Exploits EXP/JAVA.Ivinest.Gen und EXP/CVE-2012-1723

maddin0815 · 30.12.2012, 12:34

Hallo allerseits,

erst mal vorweg, ich bin ein ziemlicher Versager am PC, und wir sind gerade im Urlaub in Spanien und haben den Laptop (compaq 615) meiner Freundin mitgenommen. Um den hab ich mich vorher (leider) nicht gekümmert, außer, dass ich am Anfang Antivir, Spybot und THreadfire installiert hatte.

Wir sind hier mit WLAN des Hotels im Internet. Gestern habe ich nach einer Warnmeldung von Threadfire Spybot durchlaufen lassen, der hatte nur Adware gefunden, aber nach dem, was ich über google hier fand, nichts Bedrohliches (widgi Toolbar).

Heute morgen zeigt Threadfire eine Warnung (etwas mit wermgr.exe, soweit ich mich erinnere). Nachdem ich von meiner Freundin hörte, dass sie Java seit geraumer Zeit nicht aktualiesiert hatte, habe ich versucht, eine aktuelle Version runterzuladen. Das klappte leider nicht, die Anzeige lautete: Download file C:\Users\dresden\AppData\LocalLow\Sun\Java\jre1.7.0_10\java_sp.dll is corrupt.

Dann wollte ich Malwarebytes runterladen, es passierte dasselbe.

Wie kann ich beide Programme jetzt auf den Laptop bekommen?

Eben habe ich Antivir komplett scannen lassen und diese Viren gefunden:

EXP/JAVA.Ivinest.Gen

EXP/CVE-2012-1723

Nach dem, was ich so finden konnte, scheinen die recht übel zu sein. Wie werden wir sie los? Und da hier im Urlaub?

Der Laptop ist ein Compaq 615, den hat sie von ihren Eltern, die ihn nicht brauchten. Es ist ein Gerät ausm Discounter, ich glaube, es war alles vorinstalliert, weiß nicht, ob überhaupt eine DVD dabei war. Können wir den hier neu installieren (wie gesagt, habe wenig Plan von der Materie).

Ihr Laptop hängt mit meinem daheim am selben Router und sie hat auch ab und zu SD-Karten von mir in ihren Laptop gesteckt. Inwieweit besteht auch für mich Gefahr? Werde natürlich nach dem Urlaub alles auf meinem Computer ebenfalls scannen.

Ich bedanke mich vorab für Unterstützung!

Maddin

Hier das Ergebnis von Antivir, lasst mich bitte wissen, was ihr noch wissen wollt (und wie ich das beschaffe):

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 30. Dezember 2012 09:42

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ALMUT

Versionsinformationen:
BUILD.DAT : 13.0.0.2890 48567 Bytes 05.12.2012 17:11:00
AVSCAN.EXE : 13.6.0.402 639264 Bytes 12.12.2012 04:45:42
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 12.12.2012 04:45:42
LUKE.DLL : 13.6.0.400 67360 Bytes 12.12.2012 04:45:51
AVSCPLR.DLL : 13.6.0.402 93984 Bytes 10.12.2012 19:19:22
AVREG.DLL : 13.6.0.406 248096 Bytes 10.12.2012 19:19:21
avlode.dll : 13.6.1.402 428832 Bytes 10.12.2012 19:19:22
avlode.rdf : 13.0.0.26 7958 Bytes 10.12.2012 19:19:22
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 14:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 14:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 14:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 14:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 14:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 14:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 14:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 19:41:28
VBASE008.VDF : 7.11.50.231 2048 Bytes 22.11.2012 19:41:29
VBASE009.VDF : 7.11.50.232 2048 Bytes 22.11.2012 19:41:29
VBASE010.VDF : 7.11.50.233 2048 Bytes 22.11.2012 19:41:29
VBASE011.VDF : 7.11.50.234 2048 Bytes 22.11.2012 19:41:29
VBASE012.VDF : 7.11.50.235 2048 Bytes 22.11.2012 19:41:29
VBASE013.VDF : 7.11.50.236 2048 Bytes 22.11.2012 19:41:29
VBASE014.VDF : 7.11.51.27 133632 Bytes 23.11.2012 07:55:08
VBASE015.VDF : 7.11.51.95 140288 Bytes 26.11.2012 19:57:52
VBASE016.VDF : 7.11.51.221 164352 Bytes 29.11.2012 19:48:37
VBASE017.VDF : 7.11.52.29 158208 Bytes 01.12.2012 12:40:21
VBASE018.VDF : 7.11.52.91 116736 Bytes 03.12.2012 20:24:42
VBASE019.VDF : 7.11.52.151 137728 Bytes 05.12.2012 05:25:13
VBASE020.VDF : 7.11.52.225 157696 Bytes 06.12.2012 18:42:07
VBASE021.VDF : 7.11.53.35 126976 Bytes 08.12.2012 18:20:17
VBASE022.VDF : 7.11.53.55 225792 Bytes 09.12.2012 17:44:47
VBASE023.VDF : 7.11.53.93 157184 Bytes 10.12.2012 19:19:21
VBASE024.VDF : 7.11.53.169 153088 Bytes 12.12.2012 18:42:57
VBASE025.VDF : 7.11.53.237 152064 Bytes 14.12.2012 06:11:25
VBASE026.VDF : 7.11.54.23 149504 Bytes 17.12.2012 13:04:53
VBASE027.VDF : 7.11.54.67 130048 Bytes 18.12.2012 19:27:51
VBASE028.VDF : 7.11.54.153 292352 Bytes 21.12.2012 18:30:46
VBASE029.VDF : 7.11.55.1 300032 Bytes 28.12.2012 18:12:37
VBASE030.VDF : 7.11.55.2 2048 Bytes 28.12.2012 18:12:37
VBASE031.VDF : 7.11.55.36 56320 Bytes 29.12.2012 21:08:02
Engineversion : 8.2.10.224
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 14:42:55
AESCRIPT.DLL : 8.1.4.78 467323 Bytes 20.12.2012 17:23:25
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 18:11:03
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 16:58:06
AERDL.DLL : 8.2.0.74 643445 Bytes 08.11.2012 05:31:24
AEPACK.DLL : 8.3.1.2 819574 Bytes 20.12.2012 17:23:25
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 20:14:25
AEHEUR.DLL : 8.1.4.168 5628280 Bytes 20.12.2012 17:23:24
AEHELP.DLL : 8.1.25.2 258423 Bytes 28.10.2012 13:52:34
AEGEN.DLL : 8.1.6.12 434549 Bytes 13.12.2012 18:11:03
AEEXP.DLL : 8.3.0.4 184692 Bytes 20.12.2012 17:23:25
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 14:42:55
AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 18:11:02
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 20:14:22
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 18:09:30
AVPREF.DLL : 13.4.0.360 50464 Bytes 12.12.2012 04:45:42
AVREP.DLL : 13.4.0.360 177952 Bytes 10.12.2012 19:19:21
AVARKT.DLL : 13.6.0.402 260384 Bytes 12.12.2012 04:45:40
AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 12.12.2012 04:45:41
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 18:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 18:08:54
NETNT.DLL : 13.4.0.360 15648 Bytes 12.12.2012 04:45:51
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 12.12.2012 04:45:34
RCTEXT.DLL : 13.4.0.360 68384 Bytes 12.12.2012 04:45:35

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Sonntag, 30. Dezember 2012 09:42

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil10b.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'CIDGlobalLight.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'DNTPService.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '151' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'UI0Detect.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_135.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_135.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'hphc_service.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '126' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '165' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqToaster.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'Com4QLBEx.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqwmiex.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeaTimer.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'LightScribeControlPanel.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchSettings.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'Updater.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'VolCtrl.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'sttray.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'ModemListener.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'TFTray.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'ipoint.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPWAMain.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'QLBCTRL.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '172' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'TFService.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdfsvc.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'DeviceManager.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApplicationUpdater.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'agrsmsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'aestsrv.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'STacSV.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '164' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1989' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
[0] Archivtyp: Runtime Packed
--> C:\Users\dresden\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\542a325e-4f6e33b2
[1] Archivtyp: ZIP
--> C2.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ivinest.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> C3.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\dresden\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\542a325e-4f6e33b2
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723
Beginne mit der Suche in 'E:\' <HP_TOOLS>

Beginne mit der Desinfektion:
C:\Users\dresden\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\542a325e-4f6e33b2
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56d0b148.qua' verschoben!

Ende des Suchlaufs: Sonntag, 30. Dezember 2012 11:51
Benötigte Zeit: 2:08:29 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

31516 Verzeichnisse wurden überprüft
703816 Dateien wurden geprüft
3 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
703813 Dateien ohne Befall
6487 Archive wurden durchsucht
2 Warnungen
1 Hinweise
717447 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

markusg · 30.12.2012, 14:23

Hi
poste bitte die spybot meldungen.
und die von threadfire
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

maddin0815 · 30.12.2012, 21:18

Hallo, vielen Dank für die schnelle Antwort. Ich bin jetzt wieder im Hotel.

Ich habe zwischenzeitlich einen Komplettscan über Threadfire gemacht. Der teilte mit, dass keine Bedrohung gefunden wurde. Einen Bericht wie bei Antivir habe ich ausgiebig gesucht, aber nichts gefunden. Wo ist der zu finden, falls es ihn gibt?

Auch bei Spybot habe ich nichts gefunden, was wie das Protokoll vom gestrigen Scan bei Antivir aussah. Ich habe Spybot eben noch einmal durchlaufen lassen. Er brachte das Ergebnis: "Widgi.Toolbar 94 Einträge Adware". Die konnten gestern offenbar nicht gelöscht werden. Die andere Adware, die er gestern gefunden hatte, wurde offenbar vollständig entfernt.

Hilft das schon mal weiter, oder kann ich da noch etwas machen?

OTL habe ich noch nicht, werde versuchen, das morgen hinzukriegen: Dazu noch 2 Fragen:

1. Ich muss den Text im scharz umrahmten Kasten (von activex ... bis ... CREATERESTOREPOINT) reinkopieren, richtig?

2. Was heißt alle Programme schließen? Dass ich selber nichts geöffnet habe? Oder dass ich zusätzlich noch Programme die sich beim Start selbst geöffnet haben über den Taskmanager schließe (wenn ja, welche? Ich nehme an, dass sich ggf. gar nicht alle schließen lassen)?

Gruß!

Maddin

Ein kurzes Update: Ich war in der Lage, Malwarebytes und das letzte Java-Update (7/10) zu laden (habe Threadfire und Antivir deaktiviert, dann gings). Ich hoffe, auch das hilft weiter.

Soweit ichs schaffe, kümmere ich mich heute noch um OTL.

Das Resultat des soeben beendeten Malwarebytes Komplettscans lautet:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.12.30.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
dresden :: ALMUT [Administrator]

Schutz: Aktiviert

30.12.2012 21:59:19
mbam-log-2012-12-30 (21-59-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 444375
Laufzeit: 11 Stunde(n), 31 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

maddin0815 · 02.01.2013, 08:53

Noch ein Update: bin leider noch nicht zu OTL gekommen. Hab aber über Nacht noch mal Antivir durclaufen lassen, das nichts gefunden hat.

Gestern kamen noch zwei Warnungen von Threadfire:

C:\\WINDOWS\SYSTEM32\WERMGR.EXE Dieses Programm versucht, auf verdächtige oder unerwartete Weise eine Verbindung mit dem Internet aufzunehmen. (Dies war wohl uach die Meldung, die mich vor ein paar Tagen stutzig machte)

Sowie ...java\jre7\bin\javaw.exe und dieselbe Meldung.

Ich gehe davon aus, dass beides normale Suchen nach Updates sind, oder liege ich da falsch? Ich habe sie trotzdem erst mal beendet.

Es wäre nett, wenn Du mir kurz die Fragen zu OTL beantwortest, ich hoffe, heute Abend kommen wir früher rein, damit ich das angehen kann.

Gruß und frohes Neues Jahr wünschen wir!

Maddin

markusg · 02.01.2013, 20:32

Hi
es währe nett, wenn du einfach nur das machen würdest, was hier steht.
ich hatte nichts von einem neuen Threadfire scan geschrieben, und warte auf die kompletten Spybot und alten threadfire logs.
bei otl, so wie in der Anleitung beschrieben, das aus der Textbox kopieren.

maddin0815 · 02.01.2013, 20:47

Sorry, wenn das jetzt zu viel Text war. Threatfire hatte ich vorher noch gar nicht durchlaufen lassen (das ist dann wohl falsch rübergekommen), ich kann also auch keine alten Logs von Threadfire liefern.

Zu Spybot hatte ich das hier geschrieben: "bei Spybot habe ich nichts gefunden, was wie das Protokoll vom gestrigen Scan bei Antivir aussah" - das wäre wohl das, was Du mit "Logs" meinst.

Wo finde ich alte "Logs" bei Spybot? Ich habe nichts derartiges finden können.

So, ich habe OTl heute Nacht durchlaufen lassen und hoffe, ich habe jetzt alles richtig gemacht.

