Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Angeblicher Keylogger auf dem Rechner (https://www.trojaner-board.de/134858-angeblicher-keylogger-rechner.html)

Proudgod 13.05.2013 11:57
Angeblicher Keylogger auf dem Rechner
 
Hallo liebe Community,

vor kurzem wurde mir mein Battlenet Account gehackt. Der Support gab mir dann den Tipp es könnte durch einen Keylogger verursacht sein. Nun habe ich einen Avast FullScan ausgeführt, mit keinem Fund. Spybot Search and Destroy Fand einige ungewöhnliche Regestry Einträge darunter eine IE Toolbar, obwohl ich IE gar nicht nutze. Diese wurden auch gefixt.

Nun sitzen hier ja die Experten vom Werk. Was kann ich noch machen um Sicher zu gehen das die Kiste von jeglichem Müll befreit ist? Formatieren ist momentan keine Lösung, obwohl von mir meist präferiert.

Zusätzlich wie schützt man sich heutzutage gegen Plagegeister aller Art? Habe eigentlich einiges hier im Forum durchgearbeitet mit den Win-Account ohne Adminrechte, Windows-Firewall etc. aber wie man sieht kann man trotzdem auf die Nase fallen. Brain 2.0 ist mir übrigens Bewusst, arbeite selber in der IT-Branche, aber in Nachhinein ist das immer leicht zu sagen, aber was der letzendliche Ursacher war weiß man leider nie.

VG
Proudgod

cosinus 13.05.2013 12:06
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Proudgod 13.05.2013 12:15
Hallo cosinus,

vielen Dank für den schnellen Support.

Logs vom Spybot Scan habe ich im Beitrag hinzugefügt.

VG
Proudgod

cosinus 13.05.2013 13:22
Och nö, wieso hast du die Logs in den Anhang gesteckt?! :wtf:
Der Hinweis mit den CODE-Tags war doch deutlich genug :(

Proudgod 13.05.2013 14:17
Hallo,

entschuldige ich dachte mit der Funktion kannst du ein gleichbleibendes Ergebnis erzielen.. Wenn du mir sagst welche Datei besonders wichtig für deine Analyse ist, kann ich sie auch noch gerne als Code Einpflegen.

cosinus 13.05.2013 15:49
Es sollen grundsätzlich ALLE LOGS in code-tags gepostet werden. Nur wenn sie zu groß sind, packst du sie gezippt in den Anahng. Das steht doch alles in den Hinweisen, warum liest du das denn nicht?

Alle folgenden Logs jetzt in code-tags posten und bitte nicht mehr in den Anhang. Danke.


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

Proudgod 13.05.2013 16:15
Spybot LOGS:

Firewall
Code:
SDFSSvc.exe [2013-05-13 12:29:20] 0.0.0.0  Successfully started listening on port 21322.
Checks.130513-1246
IST IM ANHANG ZU FINDEN -> LOG ZU LANG

Scanner
Code:
SDFSSvc.exe [2013-05-13 12:29:20] 0.0.0.0  Successfully started listening on port 21323.
SDFileScanLibrary.dll [2013-05-13 12:29:57] Loaded databases.
OTL SCAN:

OTL.Txt
IM ANHANG WEIL ZU GROSS

Extras.Txt
Code:
OTL Extras logfile created on: 13.05.2013 17:07:06 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Dominik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 56,93% Memory free
7,99 Gb Paging File | 5,81 Gb Available in Paging File | 72,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 22,85 Gb Free Space | 40,95% Space Free | Partition Type: NTFS
Drive D: | 465,66 Gb Total Space | 317,43 Gb Free Space | 68,17% Space Free | Partition Type: NTFS
Drive E: | 298,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: DOMINIK | User Name: Drunkenmaster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-438401567-730785118-3515160458-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-438401567-730785118-3515160458-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{30D6A260-B3C4-46A9-91D4-4597BDD8FCDF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52BFE3E5-0623-4396-BCD5-0AC6B4C326EE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6C20AC24-83CA-4311-BF63-D0161223A3AA}" = rport=445 | protocol=6 | dir=out | app=system |
"{7D1764C7-1D24-4A0F-ABFF-DB6300680416}" = rport=138 | protocol=17 | dir=out | app=system |
"{A1A89200-CDEF-443B-A97A-5293AF283A2A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C15F4900-5AC3-40AB-805E-B2B2C192E20A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC517A63-87D7-4EB8-8CF4-A235C3DD2617}" = rport=139 | protocol=6 | dir=out | app=system |
"{EEDFF032-6189-428E-98B9-1BC4F5055B53}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7B7F5C0-0954-491D-B55F-F9FC0BB1B25F}" = rport=137 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BCB58E-7395-47C6-9510-8FC1C518AC79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3842737E-2D33-47D4-AA2B-4077827DB93E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3946F38A-26FA-4AC3-9CEF-7D315A8D0694}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4B299972-1785-4FFB-916D-F3CC0D1E3176}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E2DDECB-B529-48A9-81AC-AD183AFDE6BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{744C42C8-18D0-4BA6-A5D7-4C3AA97B5453}" = protocol=6 | dir=out | app=system |
"{94A7BC4E-6BD9-4C73-A463-90D005E76517}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A25680CF-5936-4A97-80F3-FB1AF86BF593}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A773C736-B1EE-43B3-8982-2D4ABC3A74C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5484470-C70D-4CAB-864C-B138A5DA0A44}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E7EE5138-2569-4ACF-BD44-7C9EEDE9575D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA5C61B5-D04C-476D-A850-4B65CB4D2030}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{042B10AA-8233-A9E0-4DEB-B7253C686DBB}" = AMD Fuel
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"D3A1A6FCCCB0A9522D676C627C62D37496EAF759" = Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{86095E92-1959-8364-920E-82E81F64F8FB}" = AMD VISION Engine Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D9C4202E-6D51-4B06-A8F1-22316E654BCA}" = Universal Adb Driver
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FE1EFF18-814A-42CE-8470-EC97EDDAF8FF}" = Foxit Reader
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudioCS" = Creative Audio-Systemsteuerung
"avast" = avast! Free Antivirus
"Cisco Packet Tracer 5.3.3_is1" = Cisco Packet Tracer 5.3.3
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Sauerbraten" = Sauerbraten
"STANDARD" = Microsoft Office Standard 2007
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 730" = Counter-Strike: Global Offensive
"VLC media player" = VLC media player 2.0.4
"Winamp" = Winamp
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-438401567-730785118-3515160458-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.4.0.1083
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2013 16:21:12 | Computer Name = Dominik | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 13.02.2013 16:21:12 | Computer Name = Dominik | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 13.02.2013 16:23:07 | Computer Name = Dominik | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_ShellHWDetection, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version:
 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000077cb000a
ID
 des fehlerhaften Prozesses: 0x3d0  Startzeit der fehlerhaften Anwendung: 0x01ce0a27cf0c4141
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 2d39ee23-761b-11e2-a9ed-00241d213ba3
 
Error - 13.02.2013 16:24:54 | Computer Name = Dominik | Source = ESENT | ID = 215
Description = WinMail (3040) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 13.02.2013 16:24:57 | Computer Name = Dominik | Source = ESENT | ID = 215
Description = WinMail (2616) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 13.02.2013 16:26:37 | Computer Name = Dominik | Source = .NET Runtime Optimization Service | ID = 1107
Description =
 
Error - 13.02.2013 16:26:37 | Computer Name = Dominik | Source = .NET Runtime Optimization Service | ID = 1107
Description =
 
Error - 13.02.2013 16:26:37 | Computer Name = Dominik | Source = .NET Runtime Optimization Service | ID = 1107
Description =
 
Error - 13.02.2013 16:26:37 | Computer Name = Dominik | Source = .NET Runtime Optimization Service | ID = 1107
Description =
 
Error - 13.02.2013 16:26:37 | Computer Name = Dominik | Source = .NET Runtime Optimization Service | ID = 1107
Description =
 
[ Spybot - Search and Destroy Events ]
Error - 13.05.2013 06:48:50 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.05.2013 06:49:07 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.05.2013 06:49:18 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.05.2013 06:49:21 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.05.2013 06:49:24 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.05.2013 06:49:25 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.05.2013 06:49:27 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 27.04.2013 13:32:41 | Computer Name = Dominik | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?04.?2013 um 17:33:50 unerwartet heruntergefahren.
 
