Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: security essentials meldet Maleware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 08.07.2013, 12:08   #1
King pin
 
security essentials meldet Maleware - Standard

security essentials meldet Maleware



Hallo Forumuser,

Ich hatte heut vom security essentials vermutlich nur eine Fehlmeldung. Möchte dennoch auf Nummer Sicher gehen und euch um Hilfe bitten.

Die Fehlermeldung kam aus dem Ordner C:\Program Files (x86)\LyricsWoofer
Ich habe keine Ahnung was das für ein Ordner ist und wofür der gut ist.
Es könnte sein das dies zum CAD Programm vectorworks gehört bin mir aber nicht sicher.

Anbei die geforderten Log fils aus eurem Hilfsthread:

Zitat:
OLE Log
Code:
ATTFilter
OTL logfile created on: 08.07.2013 12:58:07 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XXXXXXX\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 3,41 Gb Available Physical Memory | 57,07% Memory free
11,96 Gb Paging File | 9,29 Gb Available in Paging File | 77,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,66 Gb Total Space | 337,30 Gb Free Space | 74,85% Space Free | Partition Type: NTFS
 
Computer Name: ANNEGRET-PC | User Name: Annegret | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.08 10:40:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXXXXXX\Desktop\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010.12.09 07:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.10.06 06:08:48 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 06:08:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.10.28 04:38:16 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.06.11 21:08:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.03.26 20:20:56 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.12.09 07:27:50 | 000,311,376 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.10.29 20:22:12 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.10.08 03:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.10.06 06:08:48 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.06 06:08:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.12 16:53:47 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.02.12 16:53:47 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.28 05:11:46 | 007,877,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.10.28 04:03:40 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.08 03:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.09.30 07:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.09.30 07:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.09.27 09:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.09.14 04:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.07.20 11:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.05.11 12:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.05 23:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3209409606-3173325914-3703126598-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-3209409606-3173325914-3703126598-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKU\S-1-5-21-3209409606-3173325914-3703126598-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3209409606-3173325914-3703126598-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: langpack-de%40firefox.mozilla.org:18.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.11 16:58:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.01 07:55:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.05 20:47:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.08 09:40:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 18.0.1\extensions\\Components: C:\Program Files\\Waterfox\components [2013.07.08 09:53:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Waterfox 18.0.1\extensions\\Plugins: C:\Program Files\\Waterfox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.11 16:58:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lwoofer@lyricswoofer.co: C:\Program Files (x86)\LyricsWoofer\116.xpi
 
[2013.07.08 05:41:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXXX\AppData\Roaming\mozilla\Extensions
[2013.07.08 09:59:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\02u9231j.default\extensions
[2013.07.08 06:22:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\s18df7te.default\extensions
[2013.07.08 09:56:23 | 000,300,446 | ---- | M] () (No name found) -- C:\Users\XXXXXXX\AppData\Roaming\mozilla\firefox\profiles\02u9231j.default\extensions\langpack-de@firefox.mozilla.org.xpi
[2013.07.08 09:59:46 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\XXXXXXX\AppData\Roaming\mozilla\firefox\profiles\02u9231j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.07.08 06:17:25 | 000,300,446 | ---- | M] () (No name found) -- C:\Users\XXXXXXX\AppData\Roaming\mozilla\firefox\profiles\s18df7te.default\extensions\langpack-de@firefox.mozilla.org.xpi
[2013.07.08 06:22:06 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\XXXXXXX\AppData\Roaming\mozilla\firefox\profiles\s18df7te.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.07.05 20:47:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.05 20:47:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.17 21:57:30 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (LyricsWoofer) - {73F8F433-14C8-48AA-8412-54BC6F8D3FA3} - C:\Program Files (x86)\LyricsWoofer\116.dll (Lyrics Woofer LTD)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3209409606-3173325914-3703126598-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5B69A84-AB52-4A15-B29E-FDA71F5106C3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D93B8F14-7F94-442C-B8B0-BC451B2668DA}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{031f7543-1a82-11e2-8241-ec55f98b85f2}\Shell - "" = AutoRun
O33 - MountPoints2\{031f7543-1a82-11e2-8241-ec55f98b85f2}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b866c25d-874a-11e2-b7a8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b866c25d-874a-11e2-b7a8-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\index.html
O33 - MountPoints2\{f605926b-95be-11e0-aba6-ec55f98b85f2}\Shell - "" = AutoRun
O33 - MountPoints2\{f605926b-95be-11e0-aba6-ec55f98b85f2}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.08 10:40:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XXXXXXX\Desktop\OTL.exe
[2013.07.08 05:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\Waterfox
[2013.07.08 05:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox
[2013.07.08 05:35:19 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXX\AppData\Roaming\Waterfox Limited
[2013.07.08 04:22:14 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXX\AppData\Local\Programs
[2013.07.08 03:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2013.07.08 03:54:32 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXX\AppData\Roaming\Bitdefender
[2013.07.08 03:52:28 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXX\AppData\Roaming\QuickScan
[2013.07.08 03:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2013.07.08 03:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013.07.08 03:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2013.07.08 03:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2013.07.04 20:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.07.04 20:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.07.04 20:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.07.04 20:27:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013.07.04 20:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013.07.04 17:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.07.02 16:11:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsWoofer
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.08 12:08:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.08 11:29:10 | 000,000,000 | ---- | M] () -- C:\Users\XXXXXXX\defogger_reenable
[2013.07.08 11:28:31 | 000,050,477 | ---- | M] () -- C:\Users\XXXXXXX\Desktop\Defogger.exe
[2013.07.08 11:19:02 | 000,377,856 | ---- | M] () -- C:\Users\XXXXXXX\Desktop\gmer_2.1.19163.exe
[2013.07.08 10:40:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXXXXXX\Desktop\OTL.exe
[2013.07.08 09:53:47 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2013.07.08 09:50:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.08 09:50:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.08 09:49:54 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.07.08 09:47:48 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.08 09:47:48 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.08 09:47:48 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.08 09:47:48 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.08 09:47:48 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.08 09:42:36 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\LyricsWoofer Update.job
[2013.07.08 09:41:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.08 09:41:19 | 522,604,543 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.08 04:09:11 | 000,597,242 | ---- | M] () -- C:\ProgramData\1373248220.bdinstall.bin
[2013.07.08 03:59:47 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2013.07.08 03:59:47 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2013.07.08 03:59:47 | 000,000,684 | -H-- | M] () -- C:\bdr-cf01
[2013.07.07 13:21:28 | 000,000,287 | ---- | M] () -- C:\Users\XXXXXXX\AppData\Local\VersionChecker_16.xml
[2013.07.04 20:57:13 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.06.27 11:42:50 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.27 11:42:50 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
 
========== Files Created - No Company Name ==========
 
[2013.07.08 11:29:10 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXXX\defogger_reenable
[2013.07.08 11:28:30 | 000,050,477 | ---- | C] () -- C:\Users\XXXXXXX\Desktop\Defogger.exe
[2013.07.08 11:19:01 | 000,377,856 | ---- | C] () -- C:\Users\XXXXXXX\Desktop\gmer_2.1.19163.exe
[2013.07.08 09:53:47 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Waterfox.lnk
[2013.07.08 04:09:11 | 000,597,242 | ---- | C] () -- C:\ProgramData\1373248220.bdinstall.bin
[2013.07.08 03:59:47 | 000,000,684 | -H-- | C] () -- C:\bdr-cf01
[2013.07.08 03:54:29 | 002,510,608 | -H-- | C] () -- C:\bdr-bz01
[2013.07.08 03:54:29 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2013.07.08 03:54:28 | 037,133,532 | -H-- | C] () -- C:\bdr-im01.gz
[2013.07.08 03:54:28 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2013.07.04 20:57:13 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013.07.04 20:27:38 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013.07.02 16:11:47 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\LyricsWoofer Update.job
[2013.06.27 11:42:50 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.06.27 11:42:50 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.29 16:57:20 | 000,010,866 | ---- | C] () -- C:\Users\XXXXXXX\muffe.JPG
[2012.05.01 21:59:08 | 000,004,608 | ---- | C] () -- C:\Users\XXXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.21 16:41:34 | 000,145,836 | ---- | C] () -- C:\Users\XXXXXXX\Niedziela Heidi Bewerbung als kaufmännische Mitarbeiterin.pdf
[2012.01.07 14:01:15 | 000,000,126 | ---- | C] () -- C:\Windows\SHISETUP.SYS
[2011.12.14 13:16:08 | 000,182,912 | ---- | C] () -- C:\Windows\hpoins38.dat
[2011.12.14 13:16:08 | 000,000,548 | ---- | C] () -- C:\Windows\hpomdl38.dat
[2011.09.11 14:24:23 | 000,000,287 | ---- | C] () -- C:\Users\XXXXXXX\AppData\Local\VersionChecker_16.xml
[2011.09.07 02:52:31 | 000,000,701 | ---- | C] () -- C:\Users\XXXXXXX\XXXXXXX - Verknüpfung.lnk
[2011.08.23 19:59:19 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.08.06 17:12:35 | 000,000,359 | ---- | C] () -- C:\Users\XXXXXXX\AppData\Roaming\Gangsters2Setup.lnk
[2011.06.18 22:47:31 | 000,015,389 | ---- | C] () -- C:\Users\XXXXXXX\Ummeldung in die Ambulante Pflege.odt
[2011.06.18 20:44:31 | 000,014,109 | ---- | C] () -- C:\Users\XXXXXXX\Freistellung nach PflegeZG.odt
[2011.06.11 16:49:09 | 000,002,586 | ---- | C] () -- C:\Users\XXXXXXX\animierte-auto-bilder-110.gif
[2010.12.10 21:09:56 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.07.08 03:54:32 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\Bitdefender
[2012.04.16 14:13:38 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\Canneverbe Limited
[2013.03.07 13:43:35 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\DesktopIconForAmazon
[2011.11.06 19:54:11 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\DVDVideoSoft
[2011.08.05 17:07:37 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.04 10:28:39 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\eu.computerworks.vectorworks.2011.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1
[2013.04.29 22:18:07 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\ICQ
[2013.07.08 09:40:13 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\IrfanView
[2013.05.28 14:26:53 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\Kalypso Media
[2012.09.08 18:28:35 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\Lexware
[2012.02.04 10:33:36 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\MAXON
[2011.09.11 14:23:20 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\Nemetschek
[2011.09.27 20:31:58 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\OCS
[2011.06.11 17:03:11 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\OpenOffice.org
[2011.09.27 20:32:01 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\Opera
[2013.07.08 03:52:28 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\QuickScan
[2012.05.17 20:29:46 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\runic games
[2013.03.22 18:27:04 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\SQL Anywhere 12
[2013.07.08 05:35:19 | 000,000,000 | ---D | M] -- C:\Users\XXXXXXX\AppData\Roaming\Waterfox Limited
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728