Ich habe alle Programme geschlossen, die ich geöffnet hatte. Avira und Threadfire waren also noch aktiv. Falls ich welche, die sich beim Start des PCs von alleine öffnen, über den Taskmanager hätte schließen sollen (hatte ja schon weiter oben geschrieben, dass mir das unklar war), bitte kurz ansagen, dann lasse ich das Programm ggf. nochmals durchlaufen.

Hier die Ergebnisse von OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 1/2/2013 9:45:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\dresden\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 46.22% Memory free
3.49 Gb Paging File | 2.04 Gb Available in Paging File | 58.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.75 Gb Total Space | 67.36 Gb Free Space | 51.13% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.71% Space Free | Partition Type: FAT32
 
Computer Name: ALMUT | User Name: dresden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/01/02 21:30:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dresden\Desktop\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/12 05:45:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/12/12 05:45:43 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012/12/12 05:45:43 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/12/12 05:45:41 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/12/12 05:45:41 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/11/28 16:41:36 | 001,123,720 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012/11/28 16:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2012/11/26 15:09:22 | 001,225,312 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\PSIA.exe
PRC - [2012/11/26 15:09:20 | 000,659,040 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012/11/26 15:09:20 | 000,573,024 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2012/10/19 02:26:56 | 001,185,872 | ---- | M] (CallingID Ltd.) -- C:\Program Files\Ask.com\CallingIDSDK\CIDGlobalLight.exe
PRC - [2012/10/19 02:26:06 | 001,573,584 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2012/10/04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/09/05 16:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2011/11/23 21:38:31 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2011/11/23 21:38:30 | 000,254,034 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\STacSV.exe
PRC - [2011/11/23 21:38:28 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\aestsrv.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/22 12:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2011/02/22 12:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2011/01/17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/02/25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2010/01/27 10:08:12 | 000,098,304 | ---- | M] () -- C:\Program Files\VIVACOM 3G USB MODEM\ModemListener.exe
PRC - [2009/11/17 09:44:54 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
PRC - [2009/08/04 07:52:00 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/04 07:51:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/30 15:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/30 15:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/27 16:52:16 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/06/18 17:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/11/17 07:25:18 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/17 07:10:53 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012/11/17 07:10:34 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/17 07:09:27 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/17 07:09:16 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/17 07:08:03 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/17 07:07:50 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/17 07:07:46 | 007,988,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/17 07:07:12 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2011/09/07 20:27:43 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/11/13 01:02:22 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010/11/13 01:02:21 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 02:59:41 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010/05/02 17:00:07 | 000,339,968 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3503.18350__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/05/02 17:00:07 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3503.18369__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/05/02 17:00:06 | 001,732,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3503.18374__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/05/02 17:00:06 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3503.18471__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/05/02 17:00:06 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3503.18376__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/05/02 17:00:06 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3503.18446__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/05/02 17:00:06 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3503.18360__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/05/02 17:00:06 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3503.18419__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/05/02 17:00:06 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3503.18472__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/05/02 17:00:06 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3503.18406__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/05/02 17:00:06 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3503.18360__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/05/02 17:00:05 | 000,331,776 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3503.18426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/05/02 17:00:05 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3503.18471__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2010/05/02 17:00:05 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3503.18427__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/05/02 17:00:05 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3503.18426__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/05/02 17:00:05 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3503.18470__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2010/05/02 17:00:04 | 000,782,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3503.18409__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/05/02 17:00:04 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3503.18439__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/05/02 17:00:04 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3503.18376__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/05/02 17:00:04 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3503.18415__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/05/02 17:00:04 | 000,081,920 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3503.18408__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/05/02 17:00:04 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3503.18415__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/05/02 17:00:03 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3503.18377__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/05/02 17:00:03 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3503.18363__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/05/02 17:00:03 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3503.18407__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/05/02 17:00:03 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3503.18417__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2010/05/02 17:00:03 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3503.18383__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2010/05/02 17:00:03 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/05/02 17:00:03 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3503.18407__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/05/02 17:00:03 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3503.18382__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/05/02 17:00:03 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3503.18408__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/05/02 17:00:03 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3503.18417__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/05/02 17:00:02 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/05/02 17:00:02 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/05/02 17:00:02 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/05/02 17:00:02 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2010/05/02 17:00:02 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/05/02 17:00:02 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/05/02 17:00:02 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/05/02 17:00:02 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/05/02 17:00:01 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/05/02 17:00:01 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/05/02 17:00:01 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/05/02 17:00:01 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/05/02 17:00:01 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/05/02 17:00:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/05/02 17:00:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/05/02 17:00:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/05/02 17:00:01 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/05/02 17:00:00 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/05/02 17:00:00 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/05/02 17:00:00 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/05/02 17:00:00 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/05/02 17:00:00 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2010/05/02 17:00:00 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/05/02 17:00:00 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/05/02 17:00:00 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/05/02 17:00:00 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/05/02 17:00:00 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/05/02 17:00:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/05/02 17:00:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/05/02 17:00:00 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/05/02 16:59:59 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/05/02 16:59:59 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/05/02 16:59:59 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/05/02 16:59:59 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3503.18478__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/05/02 16:59:59 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/05/02 16:59:59 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/05/02 16:59:59 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/05/02 16:59:59 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/05/02 16:59:59 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/05/02 16:59:59 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/05/02 16:59:59 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/05/02 16:59:59 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3503.18344__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/05/02 16:59:58 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3503.18368__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/05/02 16:59:58 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3503.18465__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/05/02 16:59:58 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3503.18463__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/05/02 16:59:58 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3503.18348__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/05/02 16:59:58 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3503.18347__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/05/02 16:59:58 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/05/02 16:59:58 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/05/02 16:59:58 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/05/02 16:59:58 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/05/02 16:59:58 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2010/05/02 16:59:58 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/05/02 16:59:57 | 001,212,416 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3503.18356__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/05/02 16:59:57 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3503.18346__90ba9c70f846762e\APM.Server.dll
MOD - [2010/05/02 16:59:57 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3503.18345__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/05/02 16:59:57 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/05/02 16:59:57 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/05/02 16:59:57 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/05/02 16:59:57 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/05/02 16:59:57 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3503.18464__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/01/27 10:08:12 | 000,098,304 | ---- | M] () -- C:\Program Files\VIVACOM 3G USB MODEM\ModemListener.exe
MOD - [2009/06/17 19:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/17 19:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/17 19:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2008/12/18 23:03:42 | 000,020,480 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/12 20:02:22 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/12 05:45:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/12/12 05:45:43 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/12/12 05:45:41 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/12/06 21:03:09 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/28 16:34:18 | 000,793,600 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/11/26 15:09:22 | 001,225,312 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012/11/26 15:09:20 | 000,659,040 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/09/05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/11/23 21:38:30 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV.exe -- (STacSV)
SRV - [2011/11/23 21:38:28 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\aestsrv.exe -- (AESTFilters)
SRV - [2011/09/16 06:31:26 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/22 12:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/11/17 09:44:54 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager)
SRV - [2009/08/04 07:51:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/30 15:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/27 16:52:16 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/06/18 17:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/13 19:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/12/12 05:45:54 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/12/12 05:45:53 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/11/15 06:56:49 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/11/23 21:38:31 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011/02/22 12:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2011/02/22 12:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011/02/22 12:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/12/07 18:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/11/17 09:44:54 | 000,105,344 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jrdusbser.sys -- (jrdusbser)
DRV - [2009/08/04 08:25:00 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/27 16:52:14 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/20 10:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/02 09:40:34 | 001,765,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/05/16 02:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/16 02:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/16 02:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/16 02:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/16 02:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/05/04 19:30:00 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009/04/29 16:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=92&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=92&bd=all&pf=cmnb
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=92&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {E590FF31-9676-4CA7-8F78-8CAE41E5660F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A463E0E7-8A42-44F5-AAFD-16391CFA613D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=6af91b7c-5c1f-449e-af67-2bb6579cbf9f&apn_sauid=872D8AF2-6F00-4D58-9138-4FF6B8027B58
IE - HKCU\..\SearchScopes\{E590FF31-9676-4CA7-8F78-8CAE41E5660F}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE"
FF - prefs.js..extensions.enabledAddons: pdfforge%40mybrowserbar.com:6.6
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.4
FF - prefs.js..extensions.enabledAddons: %7B91aa5abe-9de4-4347-b7b5-322c38dd9271%7D:3.2
FF - prefs.js..extensions.enabledAddons: %7Bab8568cd-1789-4fc8-a530-218e9eab17e2%7D:0.2.9
FF - prefs.js..extensions.enabledAddons: wtxpcom%40mybrowserbar.com:6.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:5.4
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:5.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {ab8568cd-1789-4fc8-a530-218e9eab17e2}:0.2.9
FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=6af91b7c-5c1f-449e-af67-2bb6579cbf9f&apn_ptnrs=%5EAGS&apn_sauid=872D8AF2-6F00-4D58-9138-4FF6B8027B58&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
FF - prefs.js..network.proxy.http: "188.93.20.179"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/06 21:03:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/30 21:52:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/06 21:03:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/30 21:52:29 | 000,000,000 | ---D | M]
 
[2011/09/08 09:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dresden\AppData\Roaming\mozilla\Extensions
[2012/12/04 21:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dresden\AppData\Roaming\mozilla\Firefox\Profiles\igsu23t0.default\extensions
[2012/10/28 12:44:53 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\dresden\AppData\Roaming\mozilla\Firefox\Profiles\igsu23t0.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2011/09/08 09:38:14 | 000,000,000 | ---D | M] (Clone Window) -- C:\Users\dresden\AppData\Roaming\mozilla\Firefox\Profiles\igsu23t0.default\extensions\{ab8568cd-1789-4fc8-a530-218e9eab17e2}
[2012/10/28 14:51:30 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\dresden\AppData\Roaming\mozilla\Firefox\Profiles\igsu23t0.default\extensions\toolbar@ask.com
[2012/10/28 12:44:51 | 000,183,174 | ---- | M] () (No name found) -- C:\Users\dresden\AppData\Roaming\mozilla\firefox\profiles\igsu23t0.default\extensions\stealthyextension@gmail.com.xpi
[2012/11/24 10:48:51 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\dresden\AppData\Roaming\mozilla\firefox\profiles\igsu23t0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/28 14:51:31 | 000,002,344 | ---- | M] () -- C:\Users\dresden\AppData\Roaming\mozilla\firefox\profiles\igsu23t0.default\searchplugins\askcom.xml
[2012/12/06 21:03:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/12/08 07:15:05 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012/12/04 21:23:06 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2012/12/06 21:03:10 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/25 07:18:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/30 05:46:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/25 07:18:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/25 07:18:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/25 07:18:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/25 07:18:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ModemListener] C:\Program Files\VIVACOM 3G USB MODEM\ModemListener.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [PCSpeedUp] C:\Program Files\PC Beschleunigen\PCSpeedUp.lnk ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\dresden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.10.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 4.4.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C30FE90-8864-4929-8AA8-96E5716DF5B5}: DhcpNameServer = 8.8.8.8 4.4.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F61C1870-0527-40F5-A807-AE1C12E3FAFF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9390c26b-d2a5-11e1-b337-18a905e44e55}\Shell - "" = AutoRun
O33 - MountPoints2\{9390c26b-d2a5-11e1-b337-18a905e44e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{9390c273-d2a5-11e1-b337-18a905e44e55}\Shell - "" = AutoRun
O33 - MountPoints2\{9390c273-d2a5-11e1-b337-18a905e44e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{94a10e7b-d2fc-11e1-bfd8-18a905e44e55}\Shell - "" = AutoRun
O33 - MountPoints2\{94a10e7b-d2fc-11e1-bfd8-18a905e44e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{94a10e7f-d2fc-11e1-bfd8-18a905e44e55}\Shell - "" = AutoRun
O33 - MountPoints2\{94a10e7f-d2fc-11e1-bfd8-18a905e44e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{94a10e83-d2fc-11e1-bfd8-18a905e44e55}\Shell - "" = AutoRun
O33 - MountPoints2\{94a10e83-d2fc-11e1-bfd8-18a905e44e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{94a10ef0-d2fc-11e1-bfd8-18a905e44e55}\Shell - "" = AutoRun
O33 - MountPoints2\{94a10ef0-d2fc-11e1-bfd8-18a905e44e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b2d54096-d3ca-11e1-9432-18a905e44e55}\Shell - "" = AutoRun
O33 - MountPoints2\{b2d54096-d3ca-11e1-9432-18a905e44e55}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/02 21:30:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\dresden\Desktop\OTL.exe
[2012/12/31 21:04:54 | 000,000,000 | ---D | C] -- C:\Users\dresden\AppData\Local\Secunia PSI
[2012/12/31 21:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012/12/30 21:57:24 | 000,000,000 | ---D | C] -- C:\Users\dresden\AppData\Roaming\Malwarebytes
[2012/12/30 21:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/30 21:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/30 21:56:52 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/12/30 21:56:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/12/30 21:56:25 | 000,000,000 | ---D | C] -- C:\Users\dresden\AppData\Local\Programs
[2012/12/30 21:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/12/30 21:52:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/12/27 16:02:15 | 000,000,000 | ---D | C] -- C:\Users\dresden\Desktop\MDR Recherche
[2012/12/14 14:20:05 | 000,000,000 | ---D | C] -- C:\Users\dresden\Desktop\MARTA
[2012/12/14 13:22:41 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012/12/09 12:36:39 | 000,000,000 | ---D | C] -- C:\Users\dresden\Desktop\Neuer Ordner (2)
[2012/12/06 21:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/12/04 21:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012/12/04 21:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012/12/04 21:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
 
