
16:22:32.0762 3588  WinHttpAutoProxySvc - ok
16:22:32.0840 3588  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
16:22:32.0840 3588  Winmgmt - ok
16:22:32.0903 3588  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\Windows\system32\WsmSvc.dll
16:22:32.0918 3588  WinRM - ok
16:22:32.0996 3588  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:22:32.0996 3588  WinUsb - ok
16:22:33.0043 3588  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
16:22:33.0059 3588  Wlansvc - ok
16:22:33.0246 3588  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:22:33.0277 3588  wlidsvc - ok
16:22:33.0324 3588  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
16:22:33.0324 3588  WmiAcpi - ok
16:22:33.0371 3588  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:22:33.0371 3588  wmiApSrv - ok
16:22:33.0449 3588  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
16:22:33.0464 3588  WMPNetworkSvc - ok
16:22:33.0496 3588  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:22:33.0496 3588  WPCSvc - ok
16:22:33.0527 3588  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:22:33.0542 3588  WPDBusEnum - ok
16:22:33.0589 3588  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
16:22:33.0589 3588  ws2ifsl - ok
16:22:33.0605 3588  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
16:22:33.0605 3588  wscsvc - ok
16:22:33.0605 3588  WSearch - ok
16:22:33.0698 3588  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
16:22:33.0730 3588  wuauserv - ok
16:22:33.0776 3588  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:22:33.0776 3588  WudfPf - ok
16:22:33.0839 3588  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:22:33.0839 3588  WUDFRd - ok
16:22:33.0886 3588  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
16:22:33.0901 3588  wudfsvc - ok
16:22:33.0932 3588  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
16:22:33.0948 3588  WwanSvc - ok
16:22:33.0995 3588  [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7        C:\Windows\system32\DRIVERS\yk62x86.sys
16:22:33.0995 3588  yukonw7 - ok
16:22:34.0010 3588  ZTEusbmdm6k - ok
16:22:34.0042 3588  ZTEusbnmea - ok
16:22:34.0057 3588  ZTEusbser6k - ok
16:22:34.0135 3588  ================ Scan global ===============================
16:22:34.0166 3588  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:22:34.0213 3588  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:22:34.0229 3588  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:22:34.0260 3588  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:22:34.0322 3588  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:22:34.0322 3588  [Global] - ok
16:22:34.0322 3588  ================ Scan MBR ==================================
16:22:34.0338 3588  [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
16:22:34.0666 3588  \Device\Harddisk0\DR0 - ok
16:22:34.0681 3588  ================ Scan VBR ==================================
16:22:34.0681 3588  [ 8052CBDE7584F5ECDD48AA0F291F7799 ] \Device\Harddisk0\DR0\Partition1
16:22:34.0681 3588  \Device\Harddisk0\DR0\Partition1 - ok
16:22:34.0697 3588  [ 78A4A76261EC67649EBE7FF84F5652D7 ] \Device\Harddisk0\DR0\Partition2
16:22:34.0697 3588  \Device\Harddisk0\DR0\Partition2 - ok
16:22:34.0697 3588  ============================================================
16:22:34.0697 3588  Scan finished
16:22:34.0697 3588  ============================================================
16:22:34.0712 0608  Detected object count: 0
16:22:34.0712 0608  Actual detected object count: 0
16:24:36.0869 4088  Deinitialize success

cosinus 11.04.2013 15:42
Zitat:
16:22:14.0261 3588 Mode: Manual;
Du hast den tdsskiller falsch eingestellt. Bitte noch mal richtig machen

levon 11.04.2013 15:47
Zitat:
Zitat von cosinus (Beitrag 1045285)
Du hast den tdsskiller falsch eingestellt. Bitte noch mal richtig machen
Ja, habs grad schon selber gemerkt... :o

TDSS-Killer:

Code:
16:42:00.0938 4064  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:42:02.0966 4064  ============================================================
16:42:02.0966 4064  Current date / time: 2013/04/11 16:42:02.0966
16:42:02.0966 4064  SystemInfo:
16:42:02.0966 4064 
16:42:02.0966 4064  OS Version: 6.1.7601 ServicePack: 1.0
16:42:02.0966 4064  Product type: Workstation
16:42:02.0966 4064  ComputerName: PRIVATE
16:42:02.0966 4064  UserName: admin
16:42:02.0966 4064  Windows directory: C:\Windows
16:42:02.0966 4064  System windows directory: C:\Windows
16:42:02.0966 4064  Processor architecture: Intel x86
16:42:02.0966 4064  Number of processors: 2
16:42:02.0966 4064  Page size: 0x1000
16:42:02.0966 4064  Boot type: Normal boot
16:42:02.0966 4064  ============================================================
16:42:04.0167 4064  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:42:04.0167 4064  ============================================================
16:42:04.0167 4064  \Device\Harddisk0\DR0:
16:42:04.0167 4064  MBR partitions:
16:42:04.0167 4064  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x11C2C800
16:42:04.0167 4064  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1362D000, BlocksNum 0x11E01000
16:42:04.0167 4064  ============================================================
16:42:04.0198 4064  C: <-> \Device\Harddisk0\DR0\Partition1
16:42:04.0292 4064  D: <-> \Device\Harddisk0\DR0\Partition2
16:42:04.0292 4064  ============================================================
16:42:04.0292 4064  Initialize success
16:42:04.0292 4064  ============================================================
16:43:13.0353 1804  ============================================================
16:43:13.0353 1804  Scan started
16:43:13.0353 1804  Mode: Manual; SigCheck; TDLFS;
16:43:13.0353 1804  ============================================================
16:43:13.0758 1804  ================ Scan system memory ========================
16:43:13.0758 1804  System memory - ok
16:43:13.0758 1804  ================ Scan services =============================
16:43:13.0946 1804  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:43:14.0070 1804  1394ohci - ok
16:43:14.0117 1804  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:43:14.0133 1804  ACPI - ok
16:43:14.0164 1804  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
16:43:14.0242 1804  AcpiPmi - ok
16:43:14.0398 1804  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:43:14.0429 1804  AdobeARMservice - ok
16:43:14.0570 1804  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:43:14.0585 1804  AdobeFlashPlayerUpdateSvc - ok
16:43:14.0663 1804  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
16:43:14.0694 1804  adp94xx - ok
16:43:14.0710 1804  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
16:43:14.0726 1804  adpahci - ok
16:43:14.0757 1804  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
16:43:14.0772 1804  adpu320 - ok
16:43:14.0804 1804  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
16:43:14.0866 1804  AeLookupSvc - ok
16:43:14.0913 1804  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD            C:\Windows\system32\drivers\afd.sys
16:43:15.0006 1804  AFD - ok
16:43:15.0038 1804  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
16:43:15.0053 1804  agp440 - ok
16:43:15.0100 1804  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
16:43:15.0131 1804  aic78xx - ok
16:43:15.0178 1804  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
16:43:15.0240 1804  ALG - ok
16:43:15.0256 1804  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:43:15.0272 1804  aliide - ok
16:43:15.0334 1804  [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:43:15.0428 1804  AMD External Events Utility - ok
16:43:15.0443 1804  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:43:15.0474 1804  amdagp - ok
16:43:15.0490 1804  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:43:15.0506 1804  amdide - ok
16:43:15.0552 1804  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
16:43:15.0599 1804  AmdK8 - ok
16:43:15.0630 1804  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:43:15.0646 1804  AmdPPM - ok
16:43:15.0708 1804  [ D320BF87125326F996D4904FE24300FC ] amdsata        C:\Windows\system32\drivers\amdsata.sys
16:43:15.0724 1804  amdsata - ok
16:43:15.0755 1804  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:43:15.0771 1804  amdsbs - ok
16:43:15.0786 1804  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
16:43:15.0802 1804  amdxata - ok
16:43:15.0849 1804  [ 3E59DF4984FBD6800D6621480B38A34E ] Andbus          C:\Windows\system32\DRIVERS\lgandbus.sys
16:43:15.0896 1804  Andbus - ok
16:43:15.0942 1804  [ 8E0BF6F3B2C9C292BC7CE0DE727CDD56 ] AndDiag        C:\Windows\system32\DRIVERS\lganddiag.sys
16:43:16.0005 1804  AndDiag - ok
16:43:16.0020 1804  [ 1D2C90E25483363D54B652898BBC8F2A ] AndGps          C:\Windows\system32\DRIVERS\lgandgps.sys
16:43:16.0036 1804  AndGps - ok
16:43:16.0067 1804  [ B1B06A95DA2CAC7FA19832C60C348C85 ] ANDModem        C:\Windows\system32\DRIVERS\lgandmodem.sys
16:43:16.0098 1804  ANDModem - ok
16:43:16.0223 1804  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:43:16.0254 1804  AntiVirSchedulerService - ok
16:43:16.0301 1804  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:43:16.0317 1804  AntiVirService - ok
16:43:16.0364 1804  [ 5A123AABB571AEA78AE63AF5E372F796 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:43:16.0379 1804  AntiVirWebService - ok
16:43:16.0426 1804  [ AEA177F783E20150ACE5383EE368DA19 ] AppID          C:\Windows\system32\drivers\appid.sys
16:43:16.0535 1804  AppID - ok
16:43:16.0582 1804  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:43:16.0644 1804  AppIDSvc - ok
16:43:16.0676 1804  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo        C:\Windows\System32\appinfo.dll
16:43:16.0722 1804  Appinfo - ok
16:43:16.0769 1804  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\DRIVERS\arc.sys
16:43:16.0800 1804  arc - ok
16:43:16.0800 1804  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:43:16.0816 1804  arcsas - ok
16:43:16.0847 1804  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:43:16.0956 1804  AsyncMac - ok
16:43:17.0003 1804  [ 338C86357871C167A96AB976519BF59E ] atapi          C:\Windows\system32\drivers\atapi.sys
16:43:17.0003 1804  atapi - ok
16:43:17.0066 1804  [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr            C:\Windows\system32\DRIVERS\athr.sys
16:43:17.0159 1804  athr - ok
16:43:17.0346 1804  [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:43:17.0440 1804  atikmdag - ok
16:43:17.0502 1804  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:43:17.0565 1804  AudioEndpointBuilder - ok
16:43:17.0580 1804  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:43:17.0612 1804  Audiosrv - ok
16:43:17.0658 1804  [ 87425709A251386064C99B684BF96F72 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:43:17.0690 1804  avgntflt - ok
16:43:17.0752 1804  [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:43:17.0768 1804  avipbb - ok
16:43:17.0783 1804  [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:43:17.0799 1804  avkmgr - ok
16:43:17.0846 1804  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:43:17.0939 1804  AxInstSV - ok
16:43:18.0002 1804  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
16:43:18.0048 1804  b06bdrv - ok
16:43:18.0095 1804  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
16:43:18.0126 1804  b57nd60x - ok
16:43:18.0204 1804  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:43:18.0267 1804  BDESVC - ok
16:43:18.0298 1804  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:43:18.0345 1804  Beep - ok
16:43:18.0407 1804  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE            C:\Windows\System32\bfe.dll
16:43:18.0470 1804  BFE - ok
16:43:18.0516 1804  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
16:43:18.0579 1804  BITS - ok
16:43:18.0610 1804  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:43:18.0626 1804  blbdrive - ok
16:43:18.0672 1804  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:43:18.0704 1804  bowser - ok
16:43:18.0750 1804  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:43:18.0797 1804  BrFiltLo - ok
16:43:18.0813 1804  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:43:18.0844 1804  BrFiltUp - ok
16:43:18.0891 1804  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser        C:\Windows\System32\browser.dll
16:43:18.0938 1804  Browser - ok
16:43:18.0969 1804  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
16:43:19.0016 1804  Brserid - ok
16:43:19.0031 1804  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:43:19.0062 1804  BrSerWdm - ok
16:43:19.0094 1804  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:43:19.0109 1804  BrUsbMdm - ok
16:43:19.0125 1804  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:43:19.0156 1804  BrUsbSer - ok
16:43:19.0218 1804  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum        C:\Windows\system32\drivers\BthEnum.sys
16:43:19.0359 1804  BthEnum - ok
16:43:19.0390 1804  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:43:19.0452 1804  BTHMODEM - ok
16:43:19.0499 1804  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:43:19.0546 1804  BthPan - ok
16:43:19.0577 1804  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT        C:\Windows\System32\Drivers\BTHport.sys
16:43:19.0624 1804  BTHPORT - ok
16:43:19.0686 1804  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
16:43:19.0749 1804  bthserv - ok
16:43:19.0796 1804  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
16:43:19.0827 1804  BTHUSB - ok
16:43:19.0842 1804  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:43:19.0889 1804  cdfs - ok
16:43:19.0952 1804  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
16:43:19.0998 1804  cdrom - ok
16:43:20.0061 1804  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc    C:\Windows\System32\certprop.dll
16:43:20.0108 1804  CertPropSvc - ok
16:43:20.0154 1804  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:43:20.0201 1804  circlass - ok
16:43:20.0232 1804  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
16:43:20.0264 1804  CLFS - ok
16:43:20.0357 1804  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:43:20.0373 1804  clr_optimization_v2.0.50727_32 - ok
16:43:20.0451 1804  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:43:20.0482 1804  clr_optimization_v4.0.30319_32 - ok
16:43:20.0498 1804  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:43:20.0513 1804  CmBatt - ok
16:43:20.0529 1804  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:43:20.0544 1804  cmdide - ok
16:43:20.0591 1804  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG            C:\Windows\system32\Drivers\cng.sys
16:43:20.0622 1804  CNG - ok
16:43:20.0654 1804  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:43:20.0669 1804  Compbatt - ok
16:43:20.0716 1804  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:43:20.0747 1804  CompositeBus - ok
16:43:20.0778 1804  COMSysApp - ok
16:43:20.0810 1804  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
16:43:20.0825 1804  crcdisk - ok
16:43:20.0872 1804  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:43:20.0934 1804  CryptSvc - ok
16:43:20.0981 1804  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:43:21.0028 1804  DcomLaunch - ok
16:43:21.0122 1804  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
16:43:21.0215 1804  defragsvc - ok
16:43:21.0371 1804  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:43:21.0418 1804  DfsC - ok
16:43:21.0480 1804  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:43:21.0543 1804  Dhcp - ok
16:43:21.0590 1804  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
16:43:21.0652 1804  discache - ok
16:43:21.0683 1804  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:43:21.0714 1804  Disk - ok
16:43:21.0761 1804  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:43:21.0824 1804  Dnscache - ok
16:43:21.0855 1804  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc        C:\Windows\System32\dot3svc.dll
16:43:21.0902 1804  dot3svc - ok