< End of report >
[/color]
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728

< End of report >
         

Alt 08.07.2013, 12:10   #2
markusg
/// Malware-holic
 
security essentials meldet Maleware - Standard

security essentials meldet Maleware



Hi, und die Meldung sollen wir erraen? poste sie bitte mal
__________________

__________________

Alt 08.07.2013, 12:12   #3
King pin
 
security essentials meldet Maleware - Standard

security essentials meldet Maleware



OLE Extras Log:

Code:
ATTFilter
OTL Extras logfile created on: 08.07.2013 12:24:10 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Annegret\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 3,89 Gb Available Physical Memory | 65,11% Memory free
11,96 Gb Paging File | 9,81 Gb Available in Paging File | 82,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,66 Gb Total Space | 337,31 Gb Free Space | 74,85% Space Free | Partition Type: NTFS
 
Computer Name: XXXXXX-PC | User Name: XYXXXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3209409606-3173325914-3703126598-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Waterfox\waterfox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E1B62F-3547-4CAC-8E31-D5BC962EB129}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{211D8C8D-51D0-488B-BEFB-04EDD2C63912}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{278F7C03-D7B3-465A-92F7-F6CA6AEE8499}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2CF7BF09-6126-4345-8D1B-E1AA55A8F0A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3E51154C-5B08-48E5-AD8C-6C857562F42B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{51FC27D0-AFDB-471B-9AD6-CB1CF2F2641C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{54A0DFF3-1E2E-460A-AD6A-E355FBD181CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{76C2CD65-FE58-4ECF-845B-41C3843D675E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7DCAC1AE-502C-40FF-BCD3-5608DA47D87E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{88307942-38FE-4C1B-8E4B-96F90C825313}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{920D45B3-CC1C-4DD8-8252-B338C2C10F93}" = rport=137 | protocol=17 | dir=out | app=system | 
"{93C46A24-0C9A-49FC-AB39-C0D658E53A90}" = lport=445 | protocol=6 | dir=in | app=system | 
"{95FA6394-212C-42EE-886E-568A48BF9559}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{965407A4-6A81-40BF-9569-A494D571804E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AC4C0A45-A5C5-42FE-BF8D-97F34547678A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B9F7DB60-1B97-4BFB-996E-CD592E587A0D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CBB62D23-3F45-4029-9C05-4DD766602CFF}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DA81A951-06B1-45EB-B8C6-431271446B16}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | 
"{DB4ABC81-3B1D-4C96-B483-5CB2879DF764}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F55759A3-FAF2-4692-829F-3888FCA4A819}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F60CB3A5-D867-446B-9C0A-F56C34ED79F2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FAF8AFB9-8210-4F51-9719-040298BA60E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FFE08880-DD1E-40E5-814E-FBBB61CBE705}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D7B287-5206-4FB2-909E-E2294CE859CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{0901176F-D3C1-4A8D-AA13-9821FF2FE3B0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0955647F-6B8C-493B-B3A5-2CF4D1D88758}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | 
"{12F25059-88A3-47EC-A273-C3B0C7CC005B}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | 
"{1C091253-00ED-492D-BD8B-83A4D2EE7D9C}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{242E816C-036A-4CAA-93F9-5313D42073AD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{2830CED2-C9BB-44BA-A014-F8177D3A3DBD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{2AFD6FA3-2EA5-4EC8-A280-834988CEF58D}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | 
"{2C0A0D96-469A-4986-8E3A-55B995F14973}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{2CE024C8-CE76-46D9-8812-5A2EFD232DFB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{31CCF07E-2980-46EA-9F45-A02A68E8859E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{32BC5262-091D-41BA-853C-01A3B5C06426}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{37FB15B6-BB5F-4D4C-A329-7E4137FE328B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{3C19E63B-000C-4813-AE07-57FB0CD2F6FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3D19EB1A-F7FC-4B28-B143-7AC0FCC4AF8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3DA67057-9238-49AC-8FBE-3D9E31C7C18F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{42709CA2-5C3D-4183-8C97-32B7F71F242E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{46574079-EC29-4105-8D3B-C0BB08B7C773}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | 
"{486FE960-C042-4F12-A749-D50BB8B7E19C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4FE07026-8D6E-46A0-B8D3-2F321CFB96A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{548DE6E6-9EF6-478A-B483-9A9E4E0BBBA7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5743479C-F211-42F5-9181-56EAFBAB5DB9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{5E04B880-4AFB-4A38-A98D-1ED1F0A3CD4B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{6DEA88ED-FBA9-48A9-BB61-F80E07623286}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{854A7D04-309C-477A-ACA2-1DA6E4E8486D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9AAADF0F-490A-4142-B3B5-4D6B259757C2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{9ACE2827-B720-40CF-A56D-97D9A11F3AC1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9B7BAA31-40FE-4F10-9FED-6407F6C08DB3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9C5C13E5-57DD-4018-A3E6-CEB8A69500BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A6131306-8AED-499D-BFF4-A3A6CC58AA93}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{A9E18337-153C-4531-A4F9-0983E9695B32}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{B48F1255-4FF7-46C7-8CF6-362AD2A3297C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{BA932289-9B36-4ED9-BD1C-3BE852A64C16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{BE2CCB76-6649-41F0-AA47-60362AD1DC8A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D19A3FDF-D874-4EE2-83B1-21FB7D78F327}" = protocol=6 | dir=out | app=system | 
"{D91AC262-C5EB-47E4-BC05-AE6C048AB027}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D92AD730-1622-472D-A03B-5AAD40A5A9B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DE9417B7-9704-45CD-9311-E8FAED57FA4F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{E438A561-4169-4511-AED7-AEB9C99F053C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{1D3799D4-B338-4CB2-B9C5-D16B4C9D71A9}C:\program files (x86)\vectorworks2011\vectorworks2011e.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2011\vectorworks2011e.exe | 
"TCP Query User{5602EAC6-2520-4C49-B064-6DCC28C25146}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | 
"TCP Query User{5A758742-7DEB-4DB3-B80B-8727E50AAC06}C:\corpora\s7\dbeng7.exe" = protocol=6 | dir=in | app=c:\corpora\s7\dbeng7.exe | 
"TCP Query User{6BBB884C-B8F9-40ED-A9FF-5496CDD2B11E}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{86837351-8F88-4B50-AD39-6C929BFD6A36}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{E67809DD-B12E-40A6-BC08-06B12B73C856}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{EA55D4B6-0DD0-4C06-945A-7A4A3FBABDD1}C:\program files (x86)\vectorworks2011\vectorworks2011e.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vectorworks2011\vectorworks2011e.exe | 
"TCP Query User{F6443466-89DB-46C2-B870-5858557B68DA}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{11520128-A1F5-43B8-A2AB-BA65C92A93E5}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | 
"UDP Query User{1C651B5C-A83B-4F90-8C05-2B6340984B5F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{50A124F6-622B-4E01-BF1F-1FFCE050C9C9}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{54CB1E9E-2FDF-496D-8ED9-CB110834798E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{71BDFA21-F1DE-4D5C-B343-723324BF16A5}C:\corpora\s7\dbeng7.exe" = protocol=17 | dir=in | app=c:\corpora\s7\dbeng7.exe | 
"UDP Query User{79FAF7E1-9DAA-4D82-93A4-58BF04F7DAF6}C:\program files (x86)\vectorworks2011\vectorworks2011e.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2011\vectorworks2011e.exe | 
"UDP Query User{F19019BB-DF7E-4865-9B59-4FB5B94B5CBD}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{F537BF14-9753-4AD7-A859-E9436EE47A4C}C:\program files (x86)\vectorworks2011\vectorworks2011e.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vectorworks2011\vectorworks2011e.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{982C480E-5BE0-2714-E584-83E88F8A31C3}" = ccc-utility64
"{A253A57F-4319-49B5-B405-64587FFBCFE2}" = HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{E69F8CE0-7EA0-63A9-5A5B-D8FD9BDCC219}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD7DEB7B-8CEA-44E5-AB2D-7C66786C0563}" = Waterfox
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{05BA6FCD-1701-4AB9-8A1B-59008261695E}" = PS_AIO_06_B109a-m_SW_Min
"{063541C9-B4CA-CD49-080C-AEDE45067CEB}" = CCC Help Portuguese
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07580AC7-1B74-92E7-F405-9AD4019CA577}" = CCC Help Thai
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.6 Build #5618 Banner Remover 1.0
"{0F63FE0E-3279-7399-CAAB-E9B19A570F40}" = Vectorworks 2011 Hilfe
"{10AD2C1F-9825-F220-7870-CD7B946D367E}" = CCC Help Spanish
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1B192700-C368-49C1-BF81-D2F9BA065534}" = Catalyst Control Center - Branding
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23E26695-3815-012F-1CAF-C6C3564DBCBF}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{29A4502B-1FA5-72E0-92F1-AC8F2EF16D51}" = CCC Help Danish
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{320795BA-446B-C1F7-9560-CC171192DC21}" = CCC Help Turkish
"{334BEF1F-EE5B-295F-BED0-728F7F45328B}" = CCC Help Polish
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{47772E7F-6942-B7A3-1B31-74D30343064B}" = CCC Help Norwegian
"{485E3D4A-35FB-CED2-3CF5-FAD4CCFE46BD}" = CCC Help Hungarian
"{4A6D25EA-5390-CEE6-305E-F28B192C806C}" = CCC Help Finnish
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{557018DC-309C-5BCC-0587-B2D86BA20613}" = CCC Help Greek
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{60101C13-2C13-48FB-855D-33D9F3013133}" = B109a-m
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{704ED517-BB7F-7654-2185-627ACCB20179}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B284AC2-4756-6779-9274-FE20EE9216B7}" = Catalyst Control Center InstallProxy
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{800BE8AA-C912-E42D-E97F-BA533A2C851F}" = CCC Help Korean
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.7.0
"{83429F57-1A80-EB5B-8E60-C215D025A18B}" = CCC Help Italian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B3119BF5-2502-B6A6-45AA-A1FE5D82FFD7}" = CCC Help Russian
"{B343B0E3-212A-40B9-8207-1BD299228F5D}" = Fallout 3 - The Garden of Eden Creation Kit
"{B4C7BC58-3914-9EF9-E2B9-52216DFE899D}" = Catalyst Control Center Graphics Previews Vista
"{B722FA60-A6EF-A3F5-DD4B-C826CDA16114}" = CCC Help Japanese
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC7BBA77-7C6F-115C-4B47-0E3EE2610C13}" = CCC Help German
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{DBCCC93B-F646-EB40-4AB1-55D4BE0E5D30}" = CCC Help Dutch
"{DBD55196-4BE4-CAAC-1447-4AF6657EEAD6}" = CCC Help Czech
"{E1161FE3-E090-512B-BE20-AA276C2766CA}" = CCC Help Swedish
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B8B8A6-BBD9-0B5F-1AA1-A95161C16247}" = CCC Help Chinese Traditional
"{E5F1F9B2-90C3-83E2-888F-2725AACA93BD}" = CCC Help French
"{E87C0C8B-82D6-7C51-B1A3-01EAF3314F7F}" = CCC Help English
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2E90747-42A1-E42F-C104-48239458946A}" = CCC Help Chinese Standard
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}" = TAXMAN 2012
"{FCDDB05A-1B35-453B-47B5-AD75809BBBF9}" = PX Profile Update
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Airline Tycoon - Deluxe" = Airline Tycoon - Deluxe
"AirlineTycoon2_is1" = Airline Tycoon 2 v1.01
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eu.computerworks.vectorworks.2011.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1" = Vectorworks 2011 Hilfe
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"lwoofer@lyricswoofer.co" = LyricsWoofer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 23.0 (x86 de)" = Mozilla Firefox 23.0 (x86 de)
"WEKA VOB_MUSTERBRIEFE UND _FORMULARE STAND 10_10" = WEKA VOB-Musterbriefe und -Formulare Stand 10.10
"Winamp" = Winamp
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3209409606-3173325914-3703126598-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.04.2013 11:24:40 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 25.04.2013 13:20:07 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 25.04.2013 14:06:11 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 28.04.2013 14:42:22 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 28.04.2013 17:20:44 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 02.05.2013 04:43:46 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 06.05.2013 09:37:05 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 07.05.2013 13:22:13 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 11.05.2013 14:09:25 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 13.05.2013 06:31:01 | Computer Name = XXXXXX-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ System Events ]
Error - 08.07.2013 03:18:35 | Computer Name = XXXXXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.07.2013 03:18:35 | Computer Name = XXXXXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.07.2013 03:18:35 | Computer Name = XXXXXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.07.2013 03:18:35 | Computer Name = XXXXXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.07.2013 03:18:35 | Computer Name = XXXXXX-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 08.07.2013 03:33:01 | Computer Name = XXXXXX-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 08.07.2013 03:41:42 | Computer Name = XXXXXX-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ccdglsvc" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 08.07.2013 03:41:53 | Computer Name = XXXXXX-PC | Source = Microsoft Antimalware | ID = 2004
Description = Beim Laden der Signaturen wurde von %%860 ein Fehler festgestellt.
 Es wird versucht, einen als gültig bekannten Signatursatz wiederherzustellen.     Versuchte
 Signaturen: %%824     Fehlercode: 0x80070002     Fehlerbeschreibung: Das System kann die 
angegebene Datei nicht finden.      Signaturversion: 0.0.0.0;0.0.0.0     Modulversion: 0.0.0.0
 