========== Files - Modified Within 30 Days ==========
 
[2013/01/02 21:30:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dresden\Desktop\OTL.exe
[2013/01/02 21:05:34 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/02 21:05:34 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/02 21:02:02 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/02 20:57:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/02 20:57:46 | 1406,820,352 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/01 13:27:06 | 000,016,408 | ---- | M] () -- C:\Users\dresden\Desktop\Receipt.jpg
[2012/12/31 21:04:37 | 000,001,068 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/12/30 21:56:55 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/30 14:19:43 | 000,000,330 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFordresden.job
[2012/12/30 10:44:22 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/12/30 10:44:22 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/12/30 10:44:22 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/12/30 10:44:22 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/12/21 07:26:05 | 000,482,832 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/12/14 14:37:19 | 000,401,071 | ---- | M] () -- C:\Users\dresden\Desktop\2(1).JPG
[2012/12/14 14:06:25 | 000,182,969 | R--- | M] () -- C:\Users\dresden\Desktop\dhl_bg.pdf
[2012/12/12 05:45:54 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avipbb.sys
[2012/12/12 05:45:53 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\System32\drivers\avgntflt.sys
[2012/12/09 13:39:58 | 000,404,422 | ---- | M] () -- C:\Users\dresden\Desktop\IMG_0502.JPG
 
========== Files Created - No Company Name ==========
 
[2013/01/01 13:27:06 | 000,016,408 | ---- | C] () -- C:\Users\dresden\Desktop\Receipt.jpg
[2012/12/31 21:04:37 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/12/31 21:04:37 | 000,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/12/30 21:56:55 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/14 14:37:57 | 000,401,071 | ---- | C] () -- C:\Users\dresden\Desktop\2(1).JPG
[2012/12/14 14:06:26 | 000,182,969 | R--- | C] () -- C:\Users\dresden\Desktop\dhl_bg.pdf
[2012/12/09 21:29:22 | 000,404,422 | ---- | C] () -- C:\Users\dresden\Desktop\IMG_0502.JPG
[2012/04/12 08:02:52 | 000,000,479 | ---- | C] () -- C:\Users\dresden\clipdat2.rdf
[2012/03/18 21:30:23 | 000,000,000 | ---- | C] () -- C:\windows\wiso.ini
[2012/01/25 14:30:00 | 000,015,873 | ---- | C] () -- C:\windows\System32\Inetde.dll
[2011/09/07 21:33:13 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2011/09/07 20:45:03 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2010/05/02 14:53:11 | 018,499,623 | ---- | C] () -- C:\Program Files\vlc-1.0.5-win32.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/12/27 20:11:26 | 000,000,000 | ---D | M] -- C:\Users\dresden\AppData\Roaming\BOM
[2012/05/07 19:10:21 | 000,000,000 | ---D | M] -- C:\Users\dresden\AppData\Roaming\IrfanView
[2011/10/26 20:57:41 | 000,000,000 | ---D | M] -- C:\Users\dresden\AppData\Roaming\OpenCandy
[2011/09/13 23:20:46 | 000,000,000 | ---D | M] -- C:\Users\dresden\AppData\Roaming\OpenOffice.org
[2011/10/26 20:58:07 | 000,000,000 | ---D | M] -- C:\Users\dresden\AppData\Roaming\pdfforge
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010/05/02 14:33:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009/07/27 09:31:13 | 000,000,000 | -HSD | M] -- C:\boot
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009/09/10 07:54:04 | 000,000,000 | ---D | M] -- C:\EFI
[2009/09/10 09:15:40 | 000,000,000 | -H-D | M] -- C:\hp
[2009/07/14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/12/31 21:04:34 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/12/30 21:56:54 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012/04/15 20:19:36 | 000,000,000 | ---D | M] -- C:\swsetup
[2013/01/02 21:51:13 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/05/02 14:30:17 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2010/05/02 14:17:12 | 000,000,000 | R--D | M] -- C:\Users
[2012/12/31 19:50:36 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2010/05/01 11:29:48 | 018,499,623 | ---- | M] () -- C:\Program Files\vlc-1.0.5-win32.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009/07/14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009/07/14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009/07/14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009/07/14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010/11/20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009/07/14 05:53:46 | 000,032,632 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2009/07/14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2012/04/19 06:15:56 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2012/11/25 12:49:45 | 000,000,330 | ---- | C] () -- C:\windows\Tasks\HPCeeScheduleFordresden.job
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/08/04 07:52:00 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\windows\system32\ATIDEMGX.dll
 
< %USERPROFILE%\*.* >
[2012/04/12 08:02:52 | 000,000,479 | ---- | M] () -- C:\Users\dresden\clipdat2.rdf
[2013/01/02 22:19:13 | 001,572,864 | -HS- | M] () -- C:\Users\dresden\NTUSER.DAT
[2013/01/02 22:19:13 | 000,262,144 | -HS- | M] () -- C:\Users\dresden\ntuser.dat.LOG1
[2010/05/02 14:17:15 | 000,000,000 | -HS- | M] () -- C:\Users\dresden\ntuser.dat.LOG2
[2010/05/02 15:14:28 | 000,065,536 | -HS- | M] () -- C:\Users\dresden\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/05/02 15:14:28 | 000,524,288 | -HS- | M] () -- C:\Users\dresden\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/05/02 15:14:28 | 000,524,288 | -HS- | M] () -- C:\Users\dresden\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2009/07/27 08:37:06 | 000,000,020 | -HS- | M] () -- C:\Users\dresden\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 1/2/2013 9:45:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\dresden\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.75 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 46.22% Memory free
3.49 Gb Paging File | 2.04 Gb Available in Paging File | 58.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.75 Gb Total Space | 67.36 Gb Free Space | 51.13% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.71% Space Free | Partition Type: FAT32
 
Computer Name: ALMUT | User Name: dresden | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013B8BF9-FB27-487E-95BE-12771706BEE7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1CD7B217-37EB-4B02-85A1-CA25415C1926}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3045A58D-E03C-4295-A304-5D5236D19056}" = lport=139 | protocol=6 | dir=in | app=system | 
"{34C32655-A3C7-400F-916B-F8941CCB859E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3A9B7C25-A3B5-43A5-8E49-F30D524329C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{44100589-938D-42F9-A816-89ECF20ED8D4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4E28D5AE-8E7B-4D70-996F-9B14C79DF92F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4F364C43-85CC-4F41-AAB1-285ABAF4E360}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5E47D31D-9CEB-45EE-898B-88DEFB1AD54E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6C58010B-F1F7-4469-AEA3-DF8D303ED0F2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6D6CC367-949D-4048-866C-8A686FFF4704}" = rport=138 | protocol=17 | dir=out | app=system | 
"{701C7BCC-884D-4E35-87C8-32C78E6DA6C2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{81BC1705-473F-4ED9-A740-BF070A7B73E3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8500C221-6EB6-42C2-A9AF-618CEFE64CA1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8F64413A-08A2-40A7-8F56-6DB02998CE6C}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{928CBC5F-0000-4A87-A17C-718671982A33}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AA6CD8F3-60EA-44E4-8EAD-16B2A1884F95}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AC93AB59-40B1-4016-B50E-D0F20019C0CC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AE3C290D-A1A7-4D31-9C85-ABFCC803CBBE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AECF60CC-9E0A-44F8-B7E8-25E6BB0E91B0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B67CE926-F5D7-4D8A-AB81-8DB406E588C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D02E4282-2B37-4CBE-B4AF-56BE661232D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F7960EDA-4746-433F-BB79-CC9C591C5E47}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21EA6675-9B74-4B7D-9DF2-63CD763ED4DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{47047630-51C9-42B2-AEE3-1615433E933D}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{535DE2DF-4E5B-4984-84DF-65C26C440D67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{58D52883-1324-45E0-97B5-F598B08D80D2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5B496890-2700-4573-B563-A6A02DA7A6E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6716A3D8-B1BA-401F-B216-EBD090A01CE4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{6E087801-AFAF-4A64-945D-FD851069E802}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7EB5D701-8E5F-4DB4-AC6B-6AFB5400F806}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{87967FB2-4229-4FAD-8771-0EAFBC066074}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{90FD3851-08F7-436E-84B8-9AF54537B7AE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{94E4C5BC-64BB-4BEF-8E4F-2757E70ECCA1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9A550BA9-9202-4014-AE9B-DD20AEF379C1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{A53BFF3F-3BB6-4C91-9D6D-481327515F03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B2F5D43E-F305-4780-A218-03365AE8F58C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B902C419-688D-43D8-80CB-C134089F3BEA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BE199FC5-559E-4025-8909-C9FEA62B63DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D1560831-BE34-4115-83D9-9541618A5018}" = protocol=6 | dir=out | app=system | 
"{DFC9BF53-EA3C-4A57-903A-AED8F539838C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EE5B2338-FCBF-4F29-9B7C-090E73BC0352}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe | 
"{F68C8038-0D13-4269-8C89-8CC584F1A38F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{085A087C-8559-AC21-F988-9B885923B58B}" = CCC Help Japanese
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{17BDCAD2-39E2-A44B-CDCA-6854FA71421E}" = Catalyst Control Center Localization All
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1D7DBD8E-4E22-B307-81F4-D55080B16FC7}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{37D6F9FA-A5F2-3040-AF7B-78BE92957D89}" = CCC Help Thai
"{38CA1644-39F5-44EB-F200-DFC6C5E9C5A8}" = CCC Help Chinese Standard
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D833CF3-A3AE-2863-584B-3AD3A0D70981}" = CCC Help Russian
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{511376F5-7E5A-4EC9-B603-193B1D425BC3}" = HP ESU for Microsoft Windows 7
"{52AD35F5-FDA6-6E74-27E4-5EC2BD8A8B29}" = CCC Help Korean
"{52B24A16-729C-BDB9-D921-01556B19283D}" = CCC Help Greek
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{565AEE5D-35E5-0A21-02E2-3DC8CEA652FB}" = Catalyst Control Center Graphics Light
"{57115A63-203E-8864-8951-4D5864D23956}" = CCC Help Norwegian
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{572964E9-BE64-1F57-B672-4D2B7595FAA1}" = Catalyst Control Center Graphics Full Existing
"{5AE47629-FA38-4747-4CEA-1DD2983FA8BF}" = CCC Help German
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5E984B44-B441-5361-B00B-91441EE7B5B4}" = CCC Help English
"{602C75D1-0C09-D216-D83D-F3126AC24A27}" = CCC Help French
"{65739FA2-0444-4AB2-B598-872406539EBD}" = pdfforge Toolbar v6.6
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B20C1C7-2766-DDB8-A02E-D6F9C7341864}" = CCC Help Finnish
"{7EFEE754-EA7D-A79B-8DDA-65CADCAF1AB4}" = Catalyst Control Center InstallProxy
"{7FFAA34E-0AA6-BF03-D37C-7AC5C380CF2F}" = CCC Help Chinese Traditional
"{805F8590-510E-74AD-FC88-ADE4224B8854}" = CCC Help Polish
"{816F5E94-B7FE-43EF-B4E6-F22D40A4AFCC}" = HP User Guides 0133
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{853403A9-70A9-2C60-9E74-67BDC650E820}" = Catalyst Control Center Core Implementation
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87CA636B-85B8-4611-A81D-F97E71024AFD}" = HP Common Access Service Library
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A75B387-6A34-7FBE-3512-89809AF89524}" = CCC Help Hungarian
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8F0EDF80-31C2-FA10-DEE8-BD435A5F7D61}" = ATI Catalyst Install Manager
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E4FC4A7-E9E1-1EF1-104B-ECFB738A1824}" = CCC Help Italian
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{9EE30AB4-1D07-7C32-106D-7AE7CEEFD1EC}" = CCC Help Spanish
"{A45AF5E2-3648-EA45-2A62-C3EA975D57D9}" = Catalyst Control Center Graphics Full New
"{A657B744-4F40-6973-D177-5FD028712702}" = ccc-core-static
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BA728FCC-0B8C-6F7F-B29C-583829D1E8BB}" = CCC Help Dutch
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}" = HP Setup
"{D796ABCD-73D4-F18D-CF80-9BA1BE403933}" = CCC Help Swedish
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E48D0275-B2E0-C879-4B86-506757A16DC7}" = CCC Help Turkish
"{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}" = Windows 7 Default Setting
"{E9B0164A-27EA-4C31-5526-867C6882B60D}" = CCC Help Czech
"{EA891D60-C20D-03C4-88CB-E4597A1753AA}" = CCC Help Portuguese
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = CPQ Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3818CCA-B7E4-2B53-F86E-2D4F195F66F3}" = CCC Help Danish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"IrfanView" = IrfanView (remove only)
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Complete" = PDF Complete Special Edition
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"teltarif.de - Discountsurfer_is1" = Discountsurfer v4.00.401
"VIVACOM 3G USB MODEM ALCATEL_is1" = VIVACOM 3G USB MODEM
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/26/2012 2:05:47 AM | Computer Name = ALMUT | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 11/27/2012 3:58:38 PM | Computer Name = ALMUT | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion Scan_ThreadDone() für die 
Datei  unknown.   [ACCESS_VIOLATION Exception!! EIP = 0x8d082454]   Bitte Avira informieren
 und die obige Datei übersenden!
 