Error - 30.04.2013 13:37:38 | Computer Name = Dominik | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 30.04.2013 13:37:38 | Computer Name = Dominik | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 05.05.2013 07:56:22 | Computer Name = Dominik | Source = DCOM | ID = 10010
Description =
 
Error - 08.05.2013 10:31:59 | Computer Name = Dominik | Source = DCOM | ID = 10010
Description =
 
Error - 10.05.2013 03:57:01 | Computer Name = Dominik | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 10.05.2013 03:57:01 | Computer Name = Dominik | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 10.05.2013 03:57:02 | Computer Name = Dominik | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 10.05.2013 03:57:02 | Computer Name = Dominik | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 10.05.2013 03:57:03 | Computer Name = Dominik | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
< End of report >

cosinus 13.05.2013 16:16
Das andere Log von OTL fehlt

Proudgod 13.05.2013 16:19
Ja so schnell bin ich dann doch nicht, ist jetzt drin..

cosinus 14.05.2013 08:13
Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Proudgod 14.05.2013 10:41
Hallo cosinus,

vielen Dank für deine Hilfe hier die versprochenden Logfiles:

Gmer
Zu groß ist im Anhang zu finden!

MBAR
Code:
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Drunkenmaster :: DOMINIK [limited]

14.05.2013 11:39:10
mbar-log-2013-05-14 (11-39-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28743
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
VG
Proudgod

cosinus 14.05.2013 10:42
aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Proudgod 14.05.2013 10:55
aswMBR

Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-14 11:50:41
-----------------------------
11:50:41.202    OS Version: Windows x64 6.1.7601 Service Pack 1
11:50:41.202    Number of processors: 4 586 0x403
11:50:41.202    ComputerName: DOMINIK  UserName:
11:50:43.279    Initialize success
11:50:43.621    AVAST engine defs: 13051400
11:51:26.335    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:51:26.337    Disk 0 Vendor: KINGSTON_SVP200S360G 503ABBF0 Size: 57241MB BusType: 11
11:51:26.338    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
11:51:26.339    Disk 1 Vendor: WDC_WD5000AAKS-00A7B0 01.03B01 Size: 476938MB BusType: 11
11:51:26.376    Disk 0 MBR read successfully
11:51:26.377    Disk 0 MBR scan
11:51:26.380    Disk 0 Windows 7 default MBR code
11:51:26.382    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
11:51:26.388    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        57139 MB offset 206848
11:51:26.423    Disk 0 scanning C:\Windows\system32\drivers
11:51:30.369    Service scanning
11:51:33.588    Modules scanning
11:51:33.593    Disk 0 trace - called modules:
11:51:33.601    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:51:33.604    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049b4790]
11:51:33.607    3 CLASSPNP.SYS[fffff880019a443f] -> nt!IofCallDriver -> [0xfffffa800450e9b0]
11:51:33.610    5 ACPI.sys[fffff88000f2a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004998680]
11:51:33.742    AVAST engine scan C:\Windows
11:51:34.895    AVAST engine scan C:\Windows\system32
11:52:45.948    AVAST engine scan C:\Windows\system32\drivers
11:52:47.806    AVAST engine scan C:\Users\Drunkenmaster
11:52:53.387    AVAST engine scan C:\ProgramData
11:53:01.342    Scan finished successfully
11:53:27.501    Disk 0 MBR has been saved successfully to "C:\Users\Dominik\Desktop\MBR.dat"
11:53:27.504    The log file has been saved successfully to "C:\Users\Dominik\Desktop\aswMBR.txt"