Error - 08.07.2013 03:42:20 | Computer Name = XXXXXX-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 08.07.2013 03:42:20 | Computer Name = XXXXXX-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >
         
__________________

Geändert von King pin (08.07.2013 um 12:28 Uhr)

Alt 08.07.2013, 12:13   #4
markusg
/// Malware-holic
 
security essentials meldet Maleware - Standard

security essentials meldet Maleware



ok, noch meine Frage beantworten bitte.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.07.2013, 12:20   #5
King pin
 
security essentials meldet Maleware - Standard

security essentials meldet Maleware



Moment hab das Log File noch gefunden

Der erkannte schädling heist: Adware: Win32/AddLyrics

Und befindet sich in C:\Program Files (x86)\LyricsWoofer\116.dll



Hier noch das im Hilfsthread geforderte GMER Log:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-08 12:14:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BPVT-22HXZT1 rev.01.01A01 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Annegret\AppData\Local\Temp\kxdoqkow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000762d1465 2 bytes [2D, 76]
.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000762d14bb 2 bytes [2D, 76]
.text   ...                                                                                                                               * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [404:1828]                                                                                        000007fef97544e0
Thread  C:\Windows\System32\svchost.exe [404:3388]                                                                                        000007fefa4f88f8
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [952:2932]                                                                     000007fefc002a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [952:2816]                                                                     000007fef349d618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [952:2428]                                                                     000007fef349d618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [952:2440]                                                                     000007fef9995124

---- EOF - GMER 2.1 ----
         
Ich danke euch vielmal für die Hilfe.

leider kann ich den PC nicht Formatieren da hier zu viele wichtige Datein drauf sind(Meisterprüfungsunterlagen, CAD Datein und ein CAD Programm (Vektorworks) welches sich nur 1 mal registriern lässt(Schülerversion)

da ich bis heut Abend leider bei einem Geschäftstermin bin. Bitte nicht wundern wenn ich nicht gleich antworten kann.

Ich hoffe aber die daten helfen euch weiter mir zu helfen.



Geändert von King pin (08.07.2013 um 12:25 Uhr)

Alt 08.07.2013, 13:18   #6
markusg
/// Malware-holic
 
security essentials meldet Maleware - Standard

security essentials meldet Maleware



Hi,
eine solche aussage:
"ich kann nicht formatieren, wegen wichtige Daten" lässt mich immer aufhorchen.
1. gibt es keine Backups, wenn nich frage ich mich immer, ob die Daten tatsächlich so wichtig sind, denn von wichtigen Dingen hat man doch kopieen!
2.
poste mal bitte alle Malwarebytes Logs mit funden.
http://www.trojaner-board.de/125889-...en-posten.html

3. da du sagst Geschäftstermin, ist das ein firmen PC, wenn ja, habt ihr ne IT Abteilung?
__________________
--> security essentials meldet Maleware

Alt 08.07.2013, 19:13   #7
King pin
 
security essentials meldet Maleware - Standard

security essentials meldet Maleware



Nein ist kein IT- PC, es handelte sich um ein Termin mit einem Lieferranten für Furnierhölzer.
Ich mache grad meinen tischlermeister. Und! Nartürlich gibt es Backups aber dieses LyricsWoofer ist da auch schon drauf ca 1 viertel jahr zurück... ich hab jetzt alle wichtigen CAD datein und die ganzen Kalkulationen des Stückes auf nem USB gespeichert.

frage mich aber ob es Sinn macht mein laufendes System zu formatieren.
Bin eigentlich ziehmlich vorsichtig mit installieren von irgendwelchen programmen darum frag ich ob das überhaupt eine Schadsoftware ist.

MBan reagiert seit heute nicht mehr(Seit dem Fund) versuch es grad gewaltsam vom system zu löschen und neu zu installieren. Kann ein fehler von Mban sein da ich es lang nicht benutzt habe (Aktualisierungsfehler) oder eben wegen dem Fund sein....