Error - 11/28/2012 3:32:09 AM | Computer Name = ALMUT | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Spigot\Search Settings\SearchSettings64.exe".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11/28/2012 3:38:55 AM | Computer Name = ALMUT | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 11/29/2012 1:55:47 AM | Computer Name = ALMUT | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Spigot\Search Settings\SearchSettings64.exe".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11/29/2012 2:02:23 AM | Computer Name = ALMUT | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 11/30/2012 1:45:11 AM | Computer Name = ALMUT | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Spigot\Search Settings\SearchSettings64.exe".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11/30/2012 1:51:39 AM | Computer Name = ALMUT | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 12/2/2012 4:04:51 AM | Computer Name = ALMUT | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Common
 Files\Spigot\Search Settings\SearchSettings64.exe".  Die abhängige Assemblierung 
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12/2/2012 4:10:50 AM | Computer Name = ALMUT | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ Hewlett-Packard Events ]
Error - 2/5/2012 6:56:18 AM | Computer Name = ALMUT | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

   bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
 RoutedEventArgs e)     bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
 target, RoutedEventArgs routedEventArgs)     bei System.Windows.EventRoute.InvokeHandlersImpl(Object
 source, RoutedEventArgs args, Boolean reRaised)     bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
 sender, RoutedEventArgs args)     bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
 e)     bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
 RoutedEvent routedEvent)     bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
 root)     bei MS.Internal.LoadedOrUnloadedOperation.DoWork()     bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

   bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()     bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
 resizedCompositionTarget)     bei System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
 resizedCompositionTarget)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 7/2/2012 4:57:03 PM | Computer Name = ALMUT | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

   bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
 RoutedEventArgs e)     bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
 target, RoutedEventArgs routedEventArgs)     bei System.Windows.EventRoute.InvokeHandlersImpl(Object
 source, RoutedEventArgs args, Boolean reRaised)     bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
 sender, RoutedEventArgs args)     bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
 e)     bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
 RoutedEvent routedEvent)     bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
 root)     bei MS.Internal.LoadedOrUnloadedOperation.DoWork()     bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

   bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()     bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
 resizedCompositionTarget)     bei System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
 resizedCompositionTarget)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 9/2/2012 2:21:59 PM | Computer Name = ALMUT | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

   bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
 RoutedEventArgs e)     bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
 target, RoutedEventArgs routedEventArgs)     bei System.Windows.EventRoute.InvokeHandlersImpl(Object
 source, RoutedEventArgs args, Boolean reRaised)     bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
 sender, RoutedEventArgs args)     bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
 e)     bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
 RoutedEvent routedEvent)     bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
 root)     bei MS.Internal.LoadedOrUnloadedOperation.DoWork()     bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

   bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()     bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
 resizedCompositionTarget)     bei System.Windows.Media.MediaContext.RenderMessageHandler(Object
 resizedCompositionTarget)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 11/12/2012 3:02:34 AM | Computer Name = ALMUT | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

   bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
 RoutedEventArgs e)     bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
 target, RoutedEventArgs routedEventArgs)     bei System.Windows.EventRoute.InvokeHandlersImpl(Object
 source, RoutedEventArgs args, Boolean reRaised)     bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
 sender, RoutedEventArgs args)     bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
 e)     bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
 RoutedEvent routedEvent)     bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
 root)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
[ System Events ]
Error - 1/2/2013 2:43:30 AM | Computer Name = ALMUT | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 1/2/2013 2:43:30 AM | Computer Name = ALMUT | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 1/2/2013 2:43:30 AM | Computer Name = ALMUT | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 1/2/2013 2:43:30 AM | Computer Name = ALMUT | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 1/2/2013 3:57:57 PM | Computer Name = ALMUT | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 1/2/2013 3:57:57 PM | Computer Name = ALMUT | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 1/2/2013 3:58:22 PM | Computer Name = ALMUT | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 10  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 1/2/2013 3:58:22 PM | Computer Name = ALMUT | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 10  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 1/2/2013 3:58:22 PM | Computer Name = ALMUT | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 1/2/2013 3:58:22 PM | Computer Name = ALMUT | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
 
< End of report >

--- --- ---

VIELEN DANK FÜR DIE BEMÜHUNGEN!

markusg · 03.01.2013, 19:03

ok lassen wir das erst mal mit Spybot
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

maddin0815 · 03.01.2013, 22:36

Der ging aber schnell! Das Programm hat 3 "Risks" gefunden, die ich mit Skip beantwortet habe. Der Report ist dieser:

22:31:16.0130 5128 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:31:18.0150 5128 ============================================================
22:31:18.0150 5128 Current date / time: 2013/01/03 22:31:18.0150
22:31:18.0150 5128 SystemInfo:
22:31:18.0150 5128
22:31:18.0150 5128 OS Version: 6.1.7601 ServicePack: 1.0
22:31:18.0150 5128 Product type: Workstation
22:31:18.0150 5128 ComputerName: ALMUT
22:31:18.0150 5128 UserName: dresden
22:31:18.0150 5128 Windows directory: C:\windows
22:31:18.0150 5128 System windows directory: C:\windows
22:31:18.0150 5128 Processor architecture: Intel x86
22:31:18.0150 5128 Number of processors: 2
22:31:18.0150 5128 Page size: 0x1000
22:31:18.0150 5128 Boot type: Normal boot
22:31:18.0150 5128 ============================================================
22:31:25.0869 5128 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:31:25.0869 5128 ============================================================
22:31:25.0869 5128 \Device\Harddisk0\DR0:
22:31:25.0869 5128 MBR partitions:
22:31:25.0869 5128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
22:31:25.0869 5128 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x10782800
22:31:25.0869 5128 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x10819000, BlocksNum 0x1E00000
22:31:25.0869 5128 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x12619000, BlocksNum 0x3FD800
22:31:25.0869 5128 ============================================================
22:31:25.0899 5128 C: <-> \Device\Harddisk0\DR0\Partition2
22:31:25.0929 5128 E: <-> \Device\Harddisk0\DR0\Partition4
22:31:25.0929 5128 ============================================================
22:31:25.0929 5128 Initialize success
22:31:25.0929 5128 ============================================================
22:32:06.0869 2932 ============================================================
22:32:06.0869 2932 Scan started
22:32:06.0869 2932 Mode: Manual; SigCheck; TDLFS;
22:32:06.0869 2932 ============================================================
22:32:09.0011 2932 ================ Scan system memory ========================
22:32:09.0011 2932 System memory - ok
22:32:09.0011 2932 ================ Scan services =============================
22:32:09.0261 2932 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
22:32:09.0461 2932 1394ohci - ok
22:32:09.0501 2932 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
22:32:09.0541 2932 ACPI - ok
22:32:09.0581 2932 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
22:32:09.0691 2932 AcpiPmi - ok
22:32:09.0781 2932 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:32:09.0821 2932 AdobeFlashPlayerUpdateSvc - ok
22:32:09.0871 2932 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
22:32:09.0931 2932 adp94xx - ok
22:32:09.0961 2932 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
22:32:10.0011 2932 adpahci - ok
22:32:10.0041 2932 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
22:32:10.0081 2932 adpu320 - ok
22:32:10.0141 2932 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
22:32:10.0221 2932 AeLookupSvc - ok
22:32:10.0301 2932 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Program Files\IDT\WDM\aestsrv.exe
22:32:10.0691 2932 AESTFilters - ok
22:32:10.0761 2932 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
22:32:10.0871 2932 AFD - ok
22:32:10.0901 2932 [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
22:32:10.0961 2932 AgereModemAudio - ok
22:32:11.0001 2932 [ FAA5A0B80E011464C7654851CE3D7FE7 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys
22:32:11.0091 2932 AgereSoftModem - ok
22:32:11.0121 2932 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
22:32:11.0171 2932 agp440 - ok
22:32:11.0221 2932 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
22:32:11.0251 2932 aic78xx - ok
22:32:11.0281 2932 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
22:32:11.0371 2932 ALG - ok
22:32:11.0391 2932 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
22:32:11.0421 2932 aliide - ok
22:32:11.0441 2932 [ A236CEE2BF90381E981EBB870429FA9B ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
22:32:11.0521 2932 AMD External Events Utility - ok
22:32:11.0551 2932 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
22:32:11.0591 2932 amdagp - ok
22:32:11.0601 2932 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
22:32:11.0641 2932 amdide - ok
22:32:11.0681 2932 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
22:32:11.0751 2932 AmdK8 - ok
22:32:11.0781 2932 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
22:32:11.0831 2932 AmdPPM - ok
22:32:11.0871 2932 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
22:32:11.0911 2932 amdsata - ok
22:32:11.0941 2932 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
22:32:11.0981 2932 amdsbs - ok
22:32:11.0991 2932 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
22:32:12.0031 2932 amdxata - ok
22:32:12.0121 2932 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:32:12.0161 2932 AntiVirSchedulerService - ok
22:32:12.0291 2932 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:32:12.0341 2932 AntiVirService - ok
22:32:12.0391 2932 [ 255527AB98293EA390352A8C53B0042A ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:32:12.0441 2932 AntiVirWebService - ok
22:32:12.0481 2932 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
22:32:12.0536 2932 AppID - ok
22:32:12.0567 2932 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
22:32:12.0645 2932 AppIDSvc - ok
22:32:12.0755 2932 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
22:32:12.0848 2932 Appinfo - ok
22:32:12.0973 2932 [ 2C349460E40EF6B9604D774AAF367730 ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
22:32:13.0051 2932 Application Updater ( UnsignedFile.Multi.Generic ) - warning
22:32:13.0051 2932 Application Updater - detected UnsignedFile.Multi.Generic (1)
22:32:13.0082 2932 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
22:32:13.0145 2932 arc - ok
22:32:13.0160 2932 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
22:32:13.0191 2932 arcsas - ok
22:32:13.0269 2932 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
22:32:13.0535 2932 AsyncMac - ok
22:32:13.0581 2932 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
22:32:13.0613 2932 atapi - ok
22:32:13.0940 2932 [ A4252328D2B1520571102992EF0B0E5C ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys
22:32:14.0283 2932 atikmdag - ok
22:32:14.0315 2932 [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie.sys
22:32:14.0346 2932 AtiPcie - ok
22:32:14.0393 2932 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
22:32:14.0455 2932 AudioEndpointBuilder - ok
22:32:14.0471 2932 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
22:32:14.0517 2932 Audiosrv - ok
22:32:14.0595 2932 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
22:32:14.0627 2932 avgntflt - ok
22:32:14.0658 2932 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
22:32:14.0689 2932 avipbb - ok
22:32:14.0736 2932 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys
22:32:14.0751 2932 avkmgr - ok
22:32:14.0798 2932 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
22:32:14.0892 2932 AxInstSV - ok
22:32:14.0939 2932 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
22:32:14.0985 2932 b06bdrv - ok
22:32:15.0017 2932 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
22:32:15.0063 2932 b57nd60x - ok
22:32:15.0235 2932 [ B9E94D37FC08525D893B632A0CA2E18C ] BCM43XX C:\windows\system32\DRIVERS\bcmwl6.sys
22:32:15.0344 2932 BCM43XX - ok
22:32:15.0407 2932 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
22:32:15.0469 2932 BDESVC - ok
22:32:15.0500 2932 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
22:32:15.0578 2932 Beep - ok
22:32:15.0812 2932 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
22:32:15.0906 2932 BFE - ok
22:32:16.0124 2932 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll
22:32:16.0249 2932 BITS - ok
22:32:16.0296 2932 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
22:32:16.0343 2932 blbdrive - ok
22:32:16.0374 2932 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
22:32:16.0436 2932 bowser - ok
22:32:16.0467 2932 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
22:32:16.0545 2932 BrFiltLo - ok
22:32:16.0577 2932 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
22:32:16.0639 2932 BrFiltUp - ok
22:32:16.0686 2932 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
22:32:16.0779 2932 Browser - ok
22:32:16.0811 2932 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
22:32:16.0889 2932 Brserid - ok
22:32:16.0920 2932 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
22:32:16.0998 2932 BrSerWdm - ok
22:32:17.0045 2932 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
22:32:17.0091 2932 BrUsbMdm - ok
22:32:17.0123 2932 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
22:32:17.0185 2932 BrUsbSer - ok
22:32:17.0247 2932 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
22:32:17.0325 2932 BthEnum - ok
22:32:17.0341 2932 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
22:32:17.0388 2932 BTHMODEM - ok
22:32:17.0419 2932 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
22:32:17.0481 2932 BthPan - ok
22:32:17.0528 2932 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
22:32:17.0591 2932 BTHPORT - ok
22:32:17.0622 2932 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
22:32:17.0747 2932 bthserv - ok
22:32:17.0793 2932 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
22:32:17.0840 2932 BTHUSB - ok
22:32:17.0871 2932 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
22:32:17.0903 2932 btwaudio - ok
22:32:17.0934 2932 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\windows\system32\drivers\btwavdt.sys
22:32:17.0965 2932 btwavdt - ok
22:32:18.0012 2932 [ 7D2DD14E60CE4FF3308D66FDA7990546 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:32:18.0074 2932 btwdins - ok
22:32:18.0105 2932 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
22:32:18.0137 2932 btwl2cap - ok
22:32:18.0152 2932 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
22:32:18.0183 2932 btwrchid - ok
22:32:18.0215 2932 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
22:32:18.0293 2932 cdfs - ok
22:32:18.0324 2932 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
22:32:18.0371 2932 cdrom - ok
22:32:18.0417 2932 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
22:32:18.0480 2932 CertPropSvc - ok
22:32:18.0527 2932 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
22:32:18.0573 2932 circlass - ok
22:32:18.0605 2932 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
22:32:18.0636 2932 CLFS - ok
22:32:18.0698 2932 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:32:18.0729 2932 clr_optimization_v2.0.50727_32 - ok
22:32:18.0823 2932 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:32:18.0854 2932 clr_optimization_v4.0.30319_32 - ok
22:32:18.0885 2932 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
22:32:18.0917 2932 CmBatt - ok
22:32:18.0948 2932 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
22:32:18.0979 2932 cmdide - ok
22:32:19.0026 2932 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
22:32:19.0088 2932 CNG - ok
22:32:19.0166 2932 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
22:32:19.0197 2932 Com4QLBEx - ok
22:32:19.0229 2932 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
22:32:19.0260 2932 Compbatt - ok
22:32:19.0291 2932 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
22:32:19.0338 2932 CompositeBus - ok
22:32:19.0353 2932 COMSysApp - ok
22:32:19.0369 2932 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
22:32:19.0416 2932 crcdisk - ok
22:32:19.0463 2932 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll
22:32:19.0509 2932 CryptSvc - ok
22:32:19.0572 2932 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
22:32:19.0665 2932 DcomLaunch - ok
22:32:19.0697 2932 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
22:32:19.0775 2932 defragsvc - ok
22:32:19.0821 2932 DeviceManager - ok
22:32:19.0853 2932 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
22:32:19.0931 2932 DfsC - ok
22:32:19.0977 2932 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
22:32:20.0055 2932 Dhcp - ok
22:32:20.0087 2932 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
22:32:20.0165 2932 discache - ok
22:32:20.0211 2932 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
22:32:20.0243 2932 Disk - ok
22:32:20.0274 2932 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
22:32:20.0321 2932 Dnscache - ok
22:32:20.0367 2932 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
22:32:20.0461 2932 dot3svc - ok
22:32:20.0508 2932 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
22:32:20.0586 2932 DPS - ok
22:32:20.0633 2932 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
22:32:20.0664 2932 drmkaud - ok
22:32:20.0867 2932 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
22:32:20.0960 2932 DXGKrnl - ok
22:32:20.0991 2932 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
22:32:21.0069 2932 EapHost - ok
22:32:21.0179 2932 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
22:32:21.0335 2932 ebdrv - ok
22:32:21.0381 2932 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
22:32:21.0444 2932 EFS - ok
22:32:21.0491 2932 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe
22:32:21.0569 2932 ehRecvr - ok
22:32:21.0600 2932 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
22:32:21.0647 2932 ehSched - ok
22:32:21.0693 2932 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
22:32:21.0740 2932 elxstor - ok
22:32:21.0771 2932 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
22:32:21.0818 2932 ErrDev - ok
22:32:21.0943 2932 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
22:32:22.0052 2932 EventSystem - ok
22:32:22.0115 2932 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
22:32:22.0193 2932 exfat - ok
22:32:22.0239 2932 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
22:32:22.0317 2932 fastfat - ok
22:32:22.0380 2932 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
22:32:22.0458 2932 Fax - ok
22:32:22.0489 2932 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
22:32:22.0536 2932 fdc - ok
22:32:22.0551 2932 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
22:32:22.0629 2932 fdPHost - ok
22:32:22.0661 2932 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
22:32:22.0739 2932 FDResPub - ok
22:32:22.0754 2932 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
22:32:22.0785 2932 FileInfo - ok
22:32:22.0817 2932 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
22:32:22.0879 2932 Filetrace - ok
22:32:22.0895 2932 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
22:32:22.0941 2932 flpydisk - ok
22:32:22.0973 2932 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
22:32:23.0019 2932 FltMgr - ok
22:32:23.0066 2932 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
22:32:23.0160 2932 FontCache - ok
22:32:23.0222 2932 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:32:23.0238 2932 FontCache3.0.0.0 - ok
22:32:23.0269 2932 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
22:32:23.0300 2932 FsDepends - ok
22:32:23.0331 2932 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
22:32:23.0363 2932 Fs_Rec - ok
22:32:23.0409 2932 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
22:32:23.0456 2932 fvevol - ok
22:32:23.0487 2932 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
22:32:23.0519 2932 gagp30kx - ok
22:32:23.0581 2932 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
22:32:23.0675 2932 gpsvc - ok
22:32:23.0706 2932 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
22:32:23.0753 2932 hcw85cir - ok
22:32:23.0799 2932 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
22:32:23.0862 2932 HdAudAddService - ok
22:32:23.0893 2932 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
22:32:23.0955 2932 HDAudBus - ok
22:32:23.0971 2932 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
22:32:24.0018 2932 HidBatt - ok
22:32:24.0049 2932 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
22:32:24.0111 2932 HidBth - ok
22:32:24.0143 2932 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
22:32:24.0189 2932 HidIr - ok
22:32:24.0205 2932 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
22:32:24.0283 2932 hidserv - ok
22:32:24.0314 2932 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
22:32:24.0361 2932 HidUsb - ok
22:32:24.0408 2932 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
22:32:24.0486 2932 hkmsvc - ok
22:32:24.0533 2932 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
22:32:24.0595 2932 HomeGroupListener - ok
22:32:24.0657 2932 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
22:32:24.0720 2932 HomeGroupProvider - ok
22:32:24.0767 2932 [ 0141816A095A3F5A83FFA5B4A47B8023 ] HP Health Check Service C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
22:32:24.0798 2932 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
22:32:24.0798 2932 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
22:32:24.0813 2932 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
22:32:24.0876 2932 HpqKbFiltr - ok
22:32:24.0923 2932 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
22:32:24.0969 2932 hpqwmiex - ok