TDSSKiller

Code:
11:53:43.0571 5764  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:53:43.0771 5764  ============================================================
11:53:43.0772 5764  Current date / time: 2013/05/14 11:53:43.0771
11:53:43.0772 5764  SystemInfo:
11:53:43.0772 5764 
11:53:43.0772 5764  OS Version: 6.1.7601 ServicePack: 1.0
11:53:43.0772 5764  Product type: Workstation
11:53:43.0772 5764  ComputerName: DOMINIK
11:53:43.0772 5764  UserName: Drunkenmaster
11:53:43.0772 5764  Windows directory: C:\Windows
11:53:43.0772 5764  System windows directory: C:\Windows
11:53:43.0772 5764  Running under WOW64
11:53:43.0772 5764  Processor architecture: Intel x64
11:53:43.0772 5764  Number of processors: 4
11:53:43.0772 5764  Page size: 0x1000
11:53:43.0772 5764  Boot type: Normal boot
11:53:43.0772 5764  ============================================================
11:53:43.0940 5764  Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C64D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
11:53:43.0948 5764  Drive \Device\Harddisk1\DR1 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xEC93A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
11:53:43.0951 5764  ============================================================
11:53:43.0951 5764  \Device\Harddisk0\DR0:
11:53:43.0951 5764  MBR partitions:
11:53:43.0951 5764  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:53:43.0951 5764  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
11:53:43.0951 5764  \Device\Harddisk1\DR1:
11:53:43.0951 5764  MBR partitions:
11:53:43.0951 5764  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:53:43.0951 5764  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A351800
11:53:43.0951 5764  ============================================================
11:53:43.0952 5764  C: <-> \Device\Harddisk0\DR0\Partition2
11:53:43.0976 5764  D: <-> \Device\Harddisk1\DR1\Partition2
11:53:43.0976 5764  ============================================================
11:53:43.0976 5764  Initialize success
11:53:43.0976 5764  ============================================================
11:53:56.0245 5908  ============================================================
11:53:56.0245 5908  Scan started
11:53:56.0245 5908  Mode: Manual; SigCheck; TDLFS;
11:53:56.0245 5908  ============================================================
11:53:56.0424 5908  ================ Scan system memory ========================
11:53:56.0424 5908  System memory - ok
11:53:56.0424 5908  ================ Scan services =============================
11:53:56.0467 5908  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:53:56.0524 5908  1394ohci - ok
11:53:56.0530 5908  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:53:56.0545 5908  ACPI - ok
11:53:56.0548 5908  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
11:53:56.0568 5908  AcpiPmi - ok
11:53:56.0594 5908  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:53:56.0606 5908  AdobeFlashPlayerUpdateSvc - ok
11:53:56.0614 5908  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
11:53:56.0630 5908  adp94xx - ok
11:53:56.0636 5908  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
11:53:56.0650 5908  adpahci - ok
11:53:56.0654 5908  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
11:53:56.0666 5908  adpu320 - ok
11:53:56.0671 5908  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
11:53:56.0725 5908  AeLookupSvc - ok
11:53:56.0732 5908  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
11:53:56.0750 5908  AFD - ok
11:53:56.0754 5908  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:53:56.0764 5908  agp440 - ok
11:53:56.0768 5908  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
11:53:56.0781 5908  ALG - ok
11:53:56.0784 5908  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:53:56.0793 5908  aliide - ok
11:53:56.0798 5908  [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:53:56.0819 5908  AMD External Events Utility - ok
11:53:56.0823 5908  AMD FUEL Service - ok
11:53:56.0826 5908  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:53:56.0836 5908  amdide - ok
11:53:56.0839 5908  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
11:53:56.0851 5908  AmdK8 - ok
11:53:56.0958 5908  [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
11:53:57.0097 5908  amdkmdag - ok
11:53:57.0108 5908  [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
11:53:57.0125 5908  amdkmdap - ok
11:53:57.0129 5908  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:53:57.0141 5908  AmdPPM - ok
11:53:57.0145 5908  [ 12A5062C06E03FF70DB47800F91C7A13 ] amdsata        C:\Windows\system32\DRIVERS\amdsata.sys
11:53:57.0159 5908  amdsata - ok
11:53:57.0164 5908  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:53:57.0176 5908  amdsbs - ok
11:53:57.0179 5908  [ 8A7F289B45CEACAC761E14D5FAC59EB9 ] amdxata        C:\Windows\system32\DRIVERS\amdxata.sys
11:53:57.0187 5908  amdxata - ok
11:53:57.0190 5908  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:53:57.0199 5908  AODDriver4.2 - ok
11:53:57.0203 5908  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
11:53:57.0258 5908  AppID - ok
11:53:57.0261 5908  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:53:57.0288 5908  AppIDSvc - ok
11:53:57.0292 5908  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
11:53:57.0317 5908  Appinfo - ok
11:53:57.0321 5908  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\DRIVERS\arc.sys
11:53:57.0331 5908  arc - ok
11:53:57.0335 5908  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:53:57.0345 5908  arcsas - ok
11:53:57.0349 5908  [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
11:53:57.0359 5908  aswFsBlk - ok
11:53:57.0362 5908  [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt      C:\Windows\system32\drivers\aswMonFlt.sys
11:53:57.0372 5908  aswMonFlt - ok
11:53:57.0376 5908  [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
11:53:57.0386 5908  aswRdr - ok
11:53:57.0389 5908  [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt        C:\Windows\system32\drivers\aswRvrt.sys
11:53:57.0399 5908  aswRvrt - ok
11:53:57.0411 5908  [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
11:53:57.0435 5908  aswSnx - ok
11:53:57.0442 5908  [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP          C:\Windows\system32\drivers\aswSP.sys
11:53:57.0456 5908  aswSP - ok
11:53:57.0460 5908  [ D62C10D1829C65115111C160EA956260 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
11:53:57.0470 5908  aswTdi - ok
11:53:57.0474 5908  [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
11:53:57.0485 5908  aswVmm - ok
11:53:57.0488 5908  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:53:57.0515 5908  AsyncMac - ok
11:53:57.0518 5908  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
11:53:57.0527 5908  atapi - ok
11:53:57.0532 5908  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
11:53:57.0541 5908  AtiHDAudioService - ok
11:53:57.0544 5908  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie        C:\Windows\system32\DRIVERS\AtiPcie.sys
11:53:57.0552 5908  AtiPcie - ok
11:53:57.0561 5908  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:53:57.0594 5908  AudioEndpointBuilder - ok
11:53:57.0602 5908  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:53:57.0630 5908  AudioSrv - ok
11:53:57.0636 5908  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
11:53:57.0645 5908  avast! Antivirus - ok
11:53:57.0649 5908  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:53:57.0671 5908  AxInstSV - ok
11:53:57.0678 5908  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbda.sys
11:53:57.0694 5908  b06bdrv - ok
11:53:57.0699 5908  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:53:57.0713 5908  b57nd60a - ok
11:53:57.0718 5908  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:53:57.0730 5908  BDESVC - ok
11:53:57.0733 5908  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:53:57.0759 5908  Beep - ok
11:53:57.0769 5908  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
11:53:57.0800 5908  BFE - ok
11:53:57.0811 5908  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
11:53:57.0847 5908  BITS - ok
11:53:57.0850 5908  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:53:57.0861 5908  blbdrive - ok
11:53:57.0864 5908  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:53:57.0876 5908  bowser - ok
11:53:57.0879 5908  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:53:57.0898 5908  BrFiltLo - ok
11:53:57.0900 5908  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:53:57.0912 5908  BrFiltUp - ok
11:53:57.0915 5908  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
11:53:57.0928 5908  Browser - ok
11:53:57.0934 5908  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
11:53:57.0949 5908  Brserid - ok
11:53:57.0952 5908  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:53:57.0965 5908  BrSerWdm - ok
11:53:57.0968 5908  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:53:57.0980 5908  BrUsbMdm - ok
11:53:57.0983 5908  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:53:57.0995 5908  BrUsbSer - ok
11:53:57.0999 5908  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:53:58.0011 5908  BTHMODEM - ok
11:53:58.0016 5908  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
11:53:58.0043 5908  bthserv - ok
11:53:58.0047 5908  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:53:58.0073 5908  cdfs - ok