16:43:21.0933 1804  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS            C:\Windows\system32\dps.dll
16:43:21.0980 1804  DPS - ok
16:43:22.0026 1804  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
16:43:22.0073 1804  drmkaud - ok
16:43:22.0120 1804  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
16:43:22.0151 1804  DXGKrnl - ok
16:43:22.0198 1804  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
16:43:22.0276 1804  EapHost - ok
16:43:22.0385 1804  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
16:43:22.0479 1804  ebdrv - ok
16:43:22.0510 1804  [ 81951F51E318AECC2D68559E47485CC4 ] EFS            C:\Windows\System32\lsass.exe
16:43:22.0541 1804  EFS - ok
16:43:22.0604 1804  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
16:43:22.0666 1804  ehRecvr - ok
16:43:22.0697 1804  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\Windows\ehome\ehsched.exe
16:43:22.0728 1804  ehSched - ok
16:43:22.0806 1804  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
16:43:22.0838 1804  elxstor - ok
16:43:22.0853 1804  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:43:22.0900 1804  ErrDev - ok
16:43:22.0962 1804  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
16:43:23.0009 1804  EventSystem - ok
16:43:23.0087 1804  [ 026F6D48CC5293C7B8A696376618B9D2 ] ewusbmbb        C:\Windows\system32\DRIVERS\ewusbwwan.sys
16:43:23.0134 1804  ewusbmbb - ok
16:43:23.0181 1804  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev    C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:43:23.0228 1804  ew_hwusbdev - ok
16:43:23.0243 1804  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
16:43:23.0306 1804  exfat - ok
16:43:23.0337 1804  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
16:43:23.0368 1804  fastfat - ok
16:43:23.0415 1804  [ 967EA5B213E9984CBE270205DF37755B ] Fax            C:\Windows\system32\fxssvc.exe
16:43:23.0508 1804  Fax - ok
16:43:23.0540 1804  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
16:43:23.0571 1804  fdc - ok
16:43:23.0618 1804  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
16:43:23.0649 1804  fdPHost - ok
16:43:23.0649 1804  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
16:43:23.0711 1804  FDResPub - ok
16:43:23.0727 1804  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:43:23.0742 1804  FileInfo - ok
16:43:23.0758 1804  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
16:43:23.0789 1804  Filetrace - ok
16:43:23.0883 1804  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:43:23.0898 1804  flpydisk - ok
16:43:23.0976 1804  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:43:23.0992 1804  FltMgr - ok
16:43:24.0054 1804  [ E12C4928B32ACE04610259647F072635 ] FontCache      C:\Windows\system32\FntCache.dll
16:43:24.0195 1804  FontCache - ok
16:43:24.0273 1804  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:43:24.0288 1804  FontCache3.0.0.0 - ok
16:43:24.0304 1804  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
16:43:24.0320 1804  FsDepends - ok
16:43:24.0366 1804  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:43:24.0382 1804  Fs_Rec - ok
16:43:24.0444 1804  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:43:24.0476 1804  fvevol - ok
16:43:24.0538 1804  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:43:24.0554 1804  gagp30kx - ok
16:43:24.0616 1804  [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM    C:\Windows\system32\Drivers\GEARAspiWDM.sys
16:43:24.0632 1804  GEARAspiWDM - ok
16:43:24.0678 1804  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc          C:\Windows\System32\gpsvc.dll
16:43:24.0741 1804  gpsvc - ok
16:43:24.0772 1804  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:43:24.0803 1804  hcw85cir - ok
16:43:24.0866 1804  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:43:24.0912 1804  HdAudAddService - ok
16:43:24.0975 1804  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:43:25.0022 1804  HDAudBus - ok
16:43:25.0022 1804  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
16:43:25.0053 1804  HidBatt - ok
16:43:25.0068 1804  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:43:25.0100 1804  HidBth - ok
16:43:25.0131 1804  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
16:43:25.0162 1804  HidIr - ok
16:43:25.0209 1804  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\system32\hidserv.dll
16:43:25.0287 1804  hidserv - ok
16:43:25.0365 1804  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
16:43:25.0412 1804  HidUsb - ok
16:43:25.0458 1804  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:43:25.0505 1804  hkmsvc - ok
16:43:25.0536 1804  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:43:25.0646 1804  HomeGroupListener - ok
16:43:25.0833 1804  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:43:25.0880 1804  HomeGroupProvider - ok
16:43:25.0942 1804  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:43:25.0958 1804  HpSAMD - ok
16:43:26.0036 1804  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:43:26.0082 1804  HTTP - ok
16:43:26.0129 1804  [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:43:26.0176 1804  huawei_enumerator - ok
16:43:26.0238 1804  [ B50E1D8627354BA8E4DF83470F1272C8 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:43:26.0316 1804  hwdatacard - ok
16:43:26.0426 1804  [ 5EF3427AE503B5C03A48F7C9FF458B69 ] HWDeviceService.exe C:\ProgramData\DatacardService\HWDeviceService.exe
16:43:26.0457 1804  HWDeviceService.exe - ok
16:43:26.0504 1804  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:43:26.0566 1804  hwpolicy - ok
16:43:26.0722 1804  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:43:26.0753 1804  i8042prt - ok
16:43:26.0800 1804  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
16:43:26.0831 1804  iaStorV - ok
16:43:26.0894 1804  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:43:26.0940 1804  idsvc - ok
16:43:27.0003 1804  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
16:43:27.0034 1804  iirsp - ok
16:43:27.0096 1804  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:43:27.0159 1804  IKEEXT - ok
16:43:27.0190 1804  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:43:27.0206 1804  intelide - ok
16:43:27.0237 1804  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:43:27.0299 1804  intelppm - ok
16:43:27.0315 1804  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
16:43:27.0393 1804  IPBusEnum - ok
16:43:27.0424 1804  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:43:27.0486 1804  IpFilterDriver - ok
16:43:27.0549 1804  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:43:27.0627 1804  iphlpsvc - ok
16:43:27.0658 1804  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
16:43:27.0689 1804  IPMIDRV - ok
16:43:27.0705 1804  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
16:43:27.0736 1804  IPNAT - ok
16:43:27.0783 1804  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:43:27.0845 1804  IRENUM - ok
16:43:27.0876 1804  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:43:27.0892 1804  isapnp - ok
16:43:27.0923 1804  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:43:27.0939 1804  iScsiPrt - ok
16:43:27.0970 1804  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:43:27.0986 1804  kbdclass - ok
16:43:28.0032 1804  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:43:28.0064 1804  kbdhid - ok
16:43:28.0079 1804  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
16:43:28.0110 1804  KeyIso - ok
16:43:28.0142 1804  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:43:28.0157 1804  KSecDD - ok
16:43:28.0204 1804  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
16:43:28.0220 1804  KSecPkg - ok
16:43:28.0266 1804  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
16:43:28.0329 1804  KtmRm - ok
16:43:28.0344 1804  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:43:28.0391 1804  LanmanServer - ok
16:43:28.0422 1804  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:43:28.0469 1804  LanmanWorkstation - ok
16:43:28.0532 1804  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:43:28.0594 1804  lltdio - ok
16:43:28.0641 1804  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
16:43:28.0719 1804  lltdsvc - ok
16:43:28.0734 1804  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
16:43:28.0797 1804  lmhosts - ok
16:43:28.0828 1804  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:43:28.0844 1804  LSI_FC - ok
16:43:28.0859 1804  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
16:43:28.0875 1804  LSI_SAS - ok
16:43:28.0890 1804  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:43:28.0906 1804  LSI_SAS2 - ok
16:43:28.0937 1804  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:43:28.0953 1804  LSI_SCSI - ok
16:43:28.0984 1804  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
16:43:29.0031 1804  luafv - ok
16:43:29.0062 1804  massfilter - ok
16:43:29.0062 1804  massfilter_hs - ok
16:43:29.0109 1804  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
16:43:29.0124 1804  Mcx2Svc - ok
16:43:29.0156 1804  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
16:43:29.0171 1804  megasas - ok
16:43:29.0187 1804  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:43:29.0218 1804  MegaSR - ok
16:43:29.0265 1804  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
16:43:29.0327 1804  MMCSS - ok
16:43:29.0436 1804  [ 1CE0621B591913C12BECAA5B50E88BB2 ] Mobile Partner. RunOuc C:\Program Files\Mobile Partner\UpdateDog\ouc.exe
16:43:29.0452 1804  Mobile Partner. RunOuc - ok
16:43:29.0483 1804  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
16:43:29.0546 1804  Modem - ok
16:43:29.0608 1804  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
16:43:29.0624 1804  monitor - ok
16:43:29.0655 1804  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:43:29.0670 1804  mouclass - ok
16:43:29.0686 1804  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:43:29.0733 1804  mouhid - ok
16:43:29.0764 1804  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:43:29.0780 1804  mountmgr - ok
16:43:29.0842 1804  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:43:29.0858 1804  MozillaMaintenance - ok
16:43:29.0889 1804  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:43:29.0904 1804  mpio - ok
16:43:29.0920 1804  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:43:29.0967 1804  mpsdrv - ok
16:43:30.0029 1804  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:43:30.0092 1804  MpsSvc - ok
16:43:30.0123 1804  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:43:30.0154 1804  MRxDAV - ok
16:43:30.0216 1804  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:43:30.0279 1804  mrxsmb - ok
16:43:30.0326 1804  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:43:30.0372 1804  mrxsmb10 - ok
16:43:30.0404 1804  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:43:30.0419 1804  mrxsmb20 - ok
16:43:30.0450 1804  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
16:43:30.0466 1804  msahci - ok
16:43:30.0513 1804  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
16:43:30.0544 1804  msdsm - ok
16:43:30.0560 1804  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
16:43:30.0606 1804  MSDTC - ok
16:43:30.0638 1804  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:43:30.0700 1804  Msfs - ok
16:43:30.0716 1804  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
16:43:30.0747 1804  mshidkmdf - ok
16:43:30.0794 1804  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:43:30.0825 1804  msisadrv - ok
16:43:30.0856 1804  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
16:43:30.0903 1804  MSiSCSI - ok
16:43:30.0918 1804  msiserver - ok
16:43:30.0950 1804  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
16:43:31.0028 1804  MSKSSRV - ok
16:43:31.0043 1804  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:43:31.0074 1804  MSPCLOCK - ok
16:43:31.0090 1804  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
16:43:31.0121 1804  MSPQM - ok
16:43:31.0137 1804  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
16:43:31.0168 1804  MsRPC - ok
16:43:31.0184 1804  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:43:31.0199 1804  mssmbios - ok
16:43:31.0215 1804  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