22:32:25.0001 2932 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
22:32:25.0032 2932 HpSAMD - ok
22:32:25.0094 2932 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
22:32:25.0188 2932 HTTP - ok
22:32:25.0250 2932 [ 1FC7A63148E4F2BD831DAB0DC732026D ] hwdatacard C:\windows\system32\DRIVERS\ewusbmdm.sys
22:32:25.0313 2932 hwdatacard - ok
22:32:25.0344 2932 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
22:32:25.0375 2932 hwpolicy - ok
22:32:25.0437 2932 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
22:32:25.0500 2932 i8042prt - ok
22:32:25.0515 2932 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
22:32:25.0578 2932 iaStorV - ok
22:32:25.0640 2932 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:32:25.0734 2932 idsvc - ok
22:32:25.0905 2932 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
22:32:26.0139 2932 igfx - ok
22:32:26.0217 2932 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
22:32:26.0249 2932 iirsp - ok
22:32:26.0311 2932 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
22:32:26.0420 2932 IKEEXT - ok
22:32:26.0451 2932 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
22:32:26.0483 2932 intelide - ok
22:32:26.0498 2932 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
22:32:26.0545 2932 intelppm - ok
22:32:26.0561 2932 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
22:32:26.0639 2932 IPBusEnum - ok
22:32:26.0670 2932 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
22:32:26.0748 2932 IpFilterDriver - ok
22:32:26.0795 2932 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll
22:32:26.0873 2932 iphlpsvc - ok
22:32:26.0904 2932 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
22:32:26.0951 2932 IPMIDRV - ok
22:32:27.0044 2932 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
22:32:27.0122 2932 IPNAT - ok
22:32:27.0153 2932 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
22:32:27.0200 2932 IRENUM - ok
22:32:27.0216 2932 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
22:32:27.0263 2932 isapnp - ok
22:32:27.0294 2932 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
22:32:27.0341 2932 iScsiPrt - ok
22:32:27.0372 2932 [ 119AB8740BACB9F1108F4DD02294569D ] jrdusbser C:\windows\system32\DRIVERS\jrdusbser.sys
22:32:27.0434 2932 jrdusbser - ok
22:32:27.0450 2932 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
22:32:27.0481 2932 kbdclass - ok
22:32:27.0512 2932 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
22:32:27.0559 2932 kbdhid - ok
22:32:27.0590 2932 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
22:32:27.0621 2932 KeyIso - ok
22:32:27.0684 2932 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
22:32:27.0715 2932 KSecDD - ok
22:32:27.0746 2932 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
22:32:27.0777 2932 KSecPkg - ok
22:32:27.0809 2932 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
22:32:27.0902 2932 KtmRm - ok
22:32:27.0949 2932 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\system32\srvsvc.dll
22:32:28.0043 2932 LanmanServer - ok
22:32:28.0074 2932 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
22:32:28.0136 2932 LanmanWorkstation - ok
22:32:28.0183 2932 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:32:28.0214 2932 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
22:32:28.0214 2932 LightScribeService - detected UnsignedFile.Multi.Generic (1)
22:32:28.0261 2932 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
22:32:28.0323 2932 lltdio - ok
22:32:28.0370 2932 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
22:32:28.0448 2932 lltdsvc - ok
22:32:28.0479 2932 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
22:32:28.0542 2932 lmhosts - ok
22:32:28.0573 2932 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
22:32:28.0604 2932 LSI_FC - ok
22:32:28.0635 2932 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
22:32:28.0667 2932 LSI_SAS - ok
22:32:28.0682 2932 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
22:32:28.0713 2932 LSI_SAS2 - ok
22:32:28.0745 2932 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
22:32:28.0776 2932 LSI_SCSI - ok
22:32:28.0791 2932 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
22:32:28.0885 2932 luafv - ok
22:32:28.0932 2932 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
22:32:28.0963 2932 MBAMProtector - ok
22:32:29.0010 2932 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:32:29.0057 2932 MBAMScheduler - ok
22:32:29.0103 2932 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:32:29.0166 2932 MBAMService - ok
22:32:29.0244 2932 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
22:32:29.0291 2932 McComponentHostService - ok
22:32:29.0337 2932 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
22:32:29.0369 2932 Mcx2Svc - ok
22:32:29.0400 2932 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
22:32:29.0431 2932 megasas - ok
22:32:29.0462 2932 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
22:32:29.0493 2932 MegaSR - ok
22:32:29.0540 2932 [ 64B96DE8C492BD435372D9130A535F1D ] MfeAVFK C:\windows\system32\drivers\MfeAVFK.sys
22:32:29.0571 2932 MfeAVFK - ok
22:32:29.0587 2932 [ 078E87A89D36CC3516F19D5FB518BDDC ] MfeBOPK C:\windows\system32\drivers\MfeBOPK.sys
22:32:29.0618 2932 MfeBOPK - ok
22:32:29.0681 2932 [ 168C565101FD5B9DB694EFDEC91FAFA9 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
22:32:29.0712 2932 mfehidk - ok
22:32:29.0727 2932 [ E0842F67DC9BC4D21D1E319610EBE9E5 ] MfeRKDK C:\windows\system32\drivers\MfeRKDK.sys
22:32:29.0759 2932 MfeRKDK - ok
22:32:29.0790 2932 [ 43A7ACBBD70ECD62F0B63486C72089A3 ] mfetdik C:\windows\system32\drivers\mfetdik.sys
22:32:29.0821 2932 mfetdik - ok
22:32:29.0852 2932 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
22:32:29.0930 2932 MMCSS - ok
22:32:29.0961 2932 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
22:32:30.0039 2932 Modem - ok
22:32:30.0071 2932 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
22:32:30.0117 2932 monitor - ok
22:32:30.0133 2932 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
22:32:30.0180 2932 mouclass - ok
22:32:30.0195 2932 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
22:32:30.0242 2932 mouhid - ok
22:32:30.0289 2932 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
22:32:30.0336 2932 mountmgr - ok
22:32:30.0383 2932 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:32:30.0414 2932 MozillaMaintenance - ok
22:32:30.0445 2932 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
22:32:30.0476 2932 mpio - ok
22:32:30.0523 2932 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
22:32:30.0601 2932 mpsdrv - ok
22:32:30.0648 2932 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
22:32:30.0757 2932 MpsSvc - ok
22:32:30.0788 2932 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
22:32:30.0851 2932 MRxDAV - ok
22:32:30.0882 2932 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
22:32:30.0929 2932 mrxsmb - ok
22:32:30.0960 2932 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
22:32:31.0007 2932 mrxsmb10 - ok
22:32:31.0038 2932 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
22:32:31.0100 2932 mrxsmb20 - ok
22:32:31.0178 2932 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
22:32:31.0225 2932 msahci - ok
22:32:31.0256 2932 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
22:32:31.0287 2932 msdsm - ok
22:32:31.0334 2932 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
22:32:31.0365 2932 MSDTC - ok
22:32:31.0412 2932 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
22:32:31.0475 2932 Msfs - ok
22:32:31.0506 2932 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
22:32:31.0568 2932 mshidkmdf - ok
22:32:31.0599 2932 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
22:32:31.0631 2932 msisadrv - ok
22:32:31.0662 2932 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
22:32:31.0740 2932 MSiSCSI - ok
22:32:31.0755 2932 msiserver - ok
22:32:31.0787 2932 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
22:32:31.0865 2932 MSKSSRV - ok
22:32:31.0896 2932 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
22:32:31.0958 2932 MSPCLOCK - ok
22:32:31.0989 2932 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
22:32:32.0052 2932 MSPQM - ok
22:32:32.0083 2932 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
22:32:32.0130 2932 MsRPC - ok
22:32:32.0177 2932 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
22:32:32.0208 2932 mssmbios - ok
22:32:32.0239 2932 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
22:32:32.0301 2932 MSTEE - ok
22:32:32.0317 2932 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
22:32:32.0348 2932 MTConfig - ok
22:32:32.0379 2932 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
22:32:32.0411 2932 Mup - ok
22:32:32.0457 2932 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
22:32:32.0535 2932 napagent - ok
22:32:32.0567 2932 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
22:32:32.0629 2932 NativeWifiP - ok
22:32:32.0691 2932 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
22:32:32.0754 2932 NDIS - ok
22:32:32.0785 2932 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
22:32:32.0847 2932 NdisCap - ok
22:32:32.0879 2932 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
22:32:32.0957 2932 NdisTapi - ok
22:32:33.0003 2932 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
22:32:33.0081 2932 Ndisuio - ok
22:32:33.0113 2932 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
22:32:33.0191 2932 NdisWan - ok
22:32:33.0222 2932 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
22:32:33.0300 2932 NDProxy - ok
22:32:33.0315 2932 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
22:32:33.0393 2932 NetBIOS - ok
22:32:33.0440 2932 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
22:32:33.0534 2932 NetBT - ok
22:32:33.0549 2932 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
22:32:33.0581 2932 Netlogon - ok
22:32:33.0627 2932 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
22:32:33.0721 2932 Netman - ok
22:32:33.0752 2932 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
22:32:33.0846 2932 netprofm - ok
22:32:33.0877 2932 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:32:33.0908 2932 NetTcpPortSharing - ok
22:32:33.0939 2932 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
22:32:33.0971 2932 nfrd960 - ok
22:32:34.0017 2932 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll
22:32:34.0080 2932 NlaSvc - ok
22:32:34.0095 2932 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
22:32:34.0173 2932 Npfs - ok
22:32:34.0173 2932 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
22:32:34.0251 2932 nsi - ok
22:32:34.0267 2932 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
22:32:34.0345 2932 nsiproxy - ok
22:32:34.0423 2932 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
22:32:34.0517 2932 Ntfs - ok
22:32:34.0532 2932 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
22:32:34.0595 2932 Null - ok
22:32:34.0626 2932 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
22:32:34.0657 2932 nvraid - ok
22:32:34.0688 2932 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
22:32:34.0735 2932 nvstor - ok
22:32:34.0751 2932 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
22:32:34.0797 2932 nv_agp - ok
22:32:34.0829 2932 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
22:32:34.0860 2932 ohci1394 - ok
22:32:34.0907 2932 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
22:32:34.0985 2932 p2pimsvc - ok
22:32:35.0016 2932 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
22:32:35.0094 2932 p2psvc - ok
22:32:35.0109 2932 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
22:32:35.0156 2932 Parport - ok
22:32:35.0203 2932 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
22:32:35.0234 2932 partmgr - ok
22:32:35.0250 2932 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
22:32:35.0297 2932 Parvdm - ok
22:32:35.0312 2932 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
22:32:35.0375 2932 PcaSvc - ok
22:32:35.0390 2932 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
22:32:35.0421 2932 pci - ok
22:32:35.0453 2932 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
22:32:35.0484 2932 pciide - ok
22:32:35.0515 2932 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
22:32:35.0546 2932 pcmcia - ok
22:32:35.0577 2932 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
22:32:35.0609 2932 pcw - ok
22:32:35.0640 2932 pdfcDispatcher - ok
22:32:35.0687 2932 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
22:32:35.0796 2932 PEAUTH - ok
22:32:35.0921 2932 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
22:32:36.0045 2932 pla - ok
22:32:36.0108 2932 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
22:32:36.0186 2932 PlugPlay - ok
22:32:36.0233 2932 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
22:32:36.0264 2932 PNRPAutoReg - ok
22:32:36.0295 2932 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
22:32:36.0342 2932 PNRPsvc - ok
22:32:36.0373 2932 [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32 C:\windows\system32\DRIVERS\point32.sys
22:32:36.0404 2932 Point32 - ok
22:32:36.0435 2932 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
22:32:36.0513 2932 PolicyAgent - ok
22:32:36.0560 2932 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
22:32:36.0638 2932 Power - ok
22:32:36.0654 2932 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
22:32:36.0732 2932 PptpMiniport - ok
22:32:36.0763 2932 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
22:32:36.0810 2932 Processor - ok
22:32:36.0841 2932 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
22:32:36.0903 2932 ProfSvc - ok
22:32:36.0919 2932 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
22:32:36.0950 2932 ProtectedStorage - ok
22:32:36.0997 2932 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
22:32:37.0075 2932 Psched - ok
22:32:37.0106 2932 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\windows\system32\DRIVERS\psi_mf.sys
22:32:37.0137 2932 PSI - ok
22:32:37.0184 2932 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys
22:32:37.0215 2932 PxHelp20 - ok
22:32:37.0356 2932 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
22:32:37.0449 2932 ql2300 - ok
22:32:37.0465 2932 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
22:32:37.0512 2932 ql40xx - ok
22:32:37.0543 2932 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
22:32:37.0605 2932 QWAVE - ok
22:32:37.0637 2932 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
22:32:37.0668 2932 QWAVEdrv - ok
22:32:37.0683 2932 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
22:32:37.0761 2932 RasAcd - ok
22:32:37.0793 2932 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
22:32:37.0855 2932 RasAgileVpn - ok
22:32:37.0886 2932 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
22:32:37.0964 2932 RasAuto - ok
22:32:37.0980 2932 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
22:32:38.0058 2932 Rasl2tp - ok
22:32:38.0105 2932 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
22:32:38.0198 2932 RasMan - ok
22:32:38.0214 2932 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
22:32:38.0307 2932 RasPppoe - ok
22:32:38.0339 2932 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
22:32:38.0417 2932 RasSstp - ok
22:32:38.0463 2932 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
22:32:38.0526 2932 rdbss - ok
22:32:38.0557 2932 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
22:32:38.0604 2932 rdpbus - ok
22:32:38.0651 2932 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
22:32:38.0729 2932 RDPCDD - ok
22:32:38.0760 2932 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
22:32:38.0838 2932 RDPENCDD - ok
22:32:38.0853 2932 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
22:32:38.0931 2932 RDPREFMP - ok
22:32:38.0963 2932 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
22:32:39.0025 2932 RDPWD - ok
22:32:39.0072 2932 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
22:32:39.0103 2932 rdyboost - ok
22:32:39.0134 2932 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
22:32:39.0212 2932 RemoteAccess - ok
22:32:39.0243 2932 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
22:32:39.0321 2932 RemoteRegistry - ok
22:32:39.0353 2932 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
22:32:39.0399 2932 RFCOMM - ok
22:32:39.0509 2932 [ 85F9924FB26D924C4A10DC620AE2C350 ] RoxMediaDB10 c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
22:32:39.0587 2932 RoxMediaDB10 - ok
22:32:39.0618 2932 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
22:32:39.0711 2932 RpcEptMapper - ok
22:32:39.0743 2932 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
22:32:39.0774 2932 RpcLocator - ok
22:32:39.0805 2932 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\system32\rpcss.dll
22:32:39.0883 2932 RpcSs - ok
22:32:39.0899 2932 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
22:32:39.0977 2932 rspndr - ok
22:32:39.0992 2932 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
22:32:40.0023 2932 SamSs - ok
22:32:40.0055 2932 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
22:32:40.0086 2932 sbp2port - ok
22:32:40.0164 2932 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
22:32:40.0242 2932 SBSDWSCService - ok