11:53:58.0077 5908  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
11:53:58.0089 5908  cdrom - ok
11:53:58.0093 5908  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
11:53:58.0118 5908  CertPropSvc - ok
11:53:58.0122 5908  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:53:58.0135 5908  circlass - ok
11:53:58.0141 5908  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
11:53:58.0155 5908  CLFS - ok
11:53:58.0162 5908  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:53:58.0171 5908  clr_optimization_v2.0.50727_32 - ok
11:53:58.0177 5908  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:53:58.0188 5908  clr_optimization_v2.0.50727_64 - ok
11:53:58.0195 5908  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:53:58.0204 5908  clr_optimization_v4.0.30319_32 - ok
11:53:58.0211 5908  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:53:58.0222 5908  clr_optimization_v4.0.30319_64 - ok
11:53:58.0225 5908  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:53:58.0236 5908  CmBatt - ok
11:53:58.0239 5908  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:53:58.0249 5908  cmdide - ok
11:53:58.0256 5908  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
11:53:58.0277 5908  CNG - ok
11:53:58.0280 5908  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:53:58.0290 5908  Compbatt - ok
11:53:58.0292 5908  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:53:58.0305 5908  CompositeBus - ok
11:53:58.0308 5908  COMSysApp - ok
11:53:58.0311 5908  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
11:53:58.0321 5908  crcdisk - ok
11:53:58.0326 5908  [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
11:53:58.0331 5908  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
11:53:58.0331 5908  Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
11:53:58.0338 5908  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:53:58.0351 5908  CryptSvc - ok
11:53:58.0357 5908  [ 69CDBA2B9C397E349A04FA70DD9170A2 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
11:53:58.0364 5908  CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
11:53:58.0364 5908  CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
11:53:58.0373 5908  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:53:58.0406 5908  DcomLaunch - ok
11:53:58.0412 5908  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
11:53:58.0440 5908  defragsvc - ok
11:53:58.0444 5908  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:53:58.0471 5908  DfsC - ok
11:53:58.0477 5908  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:53:58.0492 5908  Dhcp - ok
11:53:58.0497 5908  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
11:53:58.0523 5908  discache - ok
11:53:58.0527 5908  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:53:58.0537 5908  Disk - ok
11:53:58.0541 5908  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:53:58.0554 5908  Dnscache - ok
11:53:58.0560 5908  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
11:53:58.0587 5908  dot3svc - ok
11:53:58.0592 5908  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
11:53:58.0619 5908  DPS - ok
11:53:58.0623 5908  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
11:53:58.0636 5908  drmkaud - ok
11:53:58.0641 5908  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01    C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:53:58.0653 5908  dtsoftbus01 - ok
11:53:58.0666 5908  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
11:53:58.0688 5908  DXGKrnl - ok
11:53:58.0693 5908  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
11:53:58.0721 5908  EapHost - ok
11:53:58.0753 5908  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\DRIVERS\evbda.sys
11:53:58.0800 5908  ebdrv - ok
11:53:58.0805 5908  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
11:53:58.0818 5908  EFS - ok
11:53:58.0826 5908  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
11:53:58.0843 5908  elxstor - ok
11:53:58.0846 5908  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:53:58.0857 5908  ErrDev - ok
11:53:58.0866 5908  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
11:53:58.0897 5908  EventSystem - ok
11:53:58.0902 5908  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
11:53:58.0930 5908  exfat - ok
11:53:58.0935 5908  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
11:53:58.0963 5908  fastfat - ok
11:53:58.0966 5908  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
11:53:58.0977 5908  fdc - ok
11:53:58.0980 5908  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
11:53:59.0007 5908  fdPHost - ok
11:53:59.0010 5908  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:53:59.0036 5908  FDResPub - ok
11:53:59.0040 5908  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:53:59.0050 5908  FileInfo - ok
11:53:59.0053 5908  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
11:53:59.0079 5908  Filetrace - ok
11:53:59.0082 5908  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:53:59.0092 5908  flpydisk - ok
11:53:59.0098 5908  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:53:59.0111 5908  FltMgr - ok
11:53:59.0124 5908  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
11:53:59.0149 5908  FontCache - ok
11:53:59.0153 5908  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:53:59.0162 5908  FontCache3.0.0.0 - ok
11:53:59.0165 5908  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
11:53:59.0175 5908  FsDepends - ok
11:53:59.0178 5908  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:53:59.0188 5908  Fs_Rec - ok
11:53:59.0192 5908  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:53:59.0207 5908  fvevol - ok
11:53:59.0210 5908  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:53:59.0221 5908  gagp30kx - ok
11:53:59.0230 5908  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
11:53:59.0264 5908  gpsvc - ok
11:53:59.0268 5908  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:53:59.0277 5908  gupdate - ok
11:53:59.0280 5908  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:53:59.0289 5908  gupdatem - ok
11:53:59.0292 5908  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:53:59.0303 5908  hcw85cir - ok
11:53:59.0309 5908  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:53:59.0325 5908  HdAudAddService - ok
11:53:59.0329 5908  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:53:59.0343 5908  HDAudBus - ok
11:53:59.0346 5908  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
11:53:59.0357 5908  HidBatt - ok
11:53:59.0361 5908  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:53:59.0374 5908  HidBth - ok
11:53:59.0377 5908  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
11:53:59.0389 5908  HidIr - ok
11:53:59.0392 5908  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
11:53:59.0419 5908  hidserv - ok
11:53:59.0422 5908  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:53:59.0433 5908  HidUsb - ok
11:53:59.0436 5908  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:53:59.0462 5908  hkmsvc - ok
11:53:59.0468 5908  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:53:59.0482 5908  HomeGroupListener - ok
11:53:59.0487 5908  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:53:59.0500 5908  HomeGroupProvider - ok
11:53:59.0503 5908  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:53:59.0513 5908  HpSAMD - ok
11:53:59.0522 5908  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:53:59.0556 5908  HTTP - ok
11:53:59.0559 5908  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:53:59.0569 5908  hwpolicy - ok
11:53:59.0572 5908  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
11:53:59.0584 5908  i8042prt - ok
11:53:59.0591 5908  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
11:53:59.0605 5908  iaStorV - ok
11:53:59.0616 5908  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:53:59.0636 5908  idsvc - ok
11:53:59.0640 5908  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
11:53:59.0650 5908  iirsp - ok
11:53:59.0660 5908  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:53:59.0695 5908  IKEEXT - ok
11:53:59.0700 5908  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
11:53:59.0709 5908  intelide - ok
11:53:59.0713 5908  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:53:59.0724 5908  intelppm - ok
11:53:59.0727 5908  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
11:53:59.0754 5908  IPBusEnum - ok
11:53:59.0758 5908  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:53:59.0784 5908  IpFilterDriver - ok
11:53:59.0792 5908  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:53:59.0809 5908  iphlpsvc - ok
11:53:59.0813 5908  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
11:53:59.0825 5908  IPMIDRV - ok
11:53:59.0829 5908  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
11:53:59.0855 5908  IPNAT - ok
11:53:59.0858 5908  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:53:59.0877 5908  IRENUM - ok
11:53:59.0880 5908  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:53:59.0890 5908  isapnp - ok
11:53:59.0895 5908  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:53:59.0908 5908  iScsiPrt - ok
11:53:59.0912 5908  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:53:59.0921 5908  kbdclass - ok
11:53:59.0924 5908  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:53:59.0935 5908  kbdhid - ok
11:53:59.0938 5908  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
11:53:59.0949 5908  KeyIso - ok