16:43:31.0246 1804  MSTEE - ok
16:43:31.0246 1804  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:43:31.0277 1804  MTConfig - ok
16:43:31.0308 1804  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
16:43:31.0324 1804  Mup - ok
16:43:31.0371 1804  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
16:43:31.0402 1804  napagent - ok
16:43:31.0449 1804  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
16:43:31.0464 1804  NativeWifiP - ok
16:43:31.0652 1804  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:43:31.0714 1804  NDIS - ok
16:43:31.0730 1804  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
16:43:31.0761 1804  NdisCap - ok
16:43:31.0792 1804  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:43:31.0839 1804  NdisTapi - ok
16:43:31.0870 1804  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
16:43:31.0901 1804  Ndisuio - ok
16:43:31.0948 1804  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
16:43:31.0995 1804  NdisWan - ok
16:43:32.0026 1804  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
16:43:32.0057 1804  NDProxy - ok
16:43:32.0073 1804  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
16:43:32.0120 1804  NetBIOS - ok
16:43:32.0167 1804  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
16:43:32.0229 1804  NetBT - ok
16:43:32.0245 1804  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
16:43:32.0260 1804  Netlogon - ok
16:43:32.0323 1804  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
16:43:32.0401 1804  Netman - ok
16:43:32.0432 1804  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
16:43:32.0479 1804  netprofm - ok
16:43:32.0510 1804  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:43:32.0525 1804  NetTcpPortSharing - ok
16:43:32.0588 1804  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
16:43:32.0603 1804  nfrd960 - ok
16:43:32.0650 1804  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:43:32.0666 1804  NlaSvc - ok
16:43:32.0681 1804  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:43:32.0713 1804  Npfs - ok
16:43:32.0744 1804  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
16:43:32.0775 1804  nsi - ok
16:43:32.0791 1804  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:43:32.0837 1804  nsiproxy - ok
16:43:32.0884 1804  [ 9CDAEBE5160B9AF02AE17C62BDB6C4B5 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:43:32.0931 1804  Ntfs - ok
16:43:32.0947 1804  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
16:43:33.0009 1804  Null - ok
16:43:33.0040 1804  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:43:33.0056 1804  nvraid - ok
16:43:33.0103 1804  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:43:33.0118 1804  nvstor - ok
16:43:33.0149 1804  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:43:33.0165 1804  nv_agp - ok
16:43:33.0181 1804  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:43:33.0212 1804  ohci1394 - ok
16:43:33.0259 1804  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:43:33.0352 1804  p2pimsvc - ok
16:43:33.0368 1804  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:43:33.0399 1804  p2psvc - ok
16:43:33.0430 1804  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
16:43:33.0477 1804  Parport - ok
16:43:33.0508 1804  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr        C:\Windows\system32\drivers\partmgr.sys
16:43:33.0524 1804  partmgr - ok
16:43:33.0539 1804  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
16:43:33.0586 1804  Parvdm - ok
16:43:33.0617 1804  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:43:33.0680 1804  PcaSvc - ok
16:43:33.0711 1804  [ 673E55C3498EB970088E812EA820AA8F ] pci            C:\Windows\system32\drivers\pci.sys
16:43:33.0742 1804  pci - ok
16:43:33.0758 1804  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
16:43:33.0773 1804  pciide - ok
16:43:33.0805 1804  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:43:33.0820 1804  pcmcia - ok
16:43:33.0820 1804  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
16:43:33.0836 1804  pcw - ok
16:43:33.0883 1804  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:43:33.0945 1804  PEAUTH - ok
16:43:34.0039 1804  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla            C:\Windows\system32\pla.dll
16:43:34.0101 1804  pla - ok
16:43:34.0179 1804  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:43:34.0226 1804  PlugPlay - ok
16:43:34.0273 1804  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
16:43:34.0319 1804  PNRPAutoReg - ok
16:43:34.0351 1804  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
16:43:34.0382 1804  PNRPsvc - ok
16:43:34.0429 1804  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
16:43:34.0475 1804  PolicyAgent - ok
16:43:34.0538 1804  [ F87D30E72E03D579A5199CCB3831D6EA ] Power          C:\Windows\system32\umpo.dll
16:43:34.0585 1804  Power - ok
16:43:34.0631 1804  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:43:34.0663 1804  PptpMiniport - ok
16:43:34.0678 1804  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
16:43:34.0709 1804  Processor - ok
16:43:34.0772 1804  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc        C:\Windows\system32\profsvc.dll
16:43:34.0850 1804  ProfSvc - ok
16:43:34.0865 1804  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:43:34.0881 1804  ProtectedStorage - ok
16:43:34.0912 1804  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:43:34.0959 1804  Psched - ok
16:43:35.0006 1804  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:43:35.0037 1804  ql2300 - ok
16:43:35.0084 1804  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:43:35.0099 1804  ql40xx - ok
16:43:35.0146 1804  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
16:43:35.0177 1804  QWAVE - ok
16:43:35.0193 1804  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:43:35.0209 1804  QWAVEdrv - ok
16:43:35.0240 1804  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:43:35.0333 1804  RasAcd - ok
16:43:35.0380 1804  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
16:43:35.0427 1804  RasAgileVpn - ok
16:43:35.0443 1804  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
16:43:35.0489 1804  RasAuto - ok
16:43:35.0521 1804  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
16:43:35.0599 1804  Rasl2tp - ok
16:43:35.0661 1804  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
16:43:35.0708 1804  RasMan - ok
16:43:35.0739 1804  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:43:35.0786 1804  RasPppoe - ok
16:43:35.0833 1804  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
16:43:35.0879 1804  RasSstp - ok
16:43:35.0926 1804  [ D528BC58A489409BA40334EBF96A311B ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
16:43:35.0989 1804  rdbss - ok
16:43:36.0020 1804  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:43:36.0035 1804  rdpbus - ok
16:43:36.0082 1804  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:43:36.0113 1804  RDPCDD - ok
16:43:36.0145 1804  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:43:36.0191 1804  RDPENCDD - ok
16:43:36.0223 1804  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:43:36.0254 1804  RDPREFMP - ok
16:43:36.0285 1804  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
16:43:36.0332 1804  RDPWD - ok
16:43:36.0379 1804  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:43:36.0394 1804  rdyboost - ok
16:43:36.0425 1804  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:43:36.0472 1804  RemoteAccess - ok
16:43:36.0503 1804  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:43:36.0535 1804  RemoteRegistry - ok
16:43:36.0597 1804  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:43:36.0628 1804  RFCOMM - ok
16:43:36.0659 1804  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:43:36.0706 1804  RpcEptMapper - ok
16:43:36.0769 1804  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
16:43:36.0862 1804  RpcLocator - ok
16:43:36.0893 1804  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs          C:\Windows\system32\rpcss.dll
16:43:36.0940 1804  RpcSs - ok
16:43:37.0003 1804  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:43:37.0049 1804  rspndr - ok
16:43:37.0112 1804  [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI            C:\Windows\system32\Drivers\SABI.sys
16:43:37.0143 1804  SABI - ok
16:43:37.0159 1804  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs          C:\Windows\system32\lsass.exe
16:43:37.0174 1804  SamSs - ok
16:43:37.0190 1804  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:43:37.0205 1804  sbp2port - ok
16:43:37.0330 1804  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
16:43:37.0361 1804  SBSDWSCService - ok
16:43:37.0408 1804  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:43:37.0455 1804  SCardSvr - ok
16:43:37.0564 1804  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:43:37.0627 1804  scfilter - ok
16:43:37.0689 1804  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
16:43:37.0751 1804  Schedule - ok
16:43:37.0767 1804  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc    C:\Windows\System32\certprop.dll
16:43:37.0798 1804  SCPolicySvc - ok
16:43:37.0845 1804  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:43:37.0923 1804  SDRSVC - ok
16:43:37.0970 1804  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:43:38.0079 1804  secdrv - ok
16:43:38.0141 1804  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
16:43:38.0173 1804  seclogon - ok
16:43:38.0251 1804  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
16:43:38.0313 1804  SENS - ok
16:43:38.0375 1804  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:43:38.0578 1804  SensrSvc - ok
16:43:38.0609 1804  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
16:43:38.0703 1804  Serenum - ok
16:43:38.0797 1804  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:43:38.0890 1804  Serial - ok
16:43:38.0906 1804  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:43:38.0937 1804  sermouse - ok
16:43:38.0984 1804  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:43:39.0015 1804  SessionEnv - ok
16:43:39.0046 1804  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
16:43:39.0062 1804  sffdisk - ok
16:43:39.0077 1804  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:43:39.0109 1804  sffp_mmc - ok
16:43:39.0109 1804  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
16:43:39.0140 1804  sffp_sd - ok
16:43:39.0155 1804  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
16:43:39.0202 1804  sfloppy - ok
16:43:39.0280 1804  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:43:39.0343 1804  SharedAccess - ok
16:43:39.0389 1804  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:43:39.0421 1804  ShellHWDetection - ok
16:43:39.0467 1804  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:43:39.0483 1804  sisagp - ok
16:43:39.0530 1804  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:43:39.0545 1804  SiSRaid2 - ok
16:43:39.0561 1804  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:43:39.0577 1804  SiSRaid4 - ok
16:43:39.0623 1804  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
16:43:39.0670 1804  Smb - ok
16:43:39.0733 1804  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:43:39.0764 1804  SNMPTRAP - ok
16:43:39.0795 1804  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
16:43:39.0811 1804  spldr - ok
16:43:39.0842 1804  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler        C:\Windows\System32\spoolsv.exe
16:43:39.0920 1804  Spooler - ok
16:43:40.0029 1804  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:43:40.0123 1804  sppsvc - ok
16:43:40.0154 1804  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
16:43:40.0201 1804  sppuinotify - ok
16:43:40.0247 1804  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv            C:\Windows\system32\DRIVERS\srv.sys
16:43:40.0279 1804  srv - ok
16:43:40.0325 1804  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:43:40.0372 1804  srv2 - ok
16:43:40.0403 1804  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:43:40.0435 1804  srvnet - ok
16:43:40.0481 1804  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
16:43:40.0528 1804  SSDPSRV - ok