22:32:40.0273 2932 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
22:32:40.0351 2932 SCardSvr - ok
22:32:40.0398 2932 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
22:32:40.0476 2932 scfilter - ok
22:32:40.0538 2932 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
22:32:40.0632 2932 Schedule - ok
22:32:40.0663 2932 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
22:32:40.0725 2932 SCPolicySvc - ok
22:32:40.0772 2932 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
22:32:40.0819 2932 SDRSVC - ok
22:32:40.0850 2932 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
22:32:40.0913 2932 secdrv - ok
22:32:40.0944 2932 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
22:32:41.0022 2932 seclogon - ok
22:32:41.0084 2932 [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
22:32:41.0178 2932 Secunia PSI Agent - ok
22:32:41.0225 2932 [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
22:32:41.0287 2932 Secunia Update Agent - ok
22:32:41.0349 2932 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
22:32:41.0443 2932 SENS - ok
22:32:41.0474 2932 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
22:32:41.0537 2932 SensrSvc - ok
22:32:41.0552 2932 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
22:32:41.0599 2932 Serenum - ok
22:32:41.0615 2932 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
22:32:41.0677 2932 Serial - ok
22:32:41.0739 2932 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
22:32:41.0786 2932 sermouse - ok
22:32:41.0849 2932 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
22:32:41.0927 2932 SessionEnv - ok
22:32:41.0958 2932 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
22:32:42.0005 2932 sffdisk - ok
22:32:42.0020 2932 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
22:32:42.0067 2932 sffp_mmc - ok
22:32:42.0098 2932 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
22:32:42.0129 2932 sffp_sd - ok
22:32:42.0161 2932 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
22:32:42.0207 2932 sfloppy - ok
22:32:42.0254 2932 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
22:32:42.0348 2932 SharedAccess - ok
22:32:42.0457 2932 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:32:42.0535 2932 ShellHWDetection - ok
22:32:42.0566 2932 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
22:32:42.0597 2932 sisagp - ok
22:32:42.0613 2932 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
22:32:42.0660 2932 SiSRaid2 - ok
22:32:42.0675 2932 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
22:32:42.0722 2932 SiSRaid4 - ok
22:32:42.0753 2932 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
22:32:42.0831 2932 Smb - ok
22:32:42.0878 2932 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
22:32:42.0909 2932 SNMPTRAP - ok
22:32:43.0003 2932 [ D8ABA1293B82E7AF2F78B67CA46FCB3D ] SNP2UVC C:\windows\system32\DRIVERS\snp2uvc.sys
22:32:43.0128 2932 SNP2UVC - ok
22:32:43.0143 2932 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
22:32:43.0175 2932 spldr - ok
22:32:43.0237 2932 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
22:32:43.0299 2932 Spooler - ok
22:32:43.0424 2932 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
22:32:43.0596 2932 sppsvc - ok
22:32:43.0689 2932 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
22:32:43.0767 2932 sppuinotify - ok
22:32:43.0799 2932 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
22:32:43.0861 2932 srv - ok
22:32:43.0892 2932 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
22:32:43.0955 2932 srv2 - ok
22:32:43.0986 2932 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
22:32:44.0033 2932 srvnet - ok
22:32:44.0064 2932 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
22:32:44.0173 2932 SSDPSRV - ok
22:32:44.0235 2932 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\windows\system32\DRIVERS\ssmdrv.sys
22:32:44.0267 2932 ssmdrv - ok
22:32:44.0298 2932 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
22:32:44.0360 2932 SstpSvc - ok
22:32:44.0438 2932 [ 03F6CF42A1DB74290448CDE668578C87 ] STacSV C:\Program Files\IDT\WDM\STacSV.exe
22:32:44.0501 2932 STacSV - ok
22:32:44.0532 2932 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
22:32:44.0563 2932 stexstor - ok
22:32:44.0610 2932 [ 8A8246F40792956E957F3E8D0C188963 ] STHDA C:\windows\system32\DRIVERS\stwrt.sys
22:32:44.0672 2932 STHDA - ok
22:32:44.0735 2932 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
22:32:44.0813 2932 StiSvc - ok
22:32:44.0844 2932 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:32:44.0875 2932 stllssvr - ok
22:32:44.0906 2932 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
22:32:44.0937 2932 swenum - ok
22:32:44.0969 2932 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
22:32:45.0062 2932 swprv - ok
22:32:45.0093 2932 [ 1DE40024679CDE0E573465253519730E ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
22:32:45.0140 2932 SynTP - ok
22:32:45.0203 2932 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
22:32:45.0296 2932 SysMain - ok
22:32:45.0343 2932 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
22:32:45.0405 2932 TabletInputService - ok
22:32:45.0452 2932 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
22:32:45.0530 2932 TapiSrv - ok
22:32:45.0546 2932 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
22:32:45.0624 2932 TBS - ok
22:32:45.0717 2932 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\windows\system32\drivers\tcpip.sys
22:32:45.0827 2932 Tcpip - ok
22:32:45.0873 2932 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
22:32:45.0951 2932 TCPIP6 - ok
22:32:45.0998 2932 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
22:32:46.0045 2932 tcpipreg - ok
22:32:46.0092 2932 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
22:32:46.0139 2932 TDPIPE - ok
22:32:46.0185 2932 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
22:32:46.0217 2932 TDTCP - ok
22:32:46.0248 2932 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
22:32:46.0326 2932 tdx - ok
22:32:46.0357 2932 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
22:32:46.0388 2932 TermDD - ok
22:32:46.0482 2932 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
22:32:46.0607 2932 TermService - ok
22:32:46.0654 2932 [ A56EC942ECABFB7849BFA76060F929FB ] TfFsMon C:\windows\system32\drivers\TfFsMon.sys
22:32:46.0685 2932 TfFsMon - ok
22:32:46.0716 2932 [ 917EF522563F6047685486EFA486FB3C ] TfNetMon C:\windows\system32\drivers\TfNetMon.sys
22:32:46.0732 2932 TfNetMon - ok
22:32:46.0763 2932 [ 57EDBB5FE7FF09BB21121D13BB950BA5 ] TfSysMon C:\windows\system32\drivers\TfSysMon.sys
22:32:46.0794 2932 TfSysMon - ok
22:32:46.0810 2932 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
22:32:46.0856 2932 Themes - ok
22:32:46.0872 2932 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
22:32:46.0934 2932 THREADORDER - ok
22:32:46.0966 2932 ThreatFire - ok
22:32:47.0012 2932 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\windows\system32\drivers\tpm.sys
22:32:47.0059 2932 TPM - ok
22:32:47.0106 2932 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
22:32:47.0168 2932 TrkWks - ok
22:32:47.0231 2932 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
22:32:47.0293 2932 TrustedInstaller - ok
22:32:47.0340 2932 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
22:32:47.0402 2932 tssecsrv - ok
22:32:47.0449 2932 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
22:32:47.0590 2932 TsUsbFlt - ok
22:32:47.0636 2932 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
22:32:47.0714 2932 tunnel - ok
22:32:47.0730 2932 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
22:32:47.0761 2932 uagp35 - ok
22:32:47.0808 2932 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
22:32:47.0886 2932 udfs - ok
22:32:47.0917 2932 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
22:32:47.0980 2932 UI0Detect - ok
22:32:48.0011 2932 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
22:32:48.0042 2932 uliagpkx - ok
22:32:48.0073 2932 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\drivers\umbus.sys
22:32:48.0104 2932 umbus - ok
22:32:48.0136 2932 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
22:32:48.0182 2932 UmPass - ok
22:32:48.0198 2932 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
22:32:48.0292 2932 upnphost - ok
22:32:48.0323 2932 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
22:32:48.0370 2932 usbccgp - ok
22:32:48.0401 2932 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
22:32:48.0448 2932 usbcir - ok
22:32:48.0479 2932 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
22:32:48.0510 2932 usbehci - ok
22:32:48.0541 2932 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
22:32:48.0588 2932 usbhub - ok
22:32:48.0604 2932 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
22:32:48.0650 2932 usbohci - ok
22:32:48.0666 2932 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
22:32:48.0697 2932 usbprint - ok
22:32:48.0728 2932 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
22:32:48.0775 2932 USBSTOR - ok
22:32:48.0791 2932 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
22:32:48.0822 2932 usbuhci - ok
22:32:48.0884 2932 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
22:32:48.0931 2932 usbvideo - ok
22:32:48.0947 2932 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
22:32:49.0009 2932 UxSms - ok
22:32:49.0025 2932 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
22:32:49.0056 2932 VaultSvc - ok
22:32:49.0087 2932 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
22:32:49.0118 2932 vdrvroot - ok
22:32:49.0181 2932 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
22:32:49.0259 2932 vds - ok
22:32:49.0290 2932 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
22:32:49.0337 2932 vga - ok
22:32:49.0352 2932 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
22:32:49.0415 2932 VgaSave - ok
22:32:49.0446 2932 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
22:32:49.0477 2932 vhdmp - ok
22:32:49.0508 2932 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
22:32:49.0555 2932 viaagp - ok
22:32:49.0571 2932 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
22:32:49.0618 2932 ViaC7 - ok
22:32:49.0649 2932 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
22:32:49.0680 2932 viaide - ok
22:32:49.0696 2932 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
22:32:49.0727 2932 volmgr - ok
22:32:49.0758 2932 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
22:32:49.0805 2932 volmgrx - ok
22:32:49.0820 2932 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
22:32:49.0867 2932 volsnap - ok
22:32:49.0898 2932 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
22:32:49.0930 2932 vsmraid - ok
22:32:50.0008 2932 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
22:32:50.0117 2932 VSS - ok
22:32:50.0132 2932 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
22:32:50.0164 2932 vwifibus - ok
22:32:50.0195 2932 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
22:32:50.0257 2932 vwififlt - ok
22:32:50.0304 2932 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
22:32:50.0398 2932 W32Time - ok
22:32:50.0413 2932 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
22:32:50.0460 2932 WacomPen - ok
22:32:50.0491 2932 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
22:32:50.0569 2932 WANARP - ok
22:32:50.0585 2932 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
22:32:50.0647 2932 Wanarpv6 - ok
22:32:50.0710 2932 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
22:32:50.0819 2932 WatAdminSvc - ok
22:32:50.0881 2932 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
22:32:51.0006 2932 wbengine - ok
22:32:51.0022 2932 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
22:32:51.0084 2932 WbioSrvc - ok
22:32:51.0131 2932 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
22:32:51.0193 2932 wcncsvc - ok
22:32:51.0209 2932 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
22:32:51.0271 2932 WcsPlugInService - ok
22:32:51.0302 2932 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
22:32:51.0334 2932 Wd - ok
22:32:51.0396 2932 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
22:32:51.0458 2932 Wdf01000 - ok
22:32:51.0490 2932 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
22:32:51.0552 2932 WdiServiceHost - ok
22:32:51.0568 2932 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
22:32:51.0614 2932 WdiSystemHost - ok
22:32:51.0724 2932 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
22:32:51.0802 2932 WebClient - ok
22:32:51.0833 2932 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
22:32:51.0911 2932 Wecsvc - ok
22:32:51.0942 2932 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
22:32:52.0004 2932 wercplsupport - ok
22:32:52.0051 2932 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
22:32:52.0114 2932 WerSvc - ok
22:32:52.0145 2932 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
22:32:52.0207 2932 WfpLwf - ok
22:32:52.0223 2932 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
22:32:52.0254 2932 WIMMount - ok
22:32:52.0316 2932 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:32:52.0394 2932 WinDefend - ok
22:32:52.0410 2932 WinHttpAutoProxySvc - ok
22:32:52.0472 2932 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
22:32:52.0535 2932 Winmgmt - ok
22:32:52.0582 2932 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
22:32:52.0738 2932 WinRM - ok
22:32:52.0784 2932 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
22:32:52.0847 2932 WinUsb - ok
22:32:52.0894 2932 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
22:32:52.0987 2932 Wlansvc - ok
22:32:53.0018 2932 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
22:32:53.0065 2932 WmiAcpi - ok
22:32:53.0096 2932 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
22:32:53.0143 2932 wmiApSrv - ok
22:32:53.0190 2932 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:32:53.0268 2932 WMPNetworkSvc - ok
22:32:53.0299 2932 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
22:32:53.0362 2932 WPCSvc - ok
22:32:53.0393 2932 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
22:32:53.0471 2932 WPDBusEnum - ok
22:32:53.0502 2932 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
22:32:53.0580 2932 ws2ifsl - ok
22:32:53.0611 2932 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\System32\wscsvc.dll
22:32:53.0658 2932 wscsvc - ok
22:32:53.0674 2932 WSearch - ok
22:32:53.0767 2932 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
22:32:53.0908 2932 wuauserv - ok
22:32:53.0954 2932 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
22:32:54.0001 2932 WudfPf - ok
22:32:54.0032 2932 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
22:32:54.0079 2932 WUDFRd - ok
22:32:54.0126 2932 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\windows\System32\WUDFSvc.dll
22:32:54.0157 2932 wudfsvc - ok
22:32:54.0204 2932 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
22:32:54.0251 2932 WwanSvc - ok
22:32:54.0313 2932 [ 3EB1576F77B60A6C79DD7742B67219B8 ] yukonw7 C:\windows\system32\DRIVERS\yk62x86.sys
22:32:54.0391 2932 yukonw7 - ok
22:32:54.0422 2932 ================ Scan global ===============================
22:32:54.0469 2932 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
22:32:54.0500 2932 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\windows\system32\winsrv.dll
22:32:54.0532 2932 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\windows\system32\winsrv.dll
22:32:54.0563 2932 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
22:32:54.0610 2932 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
22:32:54.0625 2932 [Global] - ok
22:32:54.0625 2932 ================ Scan MBR ==================================
22:32:54.0641 2932 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:32:54.0984 2932 \Device\Harddisk0\DR0 - ok
22:32:54.0984 2932 ================ Scan VBR ==================================
22:32:55.0000 2932 [ A4EC0105ED2AA4AAFA4D206B7354F157 ] \Device\Harddisk0\DR0\Partition1
22:32:55.0000 2932 \Device\Harddisk0\DR0\Partition1 - ok
22:32:55.0031 2932 [ 125FA117B955AE88EEA33B290475173C ] \Device\Harddisk0\DR0\Partition2
22:32:55.0031 2932 \Device\Harddisk0\DR0\Partition2 - ok
22:32:55.0062 2932 [ 9DBDF60F7FF1F04B2ADF4C088DB393B0 ] \Device\Harddisk0\DR0\Partition3
22:32:55.0062 2932 \Device\Harddisk0\DR0\Partition3 - ok
22:32:55.0093 2932 [ A9F6ED8C7D188924296D722907BF9EF6 ] \Device\Harddisk0\DR0\Partition4
22:32:55.0093 2932 \Device\Harddisk0\DR0\Partition4 - ok
22:32:55.0093 2932 ============================================================
22:32:55.0093 2932 Scan finished
22:32:55.0093 2932 ============================================================
22:32:55.0124 3504 Detected object count: 3
22:32:55.0124 3504 Actual detected object count: 3
22:34:10.0393 3504 Application Updater ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:10.0409 3504 Application Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:10.0409 3504 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:10.0409 3504 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:10.0409 3504 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:10.0409 3504 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg · 04.01.2013, 15:35