11:53:59.0953 5908  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:53:59.0963 5908  KSecDD - ok
11:53:59.0967 5908  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
11:53:59.0979 5908  KSecPkg - ok
11:53:59.0982 5908  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
11:54:00.0008 5908  ksthunk - ok
11:54:00.0014 5908  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
11:54:00.0045 5908  KtmRm - ok
11:54:00.0050 5908  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:54:00.0078 5908  LanmanServer - ok
11:54:00.0082 5908  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:54:00.0110 5908  LanmanWorkstation - ok
11:54:00.0115 5908  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:54:00.0140 5908  lltdio - ok
11:54:00.0146 5908  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
11:54:00.0176 5908  lltdsvc - ok
11:54:00.0179 5908  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
11:54:00.0205 5908  lmhosts - ok
11:54:00.0210 5908  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:54:00.0221 5908  LSI_FC - ok
11:54:00.0225 5908  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
11:54:00.0235 5908  LSI_SAS - ok
11:54:00.0238 5908  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:54:00.0248 5908  LSI_SAS2 - ok
11:54:00.0252 5908  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:54:00.0263 5908  LSI_SCSI - ok
11:54:00.0266 5908  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
11:54:00.0294 5908  luafv - ok
11:54:00.0297 5908  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
11:54:00.0307 5908  megasas - ok
11:54:00.0312 5908  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:54:00.0326 5908  MegaSR - ok
11:54:00.0329 5908  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
11:54:00.0356 5908  MMCSS - ok
11:54:00.0360 5908  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
11:54:00.0385 5908  Modem - ok
11:54:00.0388 5908  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
11:54:00.0400 5908  monitor - ok
11:54:00.0403 5908  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:54:00.0413 5908  mouclass - ok
11:54:00.0416 5908  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:54:00.0426 5908  mouhid - ok
11:54:00.0430 5908  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:54:00.0441 5908  mountmgr - ok
11:54:00.0444 5908  [ 8121C6DD654970FEDDBC195596D9706E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:54:00.0454 5908  MozillaMaintenance - ok
11:54:00.0459 5908  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:54:00.0470 5908  mpio - ok
11:54:00.0473 5908  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:54:00.0500 5908  mpsdrv - ok
11:54:00.0511 5908  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:54:00.0547 5908  MpsSvc - ok
11:54:00.0552 5908  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:54:00.0568 5908  MRxDAV - ok
11:54:00.0572 5908  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:54:00.0585 5908  mrxsmb - ok
11:54:00.0591 5908  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:54:00.0604 5908  mrxsmb10 - ok
11:54:00.0609 5908  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:54:00.0619 5908  mrxsmb20 - ok
11:54:00.0623 5908  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:54:00.0632 5908  msahci - ok
11:54:00.0636 5908  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
11:54:00.0647 5908  msdsm - ok
11:54:00.0651 5908  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
11:54:00.0664 5908  MSDTC - ok
11:54:00.0670 5908  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:54:00.0695 5908  Msfs - ok
11:54:00.0698 5908  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
11:54:00.0723 5908  mshidkmdf - ok
11:54:00.0727 5908  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:54:00.0736 5908  msisadrv - ok
11:54:00.0740 5908  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
11:54:00.0768 5908  MSiSCSI - ok
11:54:00.0770 5908  msiserver - ok
11:54:00.0774 5908  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
11:54:00.0800 5908  MSKSSRV - ok
11:54:00.0803 5908  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:54:00.0828 5908  MSPCLOCK - ok
11:54:00.0831 5908  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
11:54:00.0856 5908  MSPQM - ok
11:54:00.0862 5908  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
11:54:00.0877 5908  MsRPC - ok
11:54:00.0882 5908  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:54:00.0891 5908  mssmbios - ok
11:54:00.0894 5908  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
11:54:00.0920 5908  MSTEE - ok
11:54:00.0923 5908  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:54:00.0933 5908  MTConfig - ok
11:54:00.0937 5908  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
11:54:00.0947 5908  Mup - ok
11:54:00.0954 5908  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
11:54:00.0986 5908  napagent - ok
11:54:00.0992 5908  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
11:54:01.0009 5908  NativeWifiP - ok
11:54:01.0021 5908  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:54:01.0043 5908  NDIS - ok
11:54:01.0047 5908  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
11:54:01.0073 5908  NdisCap - ok
11:54:01.0076 5908  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:54:01.0101 5908  NdisTapi - ok
11:54:01.0105 5908  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
11:54:01.0130 5908  Ndisuio - ok
11:54:01.0134 5908  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
11:54:01.0161 5908  NdisWan - ok
11:54:01.0164 5908  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
11:54:01.0190 5908  NDProxy - ok
11:54:01.0193 5908  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
11:54:01.0219 5908  NetBIOS - ok
11:54:01.0224 5908  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
11:54:01.0252 5908  NetBT - ok
11:54:01.0256 5908  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
11:54:01.0267 5908  Netlogon - ok
11:54:01.0273 5908  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
11:54:01.0304 5908  Netman - ok
11:54:01.0311 5908  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
11:54:01.0343 5908  netprofm - ok
11:54:01.0347 5908  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:54:01.0357 5908  NetTcpPortSharing - ok
11:54:01.0360 5908  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
11:54:01.0370 5908  nfrd960 - ok
11:54:01.0376 5908  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:54:01.0390 5908  NlaSvc - ok
11:54:01.0396 5908  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:54:01.0422 5908  Npfs - ok
11:54:01.0426 5908  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
11:54:01.0453 5908  nsi - ok
11:54:01.0456 5908  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:54:01.0482 5908  nsiproxy - ok
11:54:01.0503 5908  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:54:01.0536 5908  Ntfs - ok
11:54:01.0540 5908  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
11:54:01.0566 5908  Null - ok
11:54:01.0570 5908  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:54:01.0581 5908  nvraid - ok
11:54:01.0586 5908  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:54:01.0597 5908  nvstor - ok
11:54:01.0601 5908  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:54:01.0612 5908  nv_agp - ok
11:54:01.0620 5908  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:54:01.0634 5908  odserv - ok
11:54:01.0638 5908  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:54:01.0649 5908  ohci1394 - ok
11:54:01.0653 5908  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:54:01.0664 5908  ose - ok
11:54:01.0678 5908  [ EDD1DCD36F6115ACC6935C3F88FF54D7 ] P17            C:\Windows\system32\drivers\P17.sys
11:54:01.0704 5908  P17 - ok
11:54:01.0711 5908  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:54:01.0727 5908  p2pimsvc - ok
11:54:01.0734 5908  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:54:01.0750 5908  p2psvc - ok
11:54:01.0754 5908  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
11:54:01.0765 5908  Parport - ok
11:54:01.0769 5908  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
11:54:01.0779 5908  partmgr - ok
11:54:01.0784 5908  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:54:01.0800 5908  PcaSvc - ok
11:54:01.0805 5908  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
11:54:01.0817 5908  pci - ok
11:54:01.0820 5908  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
11:54:01.0829 5908  pciide - ok
11:54:01.0834 5908  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:54:01.0847 5908  pcmcia - ok
11:54:01.0851 5908  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
11:54:01.0861 5908  pcw - ok
11:54:01.0869 5908  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:54:01.0904 5908  PEAUTH - ok
11:54:01.0927 5908  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:54:01.0939 5908  PerfHost - ok
11:54:01.0959 5908  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
11:54:02.0001 5908  pla - ok
11:54:02.0009 5908  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:54:02.0025 5908  PlugPlay - ok
11:54:02.0029 5908  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
11:54:02.0042 5908  PNRPAutoReg - ok
11:54:02.0048 5908  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
11:54:02.0061 5908  PNRPsvc - ok
11:54:02.0069 5908  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