16:43:40.0606 1804  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
16:43:40.0622 1804  ssmdrv - ok
16:43:40.0637 1804  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
16:43:40.0669 1804  SstpSvc - ok
16:43:40.0700 1804  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:43:40.0747 1804  stexstor - ok
16:43:40.0809 1804  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
16:43:40.0840 1804  StiSvc - ok
16:43:40.0903 1804  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:43:40.0918 1804  swenum - ok
16:43:40.0981 1804  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
16:43:41.0059 1804  swprv - ok
16:43:41.0121 1804  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain        C:\Windows\system32\sysmain.dll
16:43:41.0183 1804  SysMain - ok
16:43:41.0230 1804  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:43:41.0293 1804  TabletInputService - ok
16:43:41.0355 1804  [ 613BF4820361543956909043A265C6AC ] TapiSrv        C:\Windows\System32\tapisrv.dll
16:43:41.0417 1804  TapiSrv - ok
16:43:41.0449 1804  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
16:43:41.0511 1804  TBS - ok
16:43:41.0589 1804  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
16:43:41.0636 1804  Tcpip - ok
16:43:41.0667 1804  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:43:41.0698 1804  TCPIP6 - ok
16:43:41.0745 1804  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:43:41.0776 1804  tcpipreg - ok
16:43:41.0823 1804  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:43:41.0854 1804  TDPIPE - ok
16:43:41.0901 1804  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
16:43:41.0963 1804  TDTCP - ok
16:43:42.0010 1804  [ B459575348C20E8121D6039DA063C704 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
16:43:42.0073 1804  tdx - ok
16:43:42.0088 1804  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:43:42.0104 1804  TermDD - ok
16:43:42.0151 1804  [ 382C804C92811BE57829D8E550A900E2 ] TermService    C:\Windows\System32\termsrv.dll
16:43:42.0213 1804  TermService - ok
16:43:42.0244 1804  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
16:43:42.0275 1804  Themes - ok
16:43:42.0307 1804  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
16:43:42.0338 1804  THREADORDER - ok
16:43:42.0369 1804  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
16:43:42.0416 1804  TrkWks - ok
16:43:42.0494 1804  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:43:42.0525 1804  TrustedInstaller - ok
16:43:42.0572 1804  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:43:42.0587 1804  tssecsrv - ok
16:43:42.0650 1804  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:43:42.0697 1804  TsUsbFlt - ok
16:43:42.0743 1804  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:43:42.0775 1804  tunnel - ok
16:43:42.0821 1804  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:43:42.0837 1804  uagp35 - ok
16:43:42.0884 1804  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:43:42.0915 1804  udfs - ok
16:43:42.0962 1804  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
16:43:42.0993 1804  UI0Detect - ok
16:43:43.0055 1804  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:43:43.0071 1804  uliagpkx - ok
16:43:43.0118 1804  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus          C:\Windows\system32\drivers\umbus.sys
16:43:43.0133 1804  umbus - ok
16:43:43.0165 1804  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:43:43.0180 1804  UmPass - ok
16:43:43.0211 1804  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
16:43:43.0243 1804  upnphost - ok
16:43:43.0289 1804  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
16:43:43.0321 1804  usbccgp - ok
16:43:43.0336 1804  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:43:43.0383 1804  usbcir - ok
16:43:43.0399 1804  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
16:43:43.0414 1804  usbehci - ok
16:43:43.0445 1804  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:43:43.0477 1804  usbhub - ok
16:43:43.0508 1804  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
16:43:43.0523 1804  usbohci - ok
16:43:43.0586 1804  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:43:43.0601 1804  usbprint - ok
16:43:43.0648 1804  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
16:43:43.0679 1804  usbscan - ok
16:43:43.0695 1804  [ F991AB9CC6B908DB552166768176896A ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:43:43.0742 1804  USBSTOR - ok
16:43:43.0757 1804  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
16:43:43.0804 1804  usbuhci - ok
16:43:43.0867 1804  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:43:43.0898 1804  usbvideo - ok
16:43:43.0929 1804  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
16:43:43.0976 1804  UxSms - ok
16:43:43.0991 1804  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
16:43:44.0007 1804  VaultSvc - ok
16:43:44.0023 1804  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:43:44.0038 1804  vdrvroot - ok
16:43:44.0085 1804  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds            C:\Windows\System32\vds.exe
16:43:44.0147 1804  vds - ok
16:43:44.0179 1804  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
16:43:44.0194 1804  vga - ok
16:43:44.0210 1804  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
16:43:44.0241 1804  VgaSave - ok
16:43:44.0288 1804  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
16:43:44.0303 1804  vhdmp - ok
16:43:44.0350 1804  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:43:44.0366 1804  viaagp - ok
16:43:44.0381 1804  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
16:43:44.0413 1804  ViaC7 - ok
16:43:44.0428 1804  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
16:43:44.0444 1804  viaide - ok
16:43:44.0459 1804  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:43:44.0475 1804  volmgr - ok
16:43:44.0506 1804  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
16:43:44.0522 1804  volmgrx - ok
16:43:44.0537 1804  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
16:43:44.0569 1804  volsnap - ok
16:43:44.0584 1804  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
16:43:44.0600 1804  vsmraid - ok
16:43:44.0662 1804  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS            C:\Windows\system32\vssvc.exe
16:43:44.0709 1804  VSS - ok
16:43:44.0725 1804  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:43:44.0756 1804  vwifibus - ok
16:43:44.0787 1804  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:43:44.0818 1804  vwififlt - ok
16:43:44.0849 1804  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
16:43:44.0881 1804  vwifimp - ok
16:43:44.0912 1804  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
16:43:44.0959 1804  W32Time - ok
16:43:45.0005 1804  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:43:45.0021 1804  WacomPen - ok
16:43:45.0052 1804  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:43:45.0083 1804  WANARP - ok
16:43:45.0083 1804  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:43:45.0115 1804  Wanarpv6 - ok
16:43:45.0161 1804  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
16:43:45.0208 1804  wbengine - ok
16:43:45.0224 1804  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:43:45.0255 1804  WbioSrvc - ok
16:43:45.0286 1804  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc        C:\Windows\System32\wcncsvc.dll
16:43:45.0333 1804  wcncsvc - ok
16:43:45.0349 1804  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:43:45.0411 1804  WcsPlugInService - ok
16:43:45.0442 1804  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:43:45.0458 1804  Wd - ok
16:43:45.0505 1804  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:43:45.0551 1804  Wdf01000 - ok
16:43:45.0567 1804  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:43:45.0661 1804  WdiServiceHost - ok
16:43:45.0661 1804  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
16:43:45.0676 1804  WdiSystemHost - ok
16:43:45.0723 1804  [ A9D880F97530D5B8FEE278923349929D ] WebClient      C:\Windows\System32\webclnt.dll
16:43:45.0770 1804  WebClient - ok
16:43:45.0817 1804  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:43:45.0848 1804  Wecsvc - ok
16:43:45.0879 1804  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
16:43:45.0926 1804  wercplsupport - ok
16:43:45.0973 1804  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:43:46.0019 1804  WerSvc - ok
16:43:46.0082 1804  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:43:46.0113 1804  WfpLwf - ok
16:43:46.0129 1804  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:43:46.0144 1804  WIMMount - ok
16:43:46.0238 1804  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
16:43:46.0285 1804  WinDefend - ok
16:43:46.0300 1804  WinHttpAutoProxySvc - ok
16:43:46.0363 1804  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
16:43:46.0409 1804  Winmgmt - ok
16:43:46.0472 1804  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM          C:\Windows\system32\WsmSvc.dll
16:43:46.0519 1804  WinRM - ok
16:43:46.0597 1804  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:43:46.0612 1804  WinUsb - ok
16:43:46.0659 1804  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
16:43:46.0706 1804  Wlansvc - ok
16:43:46.0862 1804  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:43:46.0909 1804  wlidsvc - ok
16:43:46.0940 1804  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
16:43:46.0987 1804  WmiAcpi - ok
16:43:47.0065 1804  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:43:47.0158 1804  wmiApSrv - ok
16:43:47.0267 1804  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
16:43:47.0330 1804  WMPNetworkSvc - ok
16:43:47.0361 1804  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:43:47.0439 1804  WPCSvc - ok
16:43:47.0486 1804  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:43:47.0579 1804  WPDBusEnum - ok
16:43:47.0611 1804  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
16:43:47.0673 1804  ws2ifsl - ok
16:43:47.0689 1804  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
16:43:47.0720 1804  wscsvc - ok
16:43:47.0720 1804  WSearch - ok
16:43:47.0813 1804  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
16:43:47.0860 1804  wuauserv - ok
16:43:47.0891 1804  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:43:47.0923 1804  WudfPf - ok
16:43:47.0985 1804  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:43:48.0016 1804  WUDFRd - ok
16:43:48.0063 1804  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
16:43:48.0094 1804  wudfsvc - ok
16:43:48.0141 1804  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
16:43:48.0172 1804  WwanSvc - ok
16:43:48.0219 1804  [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7        C:\Windows\system32\DRIVERS\yk62x86.sys
16:43:48.0250 1804  yukonw7 - ok
16:43:48.0281 1804  ZTEusbmdm6k - ok
16:43:48.0313 1804  ZTEusbnmea - ok
16:43:48.0313 1804  ZTEusbser6k - ok
16:43:48.0375 1804  ================ Scan global ===============================
16:43:48.0422 1804  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:43:48.0469 1804  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:43:48.0484 1804  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:43:48.0515 1804  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:43:48.0578 1804  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:43:48.0578 1804  [Global] - ok
16:43:48.0578 1804  ================ Scan MBR ==================================
16:43:48.0593 1804  [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
16:43:49.0061 1804  \Device\Harddisk0\DR0 - ok
16:43:49.0061 1804  ================ Scan VBR ==================================
16:43:49.0093 1804  [ 8052CBDE7584F5ECDD48AA0F291F7799 ] \Device\Harddisk0\DR0\Partition1
16:43:49.0093 1804  \Device\Harddisk0\DR0\Partition1 - ok
16:43:49.0124 1804  [ 78A4A76261EC67649EBE7FF84F5652D7 ] \Device\Harddisk0\DR0\Partition2
16:43:49.0124 1804  \Device\Harddisk0\DR0\Partition2 - ok
16:43:49.0124 1804  ============================================================
16:43:49.0124 1804  Scan finished
16:43:49.0124 1804  ============================================================
16:43:49.0155 3380  Detected object count: 0
16:43:49.0155 3380  Actual detected object count: 0