Ich melde mich sobald ich den Log habe vom Scan

Alt 08.07.2013, 19:17   #8
markusg
/// Malware-holic
 
security essentials meldet Maleware - Standard

security essentials meldet Maleware



ok lass das mit der Deinstalation erst mal.
es wird bittte nich selbst irgendwas gelöscht.
zumindest nicht während der Reinigung, über Probleme kannst du natürlich gern berichten.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.07.2013, 19:28   #9
King pin
 
security essentials meldet Maleware - Standard

security essentials meldet Maleware



hab nix gelöscht, kann nur mBan nicht ausführen.

hier das Log:
Code:
ATTFilter
20:22:06.0965 4032  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:22:07.0293 4032  ============================================================
20:22:07.0293 4032  Current date / time: 2013/07/08 20:22:07.0293
20:22:07.0293 4032  SystemInfo:
20:22:07.0293 4032  
20:22:07.0293 4032  OS Version: 6.1.7601 ServicePack: 1.0
20:22:07.0293 4032  Product type: Workstation
20:22:07.0293 4032  ComputerName: ANNEGRET-PC
20:22:07.0293 4032  UserName: Annegret
20:22:07.0293 4032  Windows directory: C:\Windows
20:22:07.0293 4032  System windows directory: C:\Windows
20:22:07.0293 4032  Running under WOW64
20:22:07.0293 4032  Processor architecture: Intel x64
20:22:07.0293 4032  Number of processors: 4
20:22:07.0293 4032  Page size: 0x1000
20:22:07.0293 4032  Boot type: Normal boot
20:22:07.0293 4032  ============================================================
20:22:09.0180 4032  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:22:09.0180 4032  ============================================================
20:22:09.0180 4032  \Device\Harddisk0\DR0:
20:22:09.0180 4032  MBR partitions:
20:22:09.0180 4032  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
20:22:09.0180 4032  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x38553000
20:22:09.0180 4032  ============================================================
20:22:09.0212 4032  C: <-> \Device\Harddisk0\DR0\Partition2
20:22:09.0212 4032  ============================================================
20:22:09.0212 4032  Initialize success
20:22:09.0212 4032  ============================================================
20:22:38.0711 3332  ============================================================
20:22:38.0711 3332  Scan started
20:22:38.0711 3332  Mode: Manual; SigCheck; TDLFS; 
20:22:38.0711 3332  ============================================================
20:22:39.0242 3332  ================ Scan system memory ========================
20:22:39.0242 3332  System memory - ok
20:22:39.0242 3332  ================ Scan services =============================
20:22:39.0632 3332  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:22:40.0131 3332  1394ohci - ok
20:22:40.0225 3332  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:22:40.0225 3332  ACPI - ok
20:22:40.0256 3332  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:22:40.0381 3332  AcpiPmi - ok
20:22:40.0599 3332  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:22:40.0630 3332  AdobeFlashPlayerUpdateSvc - ok
20:22:40.0724 3332  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:22:40.0771 3332  adp94xx - ok
20:22:40.0771 3332  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:22:40.0786 3332  adpahci - ok
20:22:40.0786 3332  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:22:40.0802 3332  adpu320 - ok
20:22:40.0833 3332  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:22:41.0036 3332  AeLookupSvc - ok
20:22:41.0129 3332  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:22:41.0192 3332  AFD - ok
20:22:41.0239 3332  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:22:41.0270 3332  agp440 - ok
20:22:41.0301 3332  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:22:41.0379 3332  ALG - ok
20:22:41.0395 3332  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:22:41.0426 3332  aliide - ok
20:22:41.0535 3332  [ 9CB927E76D3F65A02741A4D9A690178C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:22:41.0644 3332  AMD External Events Utility - ok
20:22:41.0675 3332  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:22:41.0691 3332  amdide - ok
20:22:41.0785 3332  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:22:41.0878 3332  AmdK8 - ok
20:22:43.0516 3332  [ B8660FB5431F136635FB6446AC67FAAE ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:22:43.0657 3332  amdkmdag - ok
20:22:43.0703 3332  [ 5FC9D833F726383D9D60205F5A3CF16B ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:22:43.0766 3332  amdkmdap - ok
20:22:43.0797 3332  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:22:43.0844 3332  AmdPPM - ok
20:22:43.0891 3332  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:22:43.0922 3332  amdsata - ok
20:22:43.0969 3332  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:22:44.0000 3332  amdsbs - ok
20:22:44.0015 3332  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:22:44.0031 3332  amdxata - ok
20:22:44.0093 3332  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:22:44.0312 3332  AppID - ok
20:22:44.0327 3332  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:22:44.0405 3332  AppIDSvc - ok
20:22:44.0437 3332  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
20:22:44.0515 3332  Appinfo - ok
20:22:44.0530 3332  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:22:44.0546 3332  arc - ok
20:22:44.0561 3332  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:22:44.0577 3332  arcsas - ok
20:22:44.0624 3332  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:22:44.0686 3332  AsyncMac - ok
20:22:44.0764 3332  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:22:44.0795 3332  atapi - ok
20:22:44.0998 3332  [ E642491F64E58CD5BC8FB8B347DCF65F ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:22:45.0045 3332  athr - ok
20:22:45.0185 3332  [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
20:22:45.0263 3332  AtiHdmiService - ok
20:22:45.0357 3332  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
20:22:45.0388 3332  atksgt - ok
20:22:45.0466 3332  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:22:45.0560 3332  AudioEndpointBuilder - ok
20:22:45.0575 3332  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:22:45.0607 3332  AudioSrv - ok
20:22:45.0700 3332  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:22:45.0841 3332  AxInstSV - ok
20:22:45.0903 3332  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:22:45.0997 3332  b06bdrv - ok
20:22:46.0075 3332  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:22:46.0153 3332  b57nd60a - ok
20:22:46.0231 3332  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:22:46.0309 3332  BDESVC - ok
20:22:46.0324 3332  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:22:46.0387 3332  Beep - ok
20:22:46.0465 3332  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:22:46.0574 3332  BFE - ok
20:22:46.0745 3332  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:22:46.0823 3332  BITS - ok
20:22:46.0839 3332  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:22:46.0855 3332  blbdrive - ok
20:22:46.0917 3332  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:22:46.0979 3332  bowser - ok
20:22:46.0995 3332  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:22:47.0182 3332  BrFiltLo - ok
20:22:47.0198 3332  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:22:47.0260 3332  BrFiltUp - ok
20:22:47.0369 3332  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:22:47.0432 3332  Browser - ok
20:22:47.0479 3332  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:22:47.0557 3332  Brserid - ok
20:22:47.0572 3332  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:22:47.0603 3332  BrSerWdm - ok
20:22:47.0619 3332  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:22:47.0666 3332  BrUsbMdm - ok
20:22:47.0666 3332  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:22:47.0681 3332  BrUsbSer - ok
20:22:47.0697 3332  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:22:47.0744 3332  BTHMODEM - ok
20:22:47.0759 3332  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:22:47.0837 3332  bthserv - ok
20:22:47.0931 3332  ccdglsvc - ok
20:22:47.0978 3332  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:22:48.0056 3332  cdfs - ok
20:22:48.0118 3332  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:22:48.0181 3332  cdrom - ok
20:22:48.0227 3332  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:22:48.0321 3332  CertPropSvc - ok
20:22:48.0368 3332  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:22:48.0399 3332  circlass - ok
20:22:48.0461 3332  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:22:48.0477 3332  CLFS - ok
20:22:48.0555 3332  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:22:48.0586 3332  clr_optimization_v2.0.50727_32 - ok
20:22:48.0633 3332  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:22:48.0649 3332  clr_optimization_v2.0.50727_64 - ok
20:22:48.0742 3332  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:22:48.0773 3332  clr_optimization_v4.0.30319_32 - ok
20:22:48.0836 3332  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:22:48.0851 3332  clr_optimization_v4.0.30319_64 - ok
20:22:48.0867 3332  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:22:48.0898 3332  CmBatt - ok
20:22:48.0929 3332  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:22:48.0929 3332  cmdide - ok
20:22:49.0007 3332  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
20:22:49.0070 3332  CNG - ok
20:22:49.0101 3332  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:22:49.0132 3332  Compbatt - ok
20:22:49.0179 3332  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:22:49.0257 3332  CompositeBus - ok
20:22:49.0273 3332  COMSysApp - ok
20:22:49.0288 3332  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:22:49.0304 3332  crcdisk - ok
20:22:49.0397 3332  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:22:49.0429 3332  CryptSvc - ok
20:22:49.0522 3332  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:22:49.0600 3332  DcomLaunch - ok
20:22:49.0663 3332  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:22:49.0756 3332  defragsvc - ok
20:22:49.0803 3332  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:22:49.0897 3332  DfsC - ok
20:22:49.0959 3332  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:22:50.0053 3332  Dhcp - ok
20:22:50.0068 3332  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:22:50.0146 3332  discache - ok
20:22:50.0209 3332  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:22:50.0224 3332  Disk - ok
20:22:50.0271 3332  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:22:50.0333 3332  Dnscache - ok
20:22:50.0411 3332  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:22:50.0489 3332  dot3svc - ok
20:22:50.0583 3332  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
20:22:50.0614 3332  Dot4 - ok
20:22:50.0677 3332  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:22:50.0708 3332  Dot4Print - ok
20:22:50.0723 3332  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
20:22:50.0755 3332  dot4usb - ok
20:22:50.0801 3332  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:22:50.0879 3332  DPS - ok
20:22:50.0926 3332  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:22:50.0973 3332  drmkaud - ok
20:22:51.0301 3332  [ 470F7F19188AB45463F8B612D6DDE7C8 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
20:22:51.0332 3332  DsiWMIService - ok
20:22:51.0410 3332  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:22:51.0457 3332  DXGKrnl - ok
20:22:51.0488 3332  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:22:51.0566 3332  EapHost - ok
20:22:52.0049 3332  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:22:52.0221 3332  ebdrv - ok
20:22:52.0268 3332  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:22:52.0361 3332  EFS - ok
20:22:52.0486 3332  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:22:52.0564 3332  ehRecvr - ok
20:22:52.0580 3332  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:22:52.0658 3332  ehSched - ok