11:54:02.0100 5908  PolicyAgent - ok
11:54:02.0106 5908  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
11:54:02.0135 5908  Power - ok
11:54:02.0139 5908  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:54:02.0165 5908  PptpMiniport - ok
11:54:02.0168 5908  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\DRIVERS\processr.sys
11:54:02.0179 5908  Processor - ok
11:54:02.0184 5908  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
11:54:02.0198 5908  ProfSvc - ok
11:54:02.0201 5908  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:54:02.0212 5908  ProtectedStorage - ok
11:54:02.0216 5908  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:54:02.0241 5908  Psched - ok
11:54:02.0259 5908  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:54:02.0289 5908  ql2300 - ok
11:54:02.0294 5908  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:54:02.0305 5908  ql40xx - ok
11:54:02.0310 5908  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
11:54:02.0327 5908  QWAVE - ok
11:54:02.0330 5908  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:54:02.0344 5908  QWAVEdrv - ok
11:54:02.0347 5908  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:54:02.0373 5908  RasAcd - ok
11:54:02.0377 5908  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
11:54:02.0402 5908  RasAgileVpn - ok
11:54:02.0406 5908  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
11:54:02.0434 5908  RasAuto - ok
11:54:02.0438 5908  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
11:54:02.0465 5908  Rasl2tp - ok
11:54:02.0470 5908  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
11:54:02.0500 5908  RasMan - ok
11:54:02.0504 5908  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:54:02.0531 5908  RasPppoe - ok
11:54:02.0535 5908  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
11:54:02.0562 5908  RasSstp - ok
11:54:02.0568 5908  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
11:54:02.0595 5908  rdbss - ok
11:54:02.0599 5908  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:54:02.0611 5908  rdpbus - ok
11:54:02.0614 5908  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:54:02.0640 5908  RDPCDD - ok
11:54:02.0644 5908  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:54:02.0670 5908  RDPENCDD - ok
11:54:02.0674 5908  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:54:02.0699 5908  RDPREFMP - ok
11:54:02.0704 5908  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
11:54:02.0716 5908  RDPWD - ok
11:54:02.0721 5908  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:54:02.0733 5908  rdyboost - ok
11:54:02.0737 5908  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:54:02.0764 5908  RemoteAccess - ok
11:54:02.0769 5908  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:54:02.0797 5908  RemoteRegistry - ok
11:54:02.0800 5908  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:54:02.0827 5908  RpcEptMapper - ok
11:54:02.0830 5908  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
11:54:02.0842 5908  RpcLocator - ok
11:54:02.0849 5908  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
11:54:02.0878 5908  RpcSs - ok
11:54:02.0882 5908  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:54:02.0908 5908  rspndr - ok
11:54:02.0916 5908  [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
11:54:02.0934 5908  RTL8167 - ok
11:54:02.0937 5908  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
11:54:02.0948 5908  SamSs - ok
11:54:02.0951 5908  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:54:02.0962 5908  sbp2port - ok
11:54:02.0967 5908  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:54:02.0996 5908  SCardSvr - ok
11:54:02.0999 5908  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:54:03.0024 5908  scfilter - ok
11:54:03.0037 5908  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
11:54:03.0076 5908  Schedule - ok
11:54:03.0080 5908  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
11:54:03.0104 5908  SCPolicySvc - ok
11:54:03.0109 5908  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:54:03.0123 5908  SDRSVC - ok
11:54:03.0137 5908  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
11:54:03.0160 5908  SDScannerService - ok
11:54:03.0176 5908  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
11:54:03.0202 5908  SDUpdateService - ok
11:54:03.0207 5908  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
11:54:03.0218 5908  SDWSCService - ok
11:54:03.0221 5908  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:54:03.0247 5908  secdrv - ok
11:54:03.0250 5908  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
11:54:03.0277 5908  seclogon - ok
11:54:03.0280 5908  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
11:54:03.0308 5908  SENS - ok
11:54:03.0311 5908  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:54:03.0324 5908  SensrSvc - ok
11:54:03.0326 5908  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
11:54:03.0338 5908  Serenum - ok
11:54:03.0341 5908  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:54:03.0353 5908  Serial - ok
11:54:03.0356 5908  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:54:03.0367 5908  sermouse - ok
11:54:03.0375 5908  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:54:03.0402 5908  SessionEnv - ok
11:54:03.0405 5908  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
11:54:03.0418 5908  sffdisk - ok
11:54:03.0420 5908  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:54:03.0433 5908  sffp_mmc - ok
11:54:03.0436 5908  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
11:54:03.0448 5908  sffp_sd - ok
11:54:03.0451 5908  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
11:54:03.0461 5908  sfloppy - ok
11:54:03.0467 5908  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:54:03.0497 5908  SharedAccess - ok
11:54:03.0503 5908  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:54:03.0534 5908  ShellHWDetection - ok
11:54:03.0537 5908  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:54:03.0547 5908  SiSRaid2 - ok
11:54:03.0550 5908  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:54:03.0561 5908  SiSRaid4 - ok
11:54:03.0565 5908  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
11:54:03.0575 5908  SkypeUpdate - ok
11:54:03.0579 5908  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
11:54:03.0606 5908  Smb - ok
11:54:03.0612 5908  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:54:03.0625 5908  SNMPTRAP - ok
11:54:03.0628 5908  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
11:54:03.0637 5908  spldr - ok
11:54:03.0645 5908  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
11:54:03.0664 5908  Spooler - ok
11:54:03.0702 5908  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
11:54:03.0769 5908  sppsvc - ok
11:54:03.0774 5908  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
11:54:03.0802 5908  sppuinotify - ok
11:54:03.0810 5908  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
11:54:03.0826 5908  srv - ok
11:54:03.0833 5908  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:54:03.0848 5908  srv2 - ok
11:54:03.0853 5908  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:54:03.0865 5908  srvnet - ok
11:54:03.0870 5908  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
11:54:03.0899 5908  SSDPSRV - ok
11:54:03.0902 5908  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
11:54:03.0930 5908  SstpSvc - ok
11:54:03.0933 5908  Steam Client Service - ok
11:54:03.0937 5908  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:54:03.0947 5908  stexstor - ok
11:54:03.0955 5908  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
11:54:03.0978 5908  stisvc - ok
11:54:03.0981 5908  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:54:03.0991 5908  swenum - ok
11:54:03.0998 5908  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
11:54:04.0031 5908  swprv - ok
11:54:04.0052 5908  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
11:54:04.0087 5908  SysMain - ok
11:54:04.0091 5908  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:54:04.0108 5908  TabletInputService - ok
11:54:04.0113 5908  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
11:54:04.0152 5908  TapiSrv - ok
11:54:04.0155 5908  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
11:54:04.0183 5908  TBS - ok
11:54:04.0204 5908  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
11:54:04.0240 5908  Tcpip - ok
11:54:04.0261 5908  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:54:04.0289 5908  TCPIP6 - ok
11:54:04.0295 5908  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:54:04.0306 5908  tcpipreg - ok
11:54:04.0311 5908  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:54:04.0323 5908  TDPIPE - ok
11:54:04.0326 5908  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
11:54:04.0337 5908  TDTCP - ok
11:54:04.0341 5908  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
11:54:04.0367 5908  tdx - ok
11:54:04.0370 5908  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:54:04.0380 5908  TermDD - ok
11:54:04.0390 5908  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
11:54:04.0422 5908  TermService - ok
11:54:04.0426 5908  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
11:54:04.0441 5908  Themes - ok
11:54:04.0445 5908  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
11:54:04.0471 5908  THREADORDER - ok
11:54:04.0475 5908  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