cosinus 11.04.2013 15:49
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

levon 11.04.2013 16:25
Hallo cosinus :),

hier nun der ComboFix-Log:

Code:
ComboFix 13-04-10.02 - admin 11.04.2013  17:02:14.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3037.1976 [GMT 2:00]
ausgeführt von:: c:\users\Ich\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ich\4.0
c:\windows\system32\SET3EF0.tmp
c:\windows\system32\SET4559.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-03-11 bis 2013-04-11  ))))))))))))))))))))))))))))))
.
.
2013-04-11 15:10 . 2013-04-11 15:10        --------        d-----w-        c:\users\Ich\AppData\Local\temp
2013-04-11 15:10 . 2013-04-11 15:10        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-04-11 15:10 . 2013-04-11 15:11        --------        d-----w-        c:\users\admin\AppData\Local\temp
2013-04-11 15:03 . 2013-04-11 15:03        60872        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{34C71754-F53C-47A1-902C-04782AA57047}\offreg.dll
2013-04-10 20:11 . 2013-02-21 10:30        217600        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll
2013-04-10 16:14 . 2013-04-10 16:14        --------        d-----w-        c:\users\admin\AppData\Roaming\Malwarebytes
2013-04-10 16:14 . 2013-04-10 16:14        --------        d-----w-        c:\programdata\Malwarebytes
2013-04-10 16:14 . 2013-04-10 16:14        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-04-10 16:14 . 2013-04-04 12:50        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-04-10 16:13 . 2013-04-10 16:13        --------        d-----w-        c:\users\admin\AppData\Local\Programs
2013-04-10 16:05 . 2013-03-01 03:09        2347008        ----a-w-        c:\windows\system32\win32k.sys
2013-04-10 16:05 . 2013-02-15 04:37        3217408        ----a-w-        c:\windows\system32\mstscax.dll
2013-04-10 16:05 . 2013-02-15 04:34        131584        ----a-w-        c:\windows\system32\aaclient.dll
2013-04-10 16:05 . 2013-02-15 03:25        36864        ----a-w-        c:\windows\system32\tsgqec.dll
2013-04-10 16:04 . 2013-03-19 05:04        3968856        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-04-10 16:04 . 2013-03-19 05:04        3913560        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-04-10 16:04 . 2013-03-19 04:48        38912        ----a-w-        c:\windows\system32\csrsrv.dll
2013-04-10 16:04 . 2013-03-19 02:49        69632        ----a-w-        c:\windows\system32\smss.exe
2013-04-10 16:04 . 2013-03-02 05:07        1212264        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-10 16:04 . 2013-01-24 04:47        196328        ----a-w-        c:\windows\system32\drivers\fvevol.sys
2013-04-09 09:55 . 2013-03-15 07:21        7108640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{34C71754-F53C-47A1-902C-04782AA57047}\mpengine.dll
2013-04-06 16:48 . 2013-04-06 16:48        --------        d-----w-        c:\windows\system32\wbem\en-US
2013-04-05 21:42 . 2013-04-05 21:42        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-30 22:30 . 2013-03-30 22:30        --------        d-----w-        c:\users\admin\AppData\Roaming\OpenOffice.org
2013-03-30 22:28 . 2013-03-30 22:28        --------        d-----w-        c:\users\admin\AppData\Roaming\Avira
2013-03-24 09:59 . 2013-03-24 09:59        --------        d-----w-        c:\users\Ich\AppData\Roaming\Avira
2013-03-24 09:54 . 2013-03-28 09:12        84744        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-03-24 09:54 . 2013-03-28 09:12        37352        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-03-24 09:54 . 2013-03-28 09:12        135136        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-03-24 09:54 . 2013-03-24 09:54        --------        d-----w-        c:\program files\Avira
2013-03-20 21:05 . 2013-02-12 03:32        15872        ----a-w-        c:\windows\system32\drivers\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-21 11:54 . 2012-10-08 18:08        861088        ----a-w-        c:\windows\system32\npDeployJava1.dll
2013-03-21 11:54 . 2010-11-22 13:04        782240        ----a-w-        c:\windows\system32\deployJava1.dll
2013-03-19 18:34 . 2012-04-03 10:41        693976        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-03-19 18:34 . 2011-05-30 18:39        73432        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-11 23:10 . 2010-01-31 10:41        237088        ------w-        c:\windows\system32\MpSigStub.exe
2013-02-12 04:48 . 2013-03-19 17:21        474112        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-19 17:21        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-02-05 20:36 . 2010-06-27 20:22        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-05 20:30 . 2010-06-27 20:22        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-05 20:30 . 2010-07-02 12:48        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-01-24 17:30 . 2010-06-24 13:24        893552        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-01-24 17:29 . 2010-06-24 13:15        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-24 17:29 . 2010-06-24 13:15        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-19 17:56 . 2013-03-19 17:56        263064        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-02-08 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-05-27 375296]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-02-08 1644680]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-28 345312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]
"Z1"="c:\users\Ich\Desktop\mbar-1.01.0.1022\mbar\mbar.exe" [2013-04-11 1363016]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\Mobile Partner\UpdateDog\ouc.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 41695402
*NewlyCreated* - 75610312
*NewlyCreated* - ASWMBR
*NewlyCreated* - UGDDAPOB
*Deregistered* - 41695402
*Deregistered* - 75610312
*Deregistered* - aswMBR
*Deregistered* - ugddapob
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 18:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{207CF46E-06F6-44F9-92EF-6BCE91A74B41}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{46D50210-7A62-4338-A6F6-8303BF35686A}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{48A0CE4C-692F-4871-BA11-49398ABF9F30}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{A50637DA-74A3-4D25-B99E-82B4B23F0C5E}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{CA47CB26-4693-46AE-A6C4-16926F19FBD4}: NameServer = 193.189.244.206 193.189.244.225
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hynkrtid.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2013-02-12 19:42; toolbar@ask.com; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hynkrtid.default\extensions\toolbar@ask.com
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-11  17:13:51
ComboFix-quarantined-files.txt  2013-04-11 15:13
.
Vor Suchlauf: 9 Verzeichnis(se), 63.260.598.272 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 63.623.446.528 Bytes frei
.
- - End Of File - - A3FA7EF071F84906731DFAFDB3914726

cosinus 12.04.2013 12:20
JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

levon 12.04.2013 20:28
JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by admin on 12.04.2013 at 20:55:06,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasmancs



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\hynkrtid.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\hynkrtid.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\hynkrtid.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\hynkrtid.default\prefs.js

user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
user_pref("extensions.asktb.apn_dbr", "ff_15.0.1");
user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
user_pref("extensions.asktb.cbid", "^ABT");
user_pref("extensions.asktb.config-updated", true);
user_pref("extensions.asktb.crumb", "2013.02.12+10.41.31-toolbar002iad-DE-TXVuaWNoLEdlcm1hbnk%3D");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar&locale={locale}");
user_pref("extensions.asktb.domain", "avira-int.ask.com");
user_pref("extensions.asktb.domainName", "avira-int.ask.com");
user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
user_pref("extensions.asktb.ff-original-keyword-url", "");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "0a52e595-6f8c-416f-a1d8-fac4f371e78f");
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.if", "first");
user_pref("extensions.asktb.keyword-toggled-in-session", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1365357306564");
user_pref("extensions.asktb.last-search-timestamp", "1365357847020");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.localePref", true);
user_pref("extensions.asktb.location", "Munich,Germany");
user_pref("extensions.asktb.new-tab-opt-out", true);
user_pref("extensions.asktb.notification-shown", true);
user_pref("extensions.asktb.o", "APN10395");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "20");
user_pref("extensions.asktb.sa", "YES");
user_pref("extensions.asktb.saguid", "38AF023F-C93E-49BE-BAC0-5EF0E69E326B");
user_pref("extensions.asktb.search-history-queries", "kurt cobain||Online-Trojaner Checker||CCleaner");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.timeinstalled", "12.02.2013 19:42:33");
user_pref("extensions.asktb.to", "");
user_pref("extensions.asktb.v", "3.15.18.100015");
user_pref("extensions.asktb.version", "5.15.18.37268");
Emptied folder: C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\hynkrtid.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.04.2013 at 20:58:06,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner:

Code:
# AdwCleaner v2.200 - Datei am 12/04/2013 um 21:08:02 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : admin - PRIVATE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ich\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\b1rs201o.default\foxydeal.sqlite
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Ich\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hynkrtid.default\prefs.js

Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.enabledAddons", "toolbar%40ask.com:3.15.18.100015,%7B972ce4c6-7e08-4474-a285-3[...]

Datei : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\b1rs201o.default\prefs.js

Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]

*************************

AdwCleaner[S1].txt - [6813 octets] - [12/04/2013 21:08:02]

########## EOF - \AdwCleaner[S1].txt - [6873 octets] ##########

OTL.Txt:

Code:
OTL logfile created on: 12.04.2013 21:16:39 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Ich\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 62,28% Memory free
5,93 Gb Paging File | 4,74 Gb Available in Paging File | 79,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 59,66 Gb Free Space | 41,99% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 2,55 Gb Free Space | 1,78% Space Free | Partition Type: NTFS
Drive F: | 33,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PRIVATE | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Ich\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\Mobile Partner\Mobile Partner.exe ()
PRC - C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe ()
PRC - C:\ProgramData\DatacardService\HWDeviceService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\Mobile Partner\Mobile Partner.exe ()
MOD - C:\Program Files\Mobile Partner\XFramePlugin.dll ()
MOD - C:\Program Files\Mobile Partner\XCodec.dll ()
MOD - C:\Program Files\Mobile Partner\Win7Support.dll ()
MOD - C:\Program Files\Mobile Partner\QtGui4.dll ()
MOD - C:\Program Files\Mobile Partner\QtCore4.dll ()
MOD - C:\Program Files\Mobile Partner\QtNetwork4.dll ()
MOD - C:\Program Files\Mobile Partner\NDISAPI.dll ()
MOD - C:\Program Files\Mobile Partner\AddrBookPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\SMSUIPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\AddrBookUIPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\SmsAppPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\CallAppPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\CallLogSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\PluginContainer.dll ()
MOD - C:\Program Files\Mobile Partner\DeviceMgrUIPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\NetInfoUIExPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\DialupUIPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\USSDUIPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\core.dll ()
MOD - C:\Program Files\Mobile Partner\QtXml4.dll ()
MOD - C:\Program Files\Mobile Partner\Proxy.dll ()
MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qtiff4.dll ()
MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qmng4.dll ()
MOD - C:\Program Files\Mobile Partner\DeviceAppPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\NetConnectPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\StatusBarMgrPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\DeviceSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\MenuMgrPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\NetInfoSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\LiveUpdateInterface.dll ()
MOD - C:\Program Files\Mobile Partner\AddrBookSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\sdk.dll ()
MOD - C:\Program Files\Mobile Partner\AtCodec.dll ()
MOD - C:\Program Files\Mobile Partner\NetSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\Common.dll ()
MOD - C:\Program Files\Mobile Partner\SmsSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\DialUpPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\ToolBarMgrPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Mobile Partner\NDISPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\CallSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\NetConnectSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\DataServicePlugin.dll ()
MOD - C:\Program Files\Mobile Partner\STKSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\USSDSrvPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\Trace.dll ()
MOD - C:\Program Files\Mobile Partner\OSDialup.dll ()
MOD - C:\Program Files\Mobile Partner\OSNDIS.dll ()
MOD - C:\Program Files\Mobile Partner\ATR2SMgr.dll ()
MOD - C:\Program Files\Mobile Partner\LayoutPlugin.dll ()
MOD - C:\Program Files\Mobile Partner\OSAdapt.dll ()
MOD - C:\Program Files\Mobile Partner\NotifyServicePlugin.dll ()
MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files\Mobile Partner\OSPowerMgr.dll ()
MOD - C:\Program Files\Mobile Partner\OSCall.dll ()
MOD - C:\Program Files\Mobile Partner\libgcc_s_dw2-1.dll ()
MOD - C:\Program Files\Mobile Partner\mingwm10.dll ()
MOD - C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Mobile Partner. RunOuc) -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe ()
SRV - (HWDeviceService.exe) -- C:\ProgramData\DatacardService\HWDeviceService.exe ()
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found
DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found
DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found
DRV - (massfilter_hs) -- system32\drivers\massfilter_hs.sys File not found
DRV - (massfilter) -- system32\drivers\massfilter.sys File not found
DRV - (catchme) -- C:\Users\admin\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ANDModem) -- C:\Windows\System32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\Windows\System32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\Windows\System32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\Windows\System32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (ewusbmbb) -- C:\Windows\System32\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes\{22F0B17F-A86E-4C0A-AA5C-6119E3002EBA}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=0a52e595-6f8c-416f-a1d8-fac4f371e78f&apn_sauid=38AF023F-C93E-49BE-BAC0-5EF0E69E326B
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 09:43:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 09:43:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 09:43:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 09:43:33 | 000,000,000 | ---D | M]
 