20:22:52.0705 3332  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:22:52.0736 3332  elxstor - ok
20:22:52.0845 3332  [ 8E12D885D17EC5FA4F52D2C6E953E285 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
20:22:52.0876 3332  ePowerSvc - ok
20:22:52.0907 3332  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:22:52.0954 3332  ErrDev - ok
20:22:53.0032 3332  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:22:53.0126 3332  EventSystem - ok
20:22:53.0188 3332  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:22:53.0235 3332  exfat - ok
20:22:53.0266 3332  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:22:53.0344 3332  fastfat - ok
20:22:53.0438 3332  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:22:53.0547 3332  Fax - ok
20:22:53.0563 3332  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:22:53.0609 3332  fdc - ok
20:22:53.0641 3332  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:22:53.0719 3332  fdPHost - ok
20:22:53.0750 3332  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:22:53.0843 3332  FDResPub - ok
20:22:53.0875 3332  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:22:53.0921 3332  FileInfo - ok
20:22:53.0937 3332  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:22:53.0999 3332  Filetrace - ok
20:22:54.0171 3332  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:22:54.0218 3332  FLEXnet Licensing Service - ok
20:22:54.0249 3332  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:22:54.0311 3332  flpydisk - ok
20:22:54.0358 3332  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:22:54.0389 3332  FltMgr - ok
20:22:54.0452 3332  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
20:22:54.0592 3332  FontCache - ok
20:22:54.0670 3332  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:22:54.0701 3332  FontCache3.0.0.0 - ok
20:22:54.0701 3332  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:22:54.0717 3332  FsDepends - ok
20:22:54.0748 3332  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:22:54.0764 3332  Fs_Rec - ok
20:22:54.0857 3332  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:22:54.0889 3332  fvevol - ok
20:22:54.0904 3332  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:22:54.0920 3332  gagp30kx - ok
20:22:54.0982 3332  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:22:55.0091 3332  gpsvc - ok
20:22:55.0154 3332  [ 0191DEE9B9EB7902AF2CF4F67301095D ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
20:22:55.0169 3332  GREGService - ok
20:22:55.0185 3332  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:22:55.0247 3332  hcw85cir - ok
20:22:55.0294 3332  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:22:55.0357 3332  HdAudAddService - ok
20:22:55.0419 3332  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:22:55.0481 3332  HDAudBus - ok
20:22:55.0497 3332  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:22:55.0544 3332  HidBatt - ok
20:22:55.0544 3332  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:22:55.0575 3332  HidBth - ok
20:22:55.0606 3332  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:22:55.0653 3332  HidIr - ok
20:22:55.0700 3332  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:22:55.0793 3332  hidserv - ok
20:22:55.0871 3332  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:22:55.0903 3332  HidUsb - ok
20:22:55.0934 3332  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:22:55.0996 3332  hkmsvc - ok
20:22:56.0027 3332  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:22:56.0090 3332  HomeGroupListener - ok
20:22:56.0137 3332  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:22:56.0183 3332  HomeGroupProvider - ok
20:22:56.0402 3332  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:22:56.0917 3332  hpqcxs08 - ok
20:22:57.0010 3332  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:22:57.0041 3332  hpqddsvc - ok
20:22:57.0135 3332  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:22:57.0166 3332  HpSAMD - ok
20:22:57.0275 3332  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
20:22:57.0322 3332  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
20:22:57.0322 3332  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
20:22:57.0369 3332  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:22:57.0478 3332  HTTP - ok
20:22:57.0525 3332  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:22:57.0541 3332  hwpolicy - ok
20:22:57.0587 3332  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:22:57.0619 3332  i8042prt - ok
20:22:57.0728 3332  [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:22:57.0759 3332  iaStor - ok
20:22:57.0821 3332  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:22:57.0837 3332  iaStorV - ok
20:22:57.0977 3332  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:22:58.0024 3332  idsvc - ok
20:22:58.0055 3332  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:22:58.0071 3332  iirsp - ok
20:22:58.0102 3332  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:22:58.0165 3332  IKEEXT - ok
20:22:58.0258 3332  [ F4C031439501F6C1D336A36D7CB58F4F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:22:58.0305 3332  IntcAzAudAddService - ok
20:22:58.0352 3332  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:22:58.0367 3332  intelide - ok
20:22:58.0414 3332  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:22:58.0461 3332  intelppm - ok
20:22:58.0492 3332  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:22:58.0586 3332  IPBusEnum - ok
20:22:58.0633 3332  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:22:58.0695 3332  IpFilterDriver - ok
20:22:58.0789 3332  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:22:58.0835 3332  iphlpsvc - ok
20:22:58.0851 3332  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:22:58.0898 3332  IPMIDRV - ok
20:22:58.0929 3332  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:22:58.0976 3332  IPNAT - ok
20:22:59.0023 3332  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:22:59.0101 3332  IRENUM - ok
20:22:59.0116 3332  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:22:59.0132 3332  isapnp - ok
20:22:59.0163 3332  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:22:59.0179 3332  iScsiPrt - ok
20:22:59.0225 3332  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:22:59.0241 3332  kbdclass - ok
20:22:59.0288 3332  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:22:59.0335 3332  kbdhid - ok
20:22:59.0366 3332  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:22:59.0397 3332  KeyIso - ok
20:22:59.0444 3332  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:22:59.0459 3332  KSecDD - ok
20:22:59.0522 3332  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:22:59.0553 3332  KSecPkg - ok
20:22:59.0569 3332  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:22:59.0615 3332  ksthunk - ok
20:22:59.0678 3332  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:22:59.0756 3332  KtmRm - ok
20:22:59.0818 3332  [ 0E154DA6CA9105354A07D0C576804037 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
20:22:59.0834 3332  L1C - ok
20:22:59.0881 3332  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:22:59.0974 3332  LanmanServer - ok
20:23:00.0021 3332  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:23:00.0099 3332  LanmanWorkstation - ok
20:23:00.0411 3332  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
20:23:00.0427 3332  lirsgt - ok
20:23:00.0614 3332  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:23:00.0692 3332  lltdio - ok
20:23:00.0739 3332  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:23:00.0832 3332  lltdsvc - ok
20:23:00.0848 3332  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:23:00.0895 3332  lmhosts - ok
20:23:00.0941 3332  [ 926EBA26A8B49D1597751CED06B50862 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:23:00.0973 3332  LMS - ok
20:23:01.0035 3332  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:23:01.0051 3332  LSI_FC - ok
20:23:01.0082 3332  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:23:01.0113 3332  LSI_SAS - ok
20:23:01.0129 3332  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:23:01.0144 3332  LSI_SAS2 - ok
20:23:01.0160 3332  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:23:01.0160 3332  LSI_SCSI - ok
20:23:01.0191 3332  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:23:01.0238 3332  luafv - ok
20:23:01.0285 3332  [ 23A854450DAB5C9B7A42AB9BE6F2E4BD ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:23:01.0285 3332  MBAMProtector - ok
20:23:01.0409 3332  [ 94E920BE59B9AB65D95E582DBAA136AC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:23:01.0441 3332  MBAMService - ok
20:23:01.0487 3332  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:23:01.0534 3332  Mcx2Svc - ok
20:23:01.0550 3332  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:23:01.0565 3332  megasas - ok
20:23:01.0565 3332  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:23:01.0581 3332  MegaSR - ok
20:23:01.0628 3332  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
20:23:01.0659 3332  MEIx64 - ok
20:23:01.0737 3332  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:23:01.0768 3332  Microsoft Office Groove Audit Service - ok
20:23:01.0799 3332  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:23:01.0877 3332  MMCSS - ok
20:23:01.0893 3332  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:23:01.0924 3332  Modem - ok
20:23:01.0955 3332  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:23:02.0018 3332  monitor - ok
20:23:02.0049 3332  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:23:02.0049 3332  mouclass - ok
20:23:02.0096 3332  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:23:02.0111 3332  mouhid - ok
20:23:02.0174 3332  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:23:02.0189 3332  mountmgr - ok
20:23:02.0267 3332  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:23:02.0314 3332  MpFilter - ok
20:23:02.0330 3332  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:23:02.0361 3332  mpio - ok
20:23:02.0377 3332  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:23:02.0408 3332  mpsdrv - ok
20:23:02.0533 3332  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:23:02.0611 3332  MpsSvc - ok
20:23:02.0689 3332  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:23:02.0735 3332  MRxDAV - ok
20:23:02.0798 3332  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:23:02.0876 3332  mrxsmb - ok
20:23:02.0907 3332  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:23:02.0938 3332  mrxsmb10 - ok
20:23:02.0969 3332  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:23:02.0985 3332  mrxsmb20 - ok
20:23:03.0032 3332  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
20:23:03.0047 3332  msahci - ok
20:23:03.0079 3332  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:23:03.0094 3332  msdsm - ok
20:23:03.0110 3332  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:23:03.0172 3332  MSDTC - ok
20:23:03.0203 3332  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:23:03.0250 3332  Msfs - ok
20:23:03.0297 3332  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:23:03.0344 3332  mshidkmdf - ok
20:23:03.0406 3332  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:23:03.0437 3332  msisadrv - ok
20:23:03.0469 3332  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:23:03.0547 3332  MSiSCSI - ok
20:23:03.0547 3332  msiserver - ok
20:23:03.0609 3332  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:23:03.0687 3332  MSKSSRV - ok
20:23:03.0827 3332  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:23:03.0843 3332  MsMpSvc - ok
20:23:03.0890 3332  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:23:03.0937 3332  MSPCLOCK - ok
20:23:03.0952 3332  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:23:03.0999 3332  MSPQM - ok
20:23:04.0093 3332  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:23:04.0139 3332  MsRPC - ok
20:23:04.0171 3332  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:23:04.0171 3332  mssmbios - ok
20:23:04.0202 3332  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:23:04.0249 3332  MSTEE - ok