11:54:04.0504 5908  TrkWks - ok
11:54:04.0509 5908  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:54:04.0536 5908  TrustedInstaller - ok
11:54:04.0541 5908  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:54:04.0566 5908  tssecsrv - ok
11:54:04.0570 5908  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:54:04.0582 5908  TsUsbFlt - ok
11:54:04.0586 5908  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:54:04.0612 5908  tunnel - ok
11:54:04.0616 5908  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:54:04.0626 5908  uagp35 - ok
11:54:04.0632 5908  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:54:04.0661 5908  udfs - ok
11:54:04.0667 5908  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
11:54:04.0681 5908  UI0Detect - ok
11:54:04.0684 5908  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:54:04.0694 5908  uliagpkx - ok
11:54:04.0697 5908  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\drivers\umbus.sys
11:54:04.0708 5908  umbus - ok
11:54:04.0711 5908  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:54:04.0722 5908  UmPass - ok
11:54:04.0728 5908  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
11:54:04.0759 5908  upnphost - ok
11:54:04.0763 5908  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
11:54:04.0775 5908  usbccgp - ok
11:54:04.0779 5908  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:54:04.0792 5908  usbcir - ok
11:54:04.0795 5908  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
11:54:04.0806 5908  usbehci - ok
11:54:04.0809 5908  [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter      C:\Windows\system32\DRIVERS\usbfilter.sys
11:54:04.0818 5908  usbfilter - ok
11:54:04.0823 5908  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:54:04.0838 5908  usbhub - ok
11:54:04.0841 5908  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
11:54:04.0852 5908  usbohci - ok
11:54:04.0855 5908  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:54:04.0868 5908  usbprint - ok
11:54:04.0871 5908  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:54:04.0884 5908  USBSTOR - ok
11:54:04.0887 5908  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
11:54:04.0898 5908  usbuhci - ok
11:54:04.0901 5908  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
11:54:04.0930 5908  UxSms - ok
11:54:04.0933 5908  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
11:54:04.0943 5908  VaultSvc - ok
11:54:04.0946 5908  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:54:04.0956 5908  vdrvroot - ok
11:54:04.0964 5908  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
11:54:04.0997 5908  vds - ok
11:54:05.0000 5908  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
11:54:05.0012 5908  vga - ok
11:54:05.0015 5908  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
11:54:05.0041 5908  VgaSave - ok
11:54:05.0046 5908  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
11:54:05.0058 5908  vhdmp - ok
11:54:05.0061 5908  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:54:05.0071 5908  viaide - ok
11:54:05.0074 5908  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:54:05.0084 5908  volmgr - ok
11:54:05.0091 5908  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
11:54:05.0105 5908  volmgrx - ok
11:54:05.0110 5908  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
11:54:05.0124 5908  volsnap - ok
11:54:05.0128 5908  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
11:54:05.0140 5908  vsmraid - ok
11:54:05.0158 5908  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
11:54:05.0203 5908  VSS - ok
11:54:05.0206 5908  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
11:54:05.0220 5908  vwifibus - ok
11:54:05.0226 5908  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
11:54:05.0257 5908  W32Time - ok
11:54:05.0262 5908  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
11:54:05.0273 5908  WacomPen - ok
11:54:05.0276 5908  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:54:05.0302 5908  WANARP - ok
11:54:05.0305 5908  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:54:05.0330 5908  Wanarpv6 - ok
11:54:05.0347 5908  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
11:54:05.0377 5908  wbengine - ok
11:54:05.0382 5908  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:54:05.0398 5908  WbioSrvc - ok
11:54:05.0405 5908  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
11:54:05.0423 5908  wcncsvc - ok
11:54:05.0427 5908  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:54:05.0439 5908  WcsPlugInService - ok
11:54:05.0442 5908  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
11:54:05.0452 5908  Wd - ok
11:54:05.0462 5908  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:54:05.0484 5908  Wdf01000 - ok
11:54:05.0488 5908  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:54:05.0514 5908  WdiServiceHost - ok
11:54:05.0517 5908  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
11:54:05.0532 5908  WdiSystemHost - ok
11:54:05.0537 5908  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
11:54:05.0555 5908  WebClient - ok
11:54:05.0560 5908  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:54:05.0590 5908  Wecsvc - ok
11:54:05.0593 5908  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
11:54:05.0621 5908  wercplsupport - ok
11:54:05.0625 5908  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:54:05.0653 5908  WerSvc - ok
11:54:05.0655 5908  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:54:05.0681 5908  WfpLwf - ok
11:54:05.0683 5908  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:54:05.0693 5908  WIMMount - ok
11:54:05.0695 5908  WinDefend - ok
11:54:05.0699 5908  WinHttpAutoProxySvc - ok
11:54:05.0708 5908  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
11:54:05.0737 5908  Winmgmt - ok
11:54:05.0759 5908  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
11:54:05.0809 5908  WinRM - ok
11:54:05.0817 5908  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:54:05.0830 5908  WinUsb - ok
11:54:05.0841 5908  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
11:54:05.0866 5908  Wlansvc - ok
11:54:05.0869 5908  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
11:54:05.0880 5908  WmiAcpi - ok
11:54:05.0886 5908  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:54:05.0900 5908  wmiApSrv - ok
11:54:05.0903 5908  WMPNetworkSvc - ok
11:54:05.0906 5908  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:54:05.0920 5908  WPCSvc - ok
11:54:05.0924 5908  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:54:05.0944 5908  WPDBusEnum - ok
11:54:05.0948 5908  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
11:54:05.0975 5908  ws2ifsl - ok
11:54:05.0979 5908  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
11:54:05.0995 5908  wscsvc - ok
11:54:05.0998 5908  WSearch - ok
11:54:06.0026 5908  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:54:06.0071 5908  wuauserv - ok
11:54:06.0076 5908  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:54:06.0088 5908  WudfPf - ok
11:54:06.0092 5908  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:54:06.0104 5908  WUDFRd - ok
11:54:06.0108 5908  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
11:54:06.0121 5908  wudfsvc - ok
11:54:06.0126 5908  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
11:54:06.0144 5908  WwanSvc - ok
11:54:06.0147 5908  ================ Scan global ===============================
11:54:06.0151 5908  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:54:06.0155 5908  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:54:06.0162 5908  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:54:06.0168 5908  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:54:06.0174 5908  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:54:06.0179 5908  [Global] - ok
11:54:06.0179 5908  ================ Scan MBR ==================================
11:54:06.0181 5908  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:54:06.0283 5908  \Device\Harddisk0\DR0 - ok
11:54:06.0298 5908  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
11:54:06.0502 5908  \Device\Harddisk1\DR1 - ok
11:54:06.0502 5908  ================ Scan VBR ==================================
11:54:06.0505 5908  [ E35A83F590C0864B41B05288F773EF5E ] \Device\Harddisk0\DR0\Partition1
11:54:06.0506 5908  \Device\Harddisk0\DR0\Partition1 - ok
11:54:06.0509 5908  [ C3D9B9FC623B9240EF85478B1F7FD7FA ] \Device\Harddisk0\DR0\Partition2
11:54:06.0509 5908  \Device\Harddisk0\DR0\Partition2 - ok
11:54:06.0511 5908  [ FE0108DE6184179E1BA692A13CAC734C ] \Device\Harddisk1\DR1\Partition1
11:54:06.0512 5908  \Device\Harddisk1\DR1\Partition1 - ok
11:54:06.0532 5908  [ 04288ADF0E9798A21004FC36E2DCB5EB ] \Device\Harddisk1\DR1\Partition2
11:54:06.0533 5908  \Device\Harddisk1\DR1\Partition2 - ok
11:54:06.0533 5908  ============================================================
11:54:06.0533 5908  Scan finished
11:54:06.0533 5908  ============================================================
11:54:06.0541 0204  Detected object count: 2
11:54:06.0541 0204  Actual detected object count: 2
11:54:26.0577 0204  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:54:26.0577 0204  Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:54:26.0578 0204  CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
11:54:26.0578 0204  CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:54:32.0323 5844  Deinitialize success