hi
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

maddin0815 · 04.01.2013, 22:51

Erledigt. Es wurde angekündigt, dass der Scan 10 Minuten dauern soll. Bei stark infizierten Systemen auch doppelt so lange. Ich hoffe, das muss man nciht so genau nehmen, am Ende waren es nämlich 23 Minuten mit diesem Ergebnis:

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-01-04.03 - dresden 04.01.2013  22:05:09.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1789.898 [GMT 1:00]
ausgeführt von:: c:\users\dresden\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-04 bis 2013-01-04  ))))))))))))))))))))))))))))))
.
.
2013-01-04 21:25 . 2013-01-04 21:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-31 20:04 . 2012-12-31 20:04	--------	d-----w-	c:\users\dresden\AppData\Local\Secunia PSI
2012-12-31 20:04 . 2012-12-31 20:04	--------	d-----w-	c:\program files\Secunia
2012-12-30 20:57 . 2012-12-30 20:57	--------	d-----w-	c:\users\dresden\AppData\Roaming\Malwarebytes
2012-12-30 20:56 . 2012-12-30 20:56	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-30 20:56 . 2012-12-30 20:56	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-12-30 20:56 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-30 20:56 . 2012-12-30 20:56	--------	d-----w-	c:\users\dresden\AppData\Local\Programs
2012-12-30 20:53 . 2012-12-30 20:53	--------	d-----w-	c:\program files\Common Files\Java
2012-12-30 20:53 . 2012-12-30 20:52	93640	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-12-30 20:52 . 2012-12-30 20:52	--------	d-----w-	c:\program files\Java
2012-12-20 23:27 . 2012-12-16 14:13	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-20 23:27 . 2012-12-16 14:13	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-14 12:22 . 2012-12-14 12:22	--------	d-----w-	c:\program files\MSECache
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-30 20:52 . 2012-05-15 09:08	859072	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-12-30 20:52 . 2011-09-07 19:25	779704	----a-w-	c:\windows\system32\deployJava1.dll
2012-12-12 19:02 . 2012-04-19 05:15	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-12 19:02 . 2011-09-10 19:39	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 04:45 . 2012-10-28 13:50	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-12 04:45 . 2012-10-28 13:50	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-11-15 05:56 . 2012-10-28 13:50	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-07 15:35 . 2011-11-14 21:26	18848	----a-w-	c:\windows\help\OEM\Scripts\PSGRedirector.exe
2012-10-16 07:39 . 2012-11-27 20:00	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-12 05:56 . 2012-10-28 10:45	6918632	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{05733FEE-2C54-4080-A6F1-A79459130BE3}\mpengine.dll
2012-10-09 17:40 . 2012-11-16 05:04	44032	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 05:04	193536	----a-w-	c:\windows\system32\dhcpcore6.dll
2010-05-01 10:29 . 2010-05-02 13:53	18499623	----a-w-	c:\program files\vlc-1.0.5-win32.exe
2012-12-06 20:03 . 2012-12-06 20:03	262112	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-10-19 1521872]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PCSpeedUp"="c:\program files\PC Beschleunigen\PCSpeedUp.lnk" [2011-10-26 2389]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2011-02-22 378128]
"ModemListener"="c:\program files\VIVACOM 3G USB MODEM\ModemListener.exe" [2010-01-27 98304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-11-23 495708]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-10-19 1573584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-12 384800]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-11-28 1123720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\dresden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-11-26 573024]
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2012\mshaktuell.exe [2012-3-18 1370224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 DeviceManager;DeviceManager;c:\program files\Common Files\DeviceHelper\DeviceManager.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 jrdusbser;Modem Interface Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [x]
S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 19:02]
.
2012-12-30 c:\windows\Tasks\HPCeeScheduleFordresden.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-10 21:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=92&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = <local>
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 87.216.1.65 87.216.1.66
FF - ProfilePath - c:\users\dresden\AppData\Roaming\Mozilla\Firefox\Profiles\igsu23t0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=6af91b7c-5c1f-449e-af67-2bb6579cbf9f&apn_ptnrs=%5EAGS&apn_sauid=872D8AF2-6F00-4D58-9138-4FF6B8027B58&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF - prefs.js: network.proxy.http - 188.93.20.179
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'lsass.exe'(516)
c:\program files\ThreatFire\TFWAH.dll
.
- - - - - - - > 'Explorer.exe'(5496)
c:\program files\ThreatFire\TfWah.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\imapi2.dll
c:\windows\System32\hgcpl.dll
c:\windows\System32\provsvc.dll
.
Zeit der Fertigstellung: 2013-01-04  22:34:45
ComboFix-quarantined-files.txt  2013-01-04 21:34
.
Vor Suchlauf: 7 Verzeichnis(se), 76.762.345.472 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 76.612.276.224 Bytes frei
.
- - End Of File - - B344CE8CDEAF727376D87EEFD2ADB96F

--- --- ---

markusg · 05.01.2013, 15:49

Hi
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

maddin0815 · 06.01.2013, 18:04

Hallo,

wir sind wieder daheim :-/ Zunächst bitte ich um kurze Antwort auf folgende Frage:

Nach dem Einschalten des Laptops kommen zwei Warnungen von Threadfire:

C:\\WINDOWS\SYSTEM32\WERMGR.EXE Dieses Programm versucht, auf verdächtige oder unerwartete Weise eine Verbindung mit dem Internet aufzunehmen.

Sowie ...java\jre7\bin\javaw.exe und dieselbe Meldung.

Ich gehe davon aus, dass beides normale Suchen nach Updates oder so sind, oder liege ich da falsch? Ich habe sie bis jetzt immer beendet, um Risiken auszuschließen. Kann ich sie beim nächsten Mal zulassen?

Hier die Liste, die meisten Programme kenne ich allerdings leider nicht:

Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.12.2012 6,00MB 11.5.502.135 - notwendig
ATI Catalyst Install Manager ATI Technologies, Inc. 02.05.2010 13,8MB 3.0.732.0 - unbekannt
Avira Free Antivirus Avira 12.12.2012 122MB 13.0.0.2890 - notwendig
Avira SearchFree Toolbar plus Web Protection Ask.com 28.10.2012 10,2MB 1.15.10.0 - unbekannt
Avira SearchFree Toolbar plus Web Protection Updater Ask.com 28.10.2012 1.4.1.29781 - unbekannt
Biet-O-Matic v2.14.8 BOM Development Team 25.01.2012 6,83MB 2.14.8 - notwendig
Broadcom 802.11 Wireless LAN Adapter Broadcom Corporation 02.05.2010 5.30.21.0 - notwendig
CCleaner Piriform 19.12.2012 3.26 - unbekannt
Compatibility Pack for the 2007 Office system Microsoft Corporation 15.12.2012 107MB 12.0.6612.1000 - unbekannt
CPQ Wallpaper Hewlett-Packard 10.09.2009 9,60MB 1.0.1.1 - unbekannt
Discountsurfer v4.00.401 teltarif.de 07.09.2011 - notwendig
Driver Detective PC Drivers HeadQuarters 08.09.2011 3,95MB 7.0.0 - unbekannt
HP Advisor Hewlett-Packard 10.09.2009 47,6MB 3.2.8946.3086 - unbekannt
HP Common Access Service Library Hewlett-Packard 10.09.2009 0,99MB 3.0.28.1 - unbekannt
HP Customer Experience Enhancements Hewlett-Packard 10.09.2009 5.7.0.3036 - unbekannt
HP ESU for Microsoft Windows 7 Hewlett-Packard 10.09.2009 213KB 1.0.1.1 - unbekannt
HP Integrated Module with Bluetooth wireless technology Broadcom Corporation 02.05.2010 88,3MB 6.2.0.9602 - unbekannt
HP Quick Launch Buttons Hewlett-Packard Company 15.04.2012 6.50.17.1 - unbekannt
HP Setup Hewlett-Packard 10.09.2009 1.2.3215.3078 - unbekannt
HP Software Setup Hewlett-Packard 10.09.2009 1,22MB 1.0.0.15 - unbekannt
HP Support Assistant Hewlett-Packard 10.09.2009 24,2MB 4.1.11.3 - unbekannt
HP User Guides 0133 Hewlett-Packard 10.09.2009 429MB 1.02.0001 - unbekannt
HP Webcam Roxio 23.11.2011 8,78MB 1.0.25.0 - unbekannt
HP Webcam Driver Sonix 02.05.2010 5.8.50008.0 - unbekannt
HP Wireless Assistant Hewlett-Packard 10.09.2009 3,78MB 3.50.9.1 - unbekannt
IDT Audio IDT 23.11.2011 1.0.6300.0 - unbekannt
IrfanView (remove only) Irfan Skiljan 31.12.2012 2,00MB 4.35 - notwendig
Java 7 Update 10 Oracle 30.12.2012 128MB 7.0.100 - notwendig
JavaFX 2.1.0 Oracle Corporation 15.05.2012 20,8MB 2.1.0 - unbekannt
LightScribe System Software LightScribe 10.09.2009 22,5MB 1.18.6.1 - unbekannt
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 30.12.2012 18,4MB 1.70.0.1100 - notwendig
Marvell Miniport Driver Marvell 02.05.2010 10.70.5.3 - unbekannt
McAfee Security Scan Plus McAfee, Inc. 22.11.2012 10,2MB 3.0.285.6 - unnötig?
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.10.2011 38,8MB 4.0.30319 - unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.10.2011 2,93MB 4.0.30319 - unbekannt
Microsoft IntelliPoint 8.2 Microsoft Corporation 08.09.2011 8.20.468.0 - unbekannt
Microsoft Office Live Add-in 1.5 Microsoft Corporation 21.04.2012 508KB 2.0.4024.1 - unbekannt
Microsoft Office XP Small Business Microsoft Corporation 05.10.2011 263MB 10.0.6626.0 - notwendig
Microsoft Silverlight Microsoft Corporation 11.05.2012 80,3MB 4.1.10329.0 - unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 252KB 8.0.50727.4053 - unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 08.09.2011 300KB 8.0.61001 - unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 07.09.2011 596KB 9.0.30729.4148 - unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 08.09.2011 600KB 9.0.30729.6161 - unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 21.10.2011 12,2MB 10.0.40219 - unbekannt
Mozilla Firefox 17.0.1 (x86 de) Mozilla 07.12.2012 41,5MB 17.0.1 - notwendig
Mozilla Maintenance Service Mozilla 07.12.2012 329KB 17.0.1 - unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 08.09.2011 37,0KB 4.20.9870.0 - unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 08.09.2011 1,33MB 4.20.9876.0 - unbekannt
OpenOffice.org 3.3 OpenOffice.org 07.09.2011 412MB 3.3.9567 - notwendig
PDF Complete Special Edition PDF Complete, Inc 02.05.2010 3.5.108 - unbekannt
PDFCreator Frank Heindörfer, Philip Chinery 26.10.2011 1.2.3 - notwendig
pdfforge Toolbar v6.6 Spigot, Inc. 04.12.2012 20,3MB 6.6 - unnötig
Roxio Creator Business Roxio 02.05.2010 1,62GB 10.3 - unbekannt
Secunia PSI (3.0.0.6001) Secunia 31.12.2012 5,76MB 3.0.0.6001 - notwendig
Spybot - Search & Destroy Safer Networking Limited 16.09.2011 1.6.2 - notwendig
Surf & E-Mail-Stick Huawei Technologies Co.,Ltd 20.07.2012 16.001.06.02.35 - notwendig
Synaptics Pointing Device Driver Synaptics Incorporated 02.05.2010 13.2.6.2 - unbekannt
ThreatFire PC Tools 16.09.2011 - notwendig
VIVACOM 3G USB MODEM Alcatel 18.09.2011 - unnötig
Windows 7 Default Setting Hewlett-Packard 10.09.2009 234KB 1.0.0.6 - unbekannt
Windows Live Anmelde-Assistent Microsoft Corporation 08.09.2011 1,93MB 5.000.818.6 - unbekannt
Windows Live Essentials Microsoft Corporation 02.05.2010 14.0.8050.1202 - unbekannt
Windows Live-Uploadtool Microsoft Corporation 02.05.2010 224KB 14.0.8014.1029 - unbekannt
WISO Steuer 2012 Buhl Data Service GmbH 18.03.2012 19.00.7303 - notwendig

markusg · 06.01.2013, 19:22

Die Meldungen sind ungefährlich, kannst du zulassen

deinstaliere:
Avira SearchFree : beide
CPQ
Driver Detective
LightScribe
PDF Complete
pdfforge
Spybot : nicht sonderlich hilfreich, verzichte drauf, behalte Malwarebytes, scanne damit von Zeit zu Zeit nach update.
ThreatFire : würde ich auch drauf verzichten, wird schon länger nicht mehr mit neuen Regeln versorgt, und kann daher nicht vor neuer Malware schützen. (rootkits) insbesondere.
VIVACOM
Windows Live : alle für dich unnötigen.

Öffne CCleaner, analysieren, starten PC neustarten.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste
mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

maddin0815 · 09.01.2013, 23:24

Hat etwas gedauert, aber unten die Datei. Meine Freundin hat sich dran versucht, allerdings nicht auf den Desktop geladen, sondern aus diesem Downloadfenster von Firefox. Ist das ein Problem? Ggf. kann ich das auch noch mal machen.

# AdwCleaner v2.105 - Datei am 09/01/2013 um 22:53:04 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : dresden - ALMUT
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\dresden\Downloads\adwcleaner.exe
# Option [Suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\dresden\AppData\Roaming\Mozilla\Firefox\Profiles\igsu23t0.default\searchplugins\Askcom.xml
Ordner Gefunden : C:\Users\dresden\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\dresden\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\dresden\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\dresden\AppData\Roaming\Mozilla\Firefox\Profiles\igsu23t0.default\prefs.js

Gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Gefunden : user_pref("browser.search.defaultenginename", "Ask.com");
Gefunden : user_pref("browser.search.order.1", "Ask.com");
Gefunden : user_pref("browser.startup.homepage", "hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\dresden\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2019 octets] - [09/01/2013 22:53:04]

########## EOF - C:\AdwCleaner[R1].txt - [2079 octets] ##########

markusg · 10.01.2013, 00:26

dann jetzt bitte runterladen.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe
alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein
Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den
Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)