20:23:04.0249 3332  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:23:04.0280 3332  MTConfig - ok
20:23:04.0295 3332  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:23:04.0311 3332  Mup - ok
20:23:04.0327 3332  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:23:04.0373 3332  napagent - ok
20:23:04.0420 3332  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:23:04.0451 3332  NativeWifiP - ok
20:23:04.0545 3332  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:23:04.0623 3332  NDIS - ok
20:23:04.0623 3332  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:23:04.0670 3332  NdisCap - ok
20:23:04.0701 3332  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:23:04.0732 3332  NdisTapi - ok
20:23:04.0763 3332  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:23:04.0826 3332  Ndisuio - ok
20:23:04.0857 3332  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:23:04.0951 3332  NdisWan - ok
20:23:05.0013 3332  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:23:05.0075 3332  NDProxy - ok
20:23:05.0153 3332  [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:23:05.0169 3332  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:23:05.0169 3332  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:23:05.0185 3332  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:23:05.0263 3332  NetBIOS - ok
20:23:05.0341 3332  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:23:05.0434 3332  NetBT - ok
20:23:05.0481 3332  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:23:05.0481 3332  Netlogon - ok
20:23:05.0559 3332  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:23:05.0606 3332  Netman - ok
20:23:05.0621 3332  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:23:05.0762 3332  netprofm - ok
20:23:05.0871 3332  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:23:05.0902 3332  NetTcpPortSharing - ok
20:23:05.0918 3332  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:23:05.0933 3332  nfrd960 - ok
20:23:06.0011 3332  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:23:06.0043 3332  NisDrv - ok
20:23:06.0105 3332  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
20:23:06.0152 3332  NisSrv - ok
20:23:06.0261 3332  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:23:06.0308 3332  NlaSvc - ok
20:23:06.0339 3332  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:23:06.0433 3332  Npfs - ok
20:23:06.0448 3332  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:23:06.0526 3332  nsi - ok
20:23:06.0542 3332  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:23:06.0620 3332  nsiproxy - ok
20:23:06.0682 3332  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:23:06.0776 3332  Ntfs - ok
20:23:06.0791 3332  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:23:06.0838 3332  Null - ok
20:23:06.0901 3332  [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
20:23:06.0963 3332  nusb3hub - ok
20:23:06.0994 3332  [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:23:07.0072 3332  nusb3xhc - ok
20:23:07.0119 3332  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:23:07.0150 3332  nvraid - ok
20:23:07.0213 3332  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:23:07.0244 3332  nvstor - ok
20:23:07.0291 3332  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:23:07.0306 3332  nv_agp - ok
20:23:07.0400 3332  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:23:07.0431 3332  odserv - ok
20:23:07.0462 3332  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:23:07.0525 3332  ohci1394 - ok
20:23:07.0571 3332  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:23:07.0603 3332  ose - ok
20:23:07.0665 3332  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:23:07.0743 3332  p2pimsvc - ok
20:23:07.0790 3332  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:23:07.0852 3332  p2psvc - ok
20:23:07.0899 3332  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:23:07.0961 3332  Parport - ok
20:23:08.0008 3332  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:23:08.0039 3332  partmgr - ok
20:23:08.0055 3332  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:23:08.0102 3332  PcaSvc - ok
20:23:08.0164 3332  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:23:08.0180 3332  pci - ok
20:23:08.0227 3332  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:23:08.0258 3332  pciide - ok
20:23:08.0289 3332  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:23:08.0320 3332  pcmcia - ok
20:23:08.0351 3332  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:23:08.0351 3332  pcw - ok
20:23:08.0383 3332  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:23:08.0492 3332  PEAUTH - ok
20:23:08.0648 3332  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:23:08.0695 3332  PerfHost - ok
20:23:08.0788 3332  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:23:08.0975 3332  pla - ok
20:23:09.0053 3332  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:23:09.0131 3332  PlugPlay - ok
20:23:09.0225 3332  [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:23:09.0272 3332  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:23:09.0272 3332  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:23:09.0303 3332  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:23:09.0319 3332  PNRPAutoReg - ok
20:23:09.0365 3332  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:23:09.0397 3332  PNRPsvc - ok
20:23:09.0443 3332  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:23:09.0475 3332  PolicyAgent - ok
20:23:09.0506 3332  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:23:09.0584 3332  Power - ok
20:23:09.0662 3332  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:23:09.0740 3332  PptpMiniport - ok
20:23:09.0787 3332  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:23:09.0849 3332  Processor - ok
20:23:09.0943 3332  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:23:10.0005 3332  ProfSvc - ok
20:23:10.0036 3332  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:23:10.0052 3332  ProtectedStorage - ok
20:23:10.0114 3332  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:23:10.0223 3332  Psched - ok
20:23:10.0301 3332  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:23:10.0348 3332  ql2300 - ok
20:23:10.0364 3332  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:23:10.0364 3332  ql40xx - ok
20:23:10.0395 3332  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:23:10.0411 3332  QWAVE - ok
20:23:10.0426 3332  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:23:10.0457 3332  QWAVEdrv - ok
20:23:10.0489 3332  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:23:10.0504 3332  RasAcd - ok
20:23:10.0567 3332  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:23:10.0645 3332  RasAgileVpn - ok
20:23:10.0645 3332  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:23:10.0676 3332  RasAuto - ok
20:23:10.0707 3332  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:23:10.0785 3332  Rasl2tp - ok
20:23:10.0847 3332  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:23:10.0957 3332  RasMan - ok
20:23:10.0972 3332  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:23:11.0035 3332  RasPppoe - ok
20:23:11.0066 3332  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:23:11.0097 3332  RasSstp - ok
20:23:11.0144 3332  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:23:11.0191 3332  rdbss - ok
20:23:11.0222 3332  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:23:11.0222 3332  rdpbus - ok
20:23:11.0237 3332  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:23:11.0284 3332  RDPCDD - ok
20:23:11.0331 3332  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:23:11.0409 3332  RDPENCDD - ok
20:23:11.0425 3332  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:23:11.0471 3332  RDPREFMP - ok
20:23:11.0534 3332  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:23:11.0596 3332  RdpVideoMiniport - ok
20:23:11.0643 3332  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:23:11.0721 3332  RDPWD - ok
20:23:11.0768 3332  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:23:11.0799 3332  rdyboost - ok
20:23:11.0815 3332  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:23:11.0908 3332  RemoteAccess - ok
20:23:11.0939 3332  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:23:11.0986 3332  RemoteRegistry - ok
20:23:12.0002 3332  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:23:12.0049 3332  RpcEptMapper - ok
20:23:12.0095 3332  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:23:12.0127 3332  RpcLocator - ok
20:23:12.0173 3332  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:23:12.0220 3332  RpcSs - ok
20:23:12.0236 3332  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:23:12.0298 3332  rspndr - ok
20:23:12.0345 3332  [ 9BEB5F18A418FF70659CE2E356829568 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
20:23:12.0361 3332  RSUSBSTOR - ok
20:23:12.0376 3332  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:23:12.0376 3332  SamSs - ok
20:23:12.0407 3332  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:23:12.0423 3332  sbp2port - ok
20:23:12.0454 3332  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:23:12.0470 3332  SCardSvr - ok
20:23:12.0517 3332  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:23:12.0595 3332  scfilter - ok
20:23:12.0797 3332  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:23:12.0875 3332  Schedule - ok
20:23:12.0907 3332  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:23:12.0938 3332  SCPolicySvc - ok
20:23:13.0031 3332  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:23:13.0078 3332  SDRSVC - ok
20:23:13.0125 3332  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:23:13.0187 3332  secdrv - ok
20:23:13.0219 3332  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:23:13.0250 3332  seclogon - ok
20:23:13.0281 3332  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:23:13.0312 3332  SENS - ok
20:23:13.0312 3332  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:23:13.0343 3332  SensrSvc - ok
20:23:13.0359 3332  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:23:13.0375 3332  Serenum - ok
20:23:13.0421 3332  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:23:13.0437 3332  Serial - ok
20:23:13.0499 3332  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:23:13.0546 3332  sermouse - ok
20:23:13.0609 3332  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:23:13.0687 3332  SessionEnv - ok
20:23:13.0733 3332  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:23:13.0796 3332  sffdisk - ok
20:23:13.0827 3332  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:23:13.0858 3332  sffp_mmc - ok
20:23:13.0874 3332  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:23:13.0905 3332  sffp_sd - ok
20:23:13.0936 3332  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:23:13.0983 3332  sfloppy - ok
20:23:14.0045 3332  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:23:14.0123 3332  SharedAccess - ok
20:23:14.0186 3332  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:23:14.0279 3332  ShellHWDetection - ok
20:23:14.0279 3332  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:23:14.0279 3332  SiSRaid2 - ok
20:23:14.0295 3332  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:23:14.0295 3332  SiSRaid4 - ok
20:23:14.0389 3332  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:23:14.0420 3332  SkypeUpdate - ok
20:23:14.0451 3332  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:23:14.0498 3332  Smb - ok
20:23:14.0545 3332  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:23:14.0591 3332  SNMPTRAP - ok
20:23:14.0623 3332  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:23:14.0623 3332  spldr - ok
20:23:14.0716 3332  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:23:14.0810 3332  Spooler - ok
20:23:15.0028 3332  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:23:15.0215 3332  sppsvc - ok
20:23:15.0231 3332  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:23:15.0325 3332  sppuinotify - ok
20:23:15.0418 3332  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:23:15.0496 3332  srv - ok