cosinus 14.05.2013 13:01
Unauffällig

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

Proudgod 14.05.2013 14:35
JRT
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Drunkenmaster on 14.05.2013 at 14:54:24,92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\sweetpacksupdatemanager_rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Drunkenmaster\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Drunkenmaster\appdata\locallow\sweetim"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Drunkenmaster\appdata\local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.05.2013 at 14:56:58,77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

adwCleaner
Code:
# AdwCleaner v2.300 - Datei am 14/05/2013 um 14:59:58 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Drunkenmaster - DOMINIK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dominik\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Dominik\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\Drunkenmaster\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [3449 octets] - [14/05/2013 14:59:58]

########## EOF - \AdwCleaner[S1].txt - [3509 octets] ##########

OTL Editor
Code:
OTL Extras logfile created on: 14.05.2013 15:04:44 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Dominik\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 60,33% Memory free
7,99 Gb Paging File | 6,18 Gb Available in Paging File | 77,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 22,89 Gb Free Space | 41,02% Space Free | Partition Type: NTFS
Drive D: | 465,66 Gb Total Space | 317,36 Gb Free Space | 68,15% Space Free | Partition Type: NTFS
Drive E: | 298,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: DOMINIK | User Name: Drunkenmaster | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-438401567-730785118-3515160458-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-438401567-730785118-3515160458-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{30D6A260-B3C4-46A9-91D4-4597BDD8FCDF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{52BFE3E5-0623-4396-BCD5-0AC6B4C326EE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6C20AC24-83CA-4311-BF63-D0161223A3AA}" = rport=445 | protocol=6 | dir=out | app=system |
"{7D1764C7-1D24-4A0F-ABFF-DB6300680416}" = rport=138 | protocol=17 | dir=out | app=system |
"{A1A89200-CDEF-443B-A97A-5293AF283A2A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C15F4900-5AC3-40AB-805E-B2B2C192E20A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC517A63-87D7-4EB8-8CF4-A235C3DD2617}" = rport=139 | protocol=6 | dir=out | app=system |
"{EEDFF032-6189-428E-98B9-1BC4F5055B53}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7B7F5C0-0954-491D-B55F-F9FC0BB1B25F}" = rport=137 | protocol=17 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BCB58E-7395-47C6-9510-8FC1C518AC79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3842737E-2D33-47D4-AA2B-4077827DB93E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3946F38A-26FA-4AC3-9CEF-7D315A8D0694}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4B299972-1785-4FFB-916D-F3CC0D1E3176}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E2DDECB-B529-48A9-81AC-AD183AFDE6BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{744C42C8-18D0-4BA6-A5D7-4C3AA97B5453}" = protocol=6 | dir=out | app=system |
"{94A7BC4E-6BD9-4C73-A463-90D005E76517}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A25680CF-5936-4A97-80F3-FB1AF86BF593}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A773C736-B1EE-43B3-8982-2D4ABC3A74C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5484470-C70D-4CAB-864C-B138A5DA0A44}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E7EE5138-2569-4ACF-BD44-7C9EEDE9575D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA5C61B5-D04C-476D-A850-4B65CB4D2030}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{042B10AA-8233-A9E0-4DEB-B7253C686DBB}" = AMD Fuel
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"D3A1A6FCCCB0A9522D676C627C62D37496EAF759" = Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{86095E92-1959-8364-920E-82E81F64F8FB}" = AMD VISION Engine Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D9C4202E-6D51-4B06-A8F1-22316E654BCA}" = Universal Adb Driver
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FE1EFF18-814A-42CE-8470-EC97EDDAF8FF}" = Foxit Reader
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudioCS" = Creative Audio-Systemsteuerung
"avast" = avast! Free Antivirus
"Cisco Packet Tracer 5.3.3_is1" = Cisco Packet Tracer 5.3.3
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo II" = Diablo II
"Diablo III" = Diablo III
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"Mozilla Thunderbird 17.0 (x86 de)" = Mozilla Thunderbird 17.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Sauerbraten" = Sauerbraten
"STANDARD" = Microsoft Office Standard 2007
"StarCraft II" = StarCraft II
"Steam App 10" = Counter-Strike
"Steam App 730" = Counter-Strike: Global Offensive
"VLC media player" = VLC media player 2.0.4
"Winamp" = Winamp
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-438401567-730785118-3515160458-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.4.0.1083
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Spybot - Search and Destroy Events ]
Error - 13.05.2013 06:48:50 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.05.2013 06:49:07 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.05.2013 06:49:18 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.05.2013 06:49:21 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.05.2013 06:49:24 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.05.2013 06:49:25 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 13.05.2013 06:49:27 | Computer Name = Dominik | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 14.05.2013 08:57:58 | Computer Name = Dominik | Source = DCOM | ID = 10010
Description =
 
 
< End of report >

cosinus 14.05.2013 15:26
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Proudgod 14.05.2013 18:50
Malwarebytes Anti-Malware
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dominik :: DOMINIK [limited]

14.05.2013 18:40:21
MBAM-log-2013-05-14 (19-09-24).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 328589
Time elapsed: 17 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
D:\DOS-Games\Die Fugger 2 Portable\DOSBox-Verzeichnis in Windows Explorer öffnen.exe (Trojan.FakeMS) -> No action taken.
D:\DOS-Games\Die Fugger 2 Portable\Installationsverzeichnis in Windows Explorer öffnen.exe (Trojan.FakeMS) -> No action taken.

ESET
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9f02e2596ae1a34db45a6cbe50331300
# engine=13829
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-14 05:49:03
# local_time=2013-05-14 07:49:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 5124062 145263615 0 0
# compatibility_mode=5893 16776573 100 94 17322 120183593 0 0
# scanned=171976
# found=2
# cleaned=0
# scan_time=2213
sh=9588275FF7803065136FC9EAF31BDFC74C97A5E3 ft=1 fh=17c2405dd0893139 vn="multiple threats" ac=I fn="C:\Users\Drunkenmaster\AppData\Local\Temp\YontooSetup-S.exe"
sh=98A035ACB480C0E9DD076C5AF6E6B841E2B43184 ft=0 fh=0000000000000000 vn="a variant of Win32/Agent.UGO trojan" ac=I fn="D:\Daten\Wichtig\Fotos\333035009_neo\CS.rar"

cosinus 15.05.2013 10:04
Zitat:
Database version: v2013.04.04.07
Du hast Malwarebytes vorher nicht aktualisiert. Es wurde doch extra vorher erwähnt!
Bitte updaten und den Vollscan wiederholen.

Proudgod 15.05.2013 18:20
Die Update Funktion war grau unterlegt, stand aber auch nirgends in der Anleitung das man das Programm als Admin starten soll. Daher nahm ich an die Datenbank ist aktuell. Und bevor du jetzt bemängelst das, das jeder Wissen sollte, mir wurde eingetrichtert mich an Anleitungen zu halten.

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.15.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Drunkenmaster :: DOMINIK [Administrator]

15.05.2013 19:00:13
MBAM-log-2013-05-15 (19-20-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395941
Laufzeit: 18 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
D:\DOS-Games\Die Fugger 2 Portable\DOSBox-Verzeichnis in Windows Explorer öffnen.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt.
D:\DOS-Games\Die Fugger 2 Portable\Installationsverzeichnis in Windows Explorer öffnen.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt.

(Ende)

cosinus 15.05.2013 19:32
Ich kann nicht nachvollziehen was du da gemacht hast, wenn du MBAM startest poppt immer die UAC auf und fragt nach Adminrechten bzw. will die Bestätigung von dir. Ein Scan ohne Adminrechte macht auch absolut keinen Sinn.

Woher hast du diese DOS-Games, die MBAM gefunden hat?

Code:
D:\Daten\Wichtig\Fotos\333035009_neo\CS.rar
Was soll das sein?

Proudgod 15.05.2013 20:17
CS.rar ist ein Cheat für die offline Version von Counterstrike gewesen zur Analyse.

DOS-Games von einem bekannten bekommen.

cosinus 15.05.2013 20:22
Sieht soweit ok aus :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Proudgod 15.05.2013 20:28
Also sind die Trojaner nichts befürchten wertes?

Naja ob es in Ordnung war kann man schwer beurteilen wenn ein Keylogger zum Einsatz kam. Wie sichere ich mein System in Zukunft ab? Evtl auch nach dem Formatieren?! :)

cosinus 15.05.2013 20:37
Lesestoff:
Goldene Sicherheitsregeln
Halte Dich am besten grob an diese Regeln:
  1. Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
  2. Halte Windows und alle verwendeten Programme immer aktuell - unterstützen kann dich dabei Secunia PSI
  3. Führe regelmäßig Backups auf externe Medien durch
  4. Arbeite mit eingeschränkten Rechten
  5. automatische Wiedergabe von allen Laufwerken komplett deaktivieren, denn das ist ein unnötiges Sicherheitsrisiko
  6. Bei der Installation von Software möglichst darauf achten, dass die Setups aus offiziellen Quellen stammen und du bei der Installation nach Möglichkeit die benutzerdefinierte Methode wählst - dann hast du die Möglichkeit etwaigen Schrott (wie Toolbars oder sowas wie RegistryBooster) abzuwählen, welcher sonst einfach mitinstalliert wird.
  7. Bösartige bzw. ungewollte Sites von vornherein blockieren lassen mit Hilfe der MVPS Hosts File => Blocking Unwanted Parasites with a Hosts File
  8. Finger weg von: TuneUp, Registry-Cleanern aller Art, Softonic sowie illegalen Cracks/Keygens oder anderen "Tools" um ein kommerzielles Programm ohne Lizenz nutzen zu können
  9. dubiose Seiten bzw. Kinofilm-Streaming-Portale ebenfalls sein lassen, erstens handelt man sich dort schnell Malware ein oder kann in Abofallen geraten und zweitens bewegen sich diese Seiten in einer rechtlichen Grauzone.


Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?

Proudgod 15.05.2013 20:47
Und die Trojaner?

cosinus 15.05.2013 20:55
Was bitte für Trojaner? :wtf:
Die letzten Funde wurden doch geklärt


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:29 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131