[2010.01.31 12:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2013.04.12 20:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\hynkrtid.default\extensions
[2010.04.28 17:44:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\hynkrtid.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.04.12 09:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HYNKRTID.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2013.04.12 09:43:37 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.12 20:50:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.12 20:50:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.02.12 20:50:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.12 20:50:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.12 20:50:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.12 20:50:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.11 17:11:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001..\Run: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{207CF46E-06F6-44F9-92EF-6BCE91A74B41}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46D50210-7A62-4338-A6F6-8303BF35686A}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48A0CE4C-692F-4871-BA11-49398ABF9F30}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A50637DA-74A3-4D25-B99E-82B4B23F0C5E}: NameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA47CB26-4693-46AE-A6C4-16926F19FBD4}: NameServer = 193.189.244.206 193.189.244.225
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.03.15 01:27:21 | 000,148,320 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.10.16 11:12:34 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.12 20:54:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.12 20:54:22 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.12 09:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.11 17:13:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.11 17:13:53 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\temp
[2013.04.11 17:10:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.11 17:00:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.11 17:00:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.11 17:00:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.11 17:00:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.11 16:59:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.10 22:11:11 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 22:11:10 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.10 22:11:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.04.10 22:11:10 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 22:11:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 22:11:08 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 22:11:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.04.10 22:11:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.04.10 22:11:08 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.04.10 22:11:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.04.10 18:14:51 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2013.04.10 18:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.10 18:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.10 18:14:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.10 18:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.04.10 18:13:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Programs
[2013.04.10 18:05:04 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.10 18:05:00 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.10 18:05:00 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.10 18:04:54 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 18:04:54 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 18:04:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.05 23:43:49 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.04.05 23:43:49 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.04.05 23:43:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.04.05 23:43:49 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.04.05 23:43:49 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.04.05 23:43:49 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.04.05 23:43:49 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.05 23:43:49 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.05 23:43:49 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.04.05 23:43:49 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.04.05 23:43:49 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.04.05 23:43:49 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.04.05 23:43:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.04.05 23:43:49 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.05 23:43:49 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.04.05 23:43:49 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.05 23:43:48 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.05 23:43:48 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.04.05 23:43:48 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.04.05 23:43:48 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.04.05 23:43:48 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.05 23:43:48 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.04.05 23:43:48 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.05 23:43:48 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.05 23:43:48 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.04.05 23:43:48 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.05 23:42:46 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.04.05 23:42:46 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.04.05 23:42:46 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.04.05 23:42:46 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.04.05 23:42:46 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.04.05 23:42:46 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.04.05 23:42:46 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.04.05 23:42:46 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.04.05 23:42:46 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.04.05 23:42:46 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.04.05 23:42:46 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.04.05 23:42:46 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.04.05 23:42:46 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.04.05 23:42:46 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.04.05 23:42:46 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.04.05 23:42:46 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.04.05 23:42:46 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.05 23:42:46 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.05 23:42:46 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.05 23:42:46 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.05 23:42:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.05 23:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.05 23:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.04.05 23:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.05 23:42:46 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.03.31 00:30:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\OpenOffice.org
[2013.03.31 00:28:20 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Avira
[2013.03.24 11:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.24 11:54:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.24 11:54:54 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.24 11:54:54 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.24 11:54:54 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.24 11:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.03.20 23:05:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.12 21:17:40 | 000,010,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 21:17:40 | 000,010,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 21:09:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.12 21:09:29 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.12 20:53:19 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.12 20:53:19 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.12 20:53:19 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.12 20:53:19 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.12 10:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.11 17:15:01 | 000,017,541 | ---- | M] () -- C:\Users\admin\Desktop\combo.rtf
[2013.04.11 17:11:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.11 16:17:18 | 000,000,512 | ---- | M] () -- C:\Users\admin\Desktop\MBR.dat
[2013.04.10 23:19:22 | 000,330,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.05 23:43:49 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013.04.05 23:43:49 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013.04.05 23:43:49 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013.04.05 23:43:49 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013.04.05 23:43:49 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013.04.05 23:43:49 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013.04.05 23:43:49 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.05 23:43:49 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013.04.05 23:43:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013.04.05 23:43:49 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013.04.05 23:43:49 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013.04.05 23:43:49 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013.04.05 23:43:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013.04.05 23:43:49 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013.04.05 23:43:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013.04.05 23:43:49 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013.04.05 23:43:48 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.05 23:43:48 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013.04.05 23:43:48 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013.04.05 23:43:48 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013.04.05 23:43:48 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013.04.05 23:43:48 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013.04.05 23:43:48 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013.04.05 23:43:48 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.05 23:43:48 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013.04.05 23:43:48 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.04.05 23:43:48 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013.04.05 23:42:46 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013.04.05 23:42:46 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013.04.05 23:42:46 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013.04.05 23:42:46 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.04.05 23:42:46 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.04.05 23:42:46 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013.04.05 23:42:46 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013.04.05 23:42:46 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013.04.05 23:42:46 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.04.05 23:42:46 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013.04.05 23:42:46 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013.04.05 23:42:46 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013.04.05 23:42:46 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013.04.05 23:42:46 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.04.05 23:42:46 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013.04.05 23:42:46 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013.04.05 23:42:46 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.05 23:42:46 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.05 23:42:46 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.05 23:42:46 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.05 23:42:46 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.05 23:42:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.05 23:42:46 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.04.05 23:42:46 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.05 23:42:46 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.31 00:31:22 | 000,001,157 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.03.28 11:12:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.28 11:12:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.28 11:12:36 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.24 11:50:04 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.21 13:54:07 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013.03.21 13:54:07 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013.03.19 20:34:16 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.19 20:34:16 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.03.19 06:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
 
========== Files Created - No Company Name ==========
 
[2013.04.11 17:15:01 | 000,017,541 | ---- | C] () -- C:\Users\admin\Desktop\combo.rtf
[2013.04.11 17:00:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.11 17:00:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.11 17:00:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.11 17:00:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.11 17:00:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.11 16:17:18 | 000,000,512 | ---- | C] () -- C:\Users\admin\Desktop\MBR.dat
[2013.04.05 23:43:48 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.03.31 00:31:22 | 000,001,157 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012.09.21 17:58:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2012.09.21 17:58:16 | 000,002,411 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2010.04.29 19:15:47 | 000,015,326 | ---- | C] () -- C:\Users\admin\AppData\Local\internal.grp
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Extras.Txt:

Code:
OTL Extras logfile created on: 12.04.2013 21:16:39 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Ich\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 62,28% Memory free
5,93 Gb Paging File | 4,74 Gb Available in Paging File | 79,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 59,66 Gb Free Space | 41,99% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 2,55 Gb Free Space | 1,78% Space Free | Partition Type: NTFS
Drive F: | 33,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PRIVATE | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Müller Foto\Müller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files\Müller Foto\Müller Foto\Müller Foto.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27E75EEB-A94E-4D1F-8461-D2F1411F7B9D}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{464D0401-2C66-4BB3-A2E8-A84BF952ED07}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{638EA069-B42F-4006-BA51-52739EB7889E}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{766A7AEA-FEA6-4E7B-98C4-29BD878FFE34}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{8C3DAF3A-1D27-4342-9548-1671CDA331CE}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{CF1B2582-3850-4169-BD4F-07C5F1A24855}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{DB6A46AB-61EA-4FF3-A96D-87E49571190B}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{F542A838-0F15-4678-B6EB-5468758969A6}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"TCP Query User{FA0336ED-FC52-46F1-B103-01DE328BC69B}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{4BA8973F-35B0-448E-AC70-CEABA5FFAFFD}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3BCC5640-5360-11D4-A44A-0000E86D2305}" = Ulead Drop Spot 1.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DEAED7D-E85E-48EB-999E-5B4576A22369}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{764143D0-CBA1-4699-B6D6-4D39A4DB75FB}" = Ulead PhotoImpact 7 SE
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{82CED69E-C96D-401F-A6F3-1128C460712C}" = NetObjects Fusion 9.0
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{99FFFFC6-1A78-4837-AFED-55FAA854AF1F}" = Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C9E6AC9C-4C9A-430C-8CF2-896A6755B6E6}" = SiteStyles Volume 2
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{E2AE8456-CCFE-46C0-8629-71CC507660FC}" = LG SP USB Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"DPP" = Canon Utilities Digital Photo Professional 3.10
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"FormatFactory" = FormatFactory 2.96
"HP Photo Creations" = HP Photo Creations
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Müller Foto" = Müller Foto
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Philips Songbird" = Philips Songbird
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Sarah’s Ranch" = Sarah’s Ranch
"Sarah’s Ranch 2" = Sarah’s Ranch 2
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 12.04.2013 14:59:35 | Computer Name = PRIVATE | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 12.04.2013 15:09:38 | Computer Name = PRIVATE | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 12.04.2013 15:09:38 | Computer Name = PRIVATE | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 12.04.2013 15:09:45 | Computer Name = PRIVATE | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Mobile Partner. OUC erreicht.
 
Error - 12.04.2013 15:09:45 | Computer Name = PRIVATE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet:  %%1053
 
 
< End of report >


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:26 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131