20:23:15.0621 3332  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:23:15.0683 3332  srv2 - ok
20:23:15.0715 3332  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:23:15.0746 3332  srvnet - ok
20:23:15.0777 3332  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:23:15.0839 3332  SSDPSRV - ok
20:23:15.0871 3332  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:23:15.0949 3332  SstpSvc - ok
20:23:15.0980 3332  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:23:15.0980 3332  stexstor - ok
20:23:16.0151 3332  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:23:16.0198 3332  stisvc - ok
20:23:16.0245 3332  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:23:16.0276 3332  swenum - ok
20:23:16.0354 3332  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:23:16.0417 3332  swprv - ok
20:23:16.0557 3332  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:23:16.0713 3332  SysMain - ok
20:23:16.0775 3332  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:23:16.0838 3332  TabletInputService - ok
20:23:16.0931 3332  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:23:17.0025 3332  TapiSrv - ok
20:23:17.0041 3332  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:23:17.0119 3332  TBS - ok
20:23:17.0212 3332  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:23:17.0290 3332  Tcpip - ok
20:23:17.0384 3332  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:23:17.0415 3332  TCPIP6 - ok
20:23:17.0477 3332  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:23:17.0509 3332  tcpipreg - ok
20:23:17.0571 3332  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:23:17.0665 3332  TDPIPE - ok
20:23:17.0711 3332  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:23:17.0743 3332  TDTCP - ok
20:23:17.0836 3332  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:23:17.0930 3332  tdx - ok
20:23:17.0961 3332  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:23:17.0992 3332  TermDD - ok
20:23:18.0070 3332  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:23:18.0148 3332  TermService - ok
20:23:18.0195 3332  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:23:18.0195 3332  Themes - ok
20:23:18.0242 3332  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:23:18.0289 3332  THREADORDER - ok
20:23:18.0335 3332  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:23:18.0398 3332  TrkWks - ok
20:23:18.0554 3332  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:23:18.0632 3332  TrustedInstaller - ok
20:23:18.0694 3332  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:23:18.0757 3332  tssecsrv - ok
20:23:18.0819 3332  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:23:18.0897 3332  TsUsbFlt - ok
20:23:18.0975 3332  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:23:19.0053 3332  tunnel - ok
20:23:19.0131 3332  [ 48743B69EA47C020A792D8649F753F44 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
20:23:19.0147 3332  TurboB - ok
20:23:19.0256 3332  [ 759F59E3EA3802FF23F93DCDB6FE9171 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
20:23:19.0271 3332  TurboBoost - ok
20:23:19.0303 3332  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:23:19.0334 3332  uagp35 - ok
20:23:19.0381 3332  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:23:19.0474 3332  udfs - ok
20:23:19.0505 3332  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:23:19.0552 3332  UI0Detect - ok
20:23:19.0583 3332  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:23:19.0599 3332  uliagpkx - ok
20:23:19.0661 3332  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:23:19.0677 3332  umbus - ok
20:23:19.0693 3332  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:23:19.0724 3332  UmPass - ok
20:23:19.0989 3332  [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:23:20.0067 3332  UNS - ok
20:23:20.0161 3332  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2 ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
20:23:20.0176 3332  Updater Service - ok
20:23:20.0254 3332  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:23:20.0332 3332  upnphost - ok
20:23:20.0426 3332  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:23:20.0488 3332  usbccgp - ok
20:23:20.0566 3332  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:23:20.0613 3332  usbcir - ok
20:23:20.0660 3332  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:23:20.0707 3332  usbehci - ok
20:23:20.0753 3332  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:23:20.0816 3332  usbhub - ok
20:23:20.0847 3332  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:23:20.0909 3332  usbohci - ok
20:23:20.0972 3332  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:23:21.0034 3332  usbprint - ok
20:23:21.0097 3332  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:23:21.0128 3332  usbscan - ok
20:23:21.0159 3332  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:23:21.0237 3332  USBSTOR - ok
20:23:21.0253 3332  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:23:21.0299 3332  usbuhci - ok
20:23:21.0331 3332  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:23:21.0393 3332  usbvideo - ok
20:23:21.0440 3332  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:23:21.0533 3332  UxSms - ok
20:23:21.0533 3332  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:23:21.0549 3332  VaultSvc - ok
20:23:21.0596 3332  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:23:21.0611 3332  vdrvroot - ok
20:23:21.0721 3332  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:23:21.0814 3332  vds - ok
20:23:21.0845 3332  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:23:21.0877 3332  vga - ok
20:23:21.0892 3332  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:23:21.0955 3332  VgaSave - ok
20:23:21.0986 3332  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:23:22.0048 3332  vhdmp - ok
20:23:22.0079 3332  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:23:22.0095 3332  viaide - ok
20:23:22.0095 3332  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:23:22.0111 3332  volmgr - ok
20:23:22.0142 3332  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:23:22.0173 3332  volmgrx - ok
20:23:22.0220 3332  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:23:22.0235 3332  volsnap - ok
20:23:22.0251 3332  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:23:22.0267 3332  vsmraid - ok
20:23:22.0345 3332  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:23:22.0485 3332  VSS - ok
20:23:22.0501 3332  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:23:22.0563 3332  vwifibus - ok
20:23:22.0579 3332  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:23:22.0641 3332  vwififlt - ok
20:23:22.0703 3332  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:23:22.0750 3332  W32Time - ok
20:23:22.0750 3332  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:23:22.0781 3332  WacomPen - ok
20:23:22.0828 3332  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:23:22.0922 3332  WANARP - ok
20:23:22.0922 3332  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:23:22.0937 3332  Wanarpv6 - ok
20:23:23.0015 3332  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:23:23.0203 3332  wbengine - ok
20:23:23.0234 3332  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:23:23.0281 3332  WbioSrvc - ok
20:23:23.0327 3332  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:23:23.0374 3332  wcncsvc - ok
20:23:23.0390 3332  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:23:23.0421 3332  WcsPlugInService - ok
20:23:23.0437 3332  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:23:23.0452 3332  Wd - ok
20:23:23.0515 3332  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:23:23.0577 3332  Wdf01000 - ok
20:23:23.0593 3332  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:23:23.0702 3332  WdiServiceHost - ok
20:23:23.0702 3332  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:23:23.0717 3332  WdiSystemHost - ok
20:23:23.0764 3332  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:23:23.0842 3332  WebClient - ok
20:23:23.0858 3332  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:23:23.0920 3332  Wecsvc - ok
20:23:23.0936 3332  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:23:23.0967 3332  wercplsupport - ok
20:23:24.0014 3332  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:23:24.0092 3332  WerSvc - ok
20:23:24.0107 3332  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:23:24.0139 3332  WfpLwf - ok
20:23:24.0139 3332  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:23:24.0154 3332  WIMMount - ok
20:23:24.0170 3332  WinDefend - ok
20:23:24.0217 3332  WinHttpAutoProxySvc - ok
20:23:24.0310 3332  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:23:24.0373 3332  Winmgmt - ok
20:23:24.0560 3332  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:23:24.0638 3332  WinRM - ok
20:23:24.0685 3332  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:23:24.0685 3332  WinUsb - ok
20:23:24.0731 3332  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:23:24.0809 3332  Wlansvc - ok
20:23:24.0825 3332  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:23:24.0841 3332  WmiAcpi - ok
20:23:24.0872 3332  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:23:24.0903 3332  wmiApSrv - ok
20:23:24.0934 3332  WMPNetworkSvc - ok
20:23:24.0950 3332  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:23:24.0981 3332  WPCSvc - ok
20:23:25.0012 3332  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:23:25.0043 3332  WPDBusEnum - ok
20:23:25.0059 3332  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:23:25.0090 3332  ws2ifsl - ok
20:23:25.0121 3332  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:23:25.0121 3332  wscsvc - ok
20:23:25.0137 3332  WSearch - ok
20:23:25.0231 3332  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:23:25.0324 3332  wuauserv - ok
20:23:25.0355 3332  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:23:25.0418 3332  WudfPf - ok
20:23:25.0496 3332  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:23:25.0543 3332  WUDFRd - ok
20:23:25.0589 3332  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:23:25.0636 3332  wudfsvc - ok
20:23:25.0683 3332  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:23:25.0777 3332  WwanSvc - ok
20:23:25.0792 3332  ================ Scan global ===============================
20:23:25.0808 3332  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:23:25.0855 3332  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:23:25.0855 3332  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:23:25.0886 3332  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:23:25.0917 3332  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:23:25.0933 3332  [Global] - ok
20:23:25.0933 3332  ================ Scan MBR ==================================
20:23:25.0948 3332  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:23:27.0337 3332  \Device\Harddisk0\DR0 - ok
20:23:27.0337 3332  ================ Scan VBR ==================================
20:23:27.0337 3332  [ 41BF6972494BECEDF2DFFB27AD3DA5C7 ] \Device\Harddisk0\DR0\Partition1
20:23:27.0337 3332  \Device\Harddisk0\DR0\Partition1 - ok
20:23:27.0368 3332  [ E998F012682E10F4F4F79B7AA8DE8DC4 ] \Device\Harddisk0\DR0\Partition2
20:23:27.0368 3332  \Device\Harddisk0\DR0\Partition2 - ok
20:23:27.0368 3332  ============================================================
20:23:27.0368 3332  Scan finished
20:23:27.0368 3332  ============================================================
20:23:27.0383 0428  Detected object count: 3
20:23:27.0383 0428  Actual detected object count: 3
20:25:44.0788 0428  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:44.0788 0428  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:25:44.0804 0428  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:44.0804 0428  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:25:44.0804 0428  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:25:44.0804 0428  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Laut dem Scan gab es 3 Funde.

Alt 08.07.2013, 19:30   #10
markusg
/// Malware-holic
 
security essentials meldet Maleware - Standard

security essentials meldet Maleware



Hi,
sind ungefährlich.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.07.2013, 19:44   #11
King pin
 
security essentials meldet Maleware - Standard

security essentials meldet Maleware



Alles so gemacht wie beschrieben.

Hier das Log:

Code:
ATTFilter
ComboFix 13-07-08.04 - Annegret 08.07.2013  20:34:24.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6126.4546 [GMT 2:00]
ausgeführt von:: c:\users\Annegret\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1373248220.bdinstall.bin
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-08 bis 2013-07-08  ))))))))))))))))))))))))))))))
.
.
2013-07-08 18:39 . 2013-07-08 18:39    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-08 18:16 . 2013-07-08 18:16    76232    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06B09505-2245-4883-A02F-EE3788B52514}\offreg.dll
2013-07-08 07:46 . 2013-06-11 18:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06B09505-2245-4883-A02F-EE3788B52514}\mpengine.dll
2013-07-08 03:37 . 2013-07-08 07:53    --------    d-----w-    c:\program files\Waterfox
2013-07-08 03:35 . 2013-07-08 03:35    --------    d-----w-    c:\users\Annegret\AppData\Roaming\Waterfox Limited
2013-07-08 02:22 . 2013-07-08 02:22    --------    d-----w-    c:\users\Annegret\AppData\Local\Programs
2013-07-08 01:59 . 2013-07-08 01:59    --------    d-----w-    c:\programdata\BDLogging
2013-07-08 01:54 . 2013-07-08 01:54    --------    d-----w-    c:\users\Annegret\AppData\Roaming\Bitdefender
2013-07-08 01:52 . 2013-07-08 01:52    --------    d-----w-    c:\users\Annegret\AppData\Roaming\QuickScan
2013-07-08 01:51 . 2013-07-08 02:04    --------    d-----w-    c:\programdata\Bitdefender
2013-07-08 01:51 . 2013-07-08 01:51    --------    d-----w-    c:\program files\Bitdefender
2013-07-08 01:49 . 2013-07-08 01:51    --------    d-----w-    c:\program files\Common Files\Bitdefender
2013-07-08 01:49 . 2013-07-08 01:49    --------    d-----w-    c:\program files (x86)\Common Files\Bitdefender
2013-07-04 18:32 . 2013-06-19 03:02    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{259873B1-0068-414D-92B7-0A53A6A20CA0}\gapaengine.dll
2013-07-04 18:27 . 2013-07-08 07:40    --------    d-----w-    c:\program files (x86)\Microsoft Security Client
2013-07-04 18:27 . 2013-07-08 07:40    --------    d-----w-    c:\program files\Microsoft Security Client
2013-07-04 15:33 . 2012-08-24 18:13    154480    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-07-04 15:33 . 2012-08-24 18:09    458712    ----a-w-    c:\windows\system32\drivers\cng.sys
2013-07-04 15:33 . 2012-08-24 18:05    340992    ----a-w-    c:\windows\system32\schannel.dll
2013-07-04 15:33 . 2012-08-24 18:03    1448448    ----a-w-    c:\windows\system32\lsasrv.dll
2013-07-04 15:33 . 2012-08-24 16:57    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
2013-07-04 15:33 . 2012-08-24 16:57    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2013-07-04 15:33 . 2012-08-24 16:53    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2013-07-02 14:18 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{242B95B6-9368-493C-BCF5-54D5FDCD0E2E}\mpengine.dll
2013-07-02 14:18 . 2013-04-17 07:02    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2013-07-02 14:18 . 2013-04-17 06:24    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2013-07-02 14:11 . 2013-07-08 07:40    --------    d-----w-    c:\program files (x86)\LyricsWoofer
2013-06-27 09:41 . 2013-06-27 09:41    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-12 15:51 . 2013-05-08 06:39    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 18:05 . 2011-06-06 13:40    75825640    ----a-w-    c:\windows\system32\MRT.exe
2013-06-11 19:08 . 2012-04-14 16:43    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 19:08 . 2011-06-03 20:55    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 15:29 . 2011-06-03 17:30    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-20 09:13 . 2013-04-20 09:13    163504    ----a-w-    c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-16 15:13    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 15:13    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 15:13    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 15:13    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 15:13    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 15:13    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 21:18    1656680    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 15:13    265064    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 15:13    983400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 15:13    3153920    ----a-w-    c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{73F8F433-14C8-48AA-8412-54BC6F8D3FA3}]
2013-06-25 08:14    185856    ----a-w-    c:\program files (x86)\LyricsWoofer\116.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 98304]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 ccdglsvc;ccdglsvc; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 46150914
*Deregistered* - 46150914
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 19:08]
.
2013-07-08 c:\windows\Tasks\LyricsWoofer Update.job
- c:\program files (x86)\LyricsWoofer\LyricsWooferUPD.exe [2013-06-25 08:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Annegret\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Annegret\AppData\Roaming\Mozilla\Firefox\Profiles\02u9231j.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-07-08 09:40; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: 2013-07-08 09:56; langpack-de@firefox.mozilla.org; c:\users\Annegret\AppData\Roaming\Mozilla\Firefox\Profiles\02u9231j.default\extensions\langpack-de@firefox.mozilla.org.xpi
FF - ExtSQL: 2013-07-08 09:59; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Annegret\AppData\Roaming\Mozilla\Firefox\Profiles\02u9231j.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-08  20:40:50
ComboFix-quarantined-files.txt  2013-07-08 18:40
.
Vor Suchlauf: 13 Verzeichnis(se), 364.224.929.792 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 363.703.369.728 Bytes frei
.
- - End Of File - - CA6DF285D38BA0AA70E8EFE3A57B53FA
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 08.07.2013, 20:23   #12
markusg
/// Malware-holic
 
security essentials meldet Maleware - Standard

security essentials meldet Maleware



Hi
wie sieht es nach Neustart aus, funktioniert Malwarebytes wieder?
falls ja, Scanlogs mit Funden posten, updaten, Vollständigen Scan ausführen, Funde löschen, Log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.07.2013, 09:38   #13
King pin
 
security essentials meldet Maleware - Standard

security essentials meldet Maleware



Nach dem Neustart scheint das System schneller hochzufahren.
Mban geht wieder doch es gibt kein Log in dem etwas von einer Infektion steht.

Hab einen Kompletten Scan gemacht:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.09.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
PC :: XXXXXXX-PC [Administrator]

09.07.2013 09:04:23
mbam-log-2013-07-09 (09-04-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 457950
Laufzeit: 1 Stunde(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         





Hab die von Microsoft Security Essentials bemeckerte .dll Datei mal bei virustotal scannen lassen.
Zitat:
https://www.virustotal.com/de/file/d45cda86ad1b8e5fc83fa24f603703c047372c3b701552845f21fb057978ab4e/analysis/1373359297/

Geändert von King pin (09.07.2013 um 09:51 Uhr)

Alt 09.07.2013, 10:39   #14
markusg
/// Malware-holic
 
security essentials meldet Maleware - Standard

security essentials meldet Maleware



Hi,
Immer mit der Ruhe, wir kommen dazu schon noch :-)

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.07.2013, 11:22   #15
King pin
 
security essentials meldet Maleware - Standard

security essentials meldet Maleware



Hier das Log:

Code:
ATTFilter
Acer Crystal Eye Webcam    CyberLink Corp.    26.03.2011    33,0MB    1.0.1216    Notwendig (bereits bei kauf installiert)
Acer ePower Management    Acer Incorporated    10.12.2010        6.00.3000  Unbekannt ob notwendig  (bereits bei kauf installiert)
Acer eRecovery Management    Acer Incorporated    10.12.2010        5.00.3002  Unbekannt ob notwendig(bereits bei kauf installiert)
Acer GameZone Console    Oberon Media, Inc.    10.12.2010    31,0MB    6.1.0.9  Unbekannt ob notwendig (bereits bei kauf installiert)
Acer Registration    Acer Incorporated    26.03.2011        1.03.3003  Unbekannt ob notwendig (bereits bei kauf installiert)
Acer Updater    Acer Incorporated    10.12.2010        1.02.3001 Unbekannt ob notwendig (bereits bei kauf installiert)
Adobe AIR    Adobe Systems Incorporated    04.02.2012        3.1.0.4880   Notwendig
Adobe Flash Player 11 ActiveX    Adobe Systems Incorporated    11.06.2013    6,00MB    11.7.700.224  Notwendig
Adobe Flash Player 11 Plugin    Adobe Systems Incorporated    11.06.2013    6,00MB    11.7.700.224   Notwendig
Adobe Reader 9.1 MUI    Adobe Systems Incorporated    10.12.2010    650MB    9.1.0   Notwendig
Adobe Shockwave Player 11.6    Adobe Systems, Inc.    31.05.2012        11.6.5.635  Notwendig
Airline Tycoon - Deluxe    Spellbound Entertainment AG    26.04.2012        Notwendig(Spiel)
Airline Tycoon 2 v1.01    Kalypso Media    18.04.2012           Notwendig(Spiel)
Anno 1701    Sunflowers    26.08.2012        1.02     Notwendig (spiel)
Apple Application Support    Apple Inc.    27.12.2012    64,9MB    2.3  Notwendig
Apple Software Update    Apple Inc.    07.03.2013    2,38MB    2.1.3.127 Notwendig
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver    Atheros Communications Inc.    10.12.2010        1.0.0.36  Notwendig
ATI Catalyst Install Manager    ATI Technologies, Inc.    26.03.2011    22,4MB    3.0.795.0  Notwendig
CCleaner    Piriform    19.02.2013        3.28   Notwendig
Die Sims™ 3    Electronic Arts    13.09.2011        1.24.3   Notwendig(Spiel)
Die Sims™ 3 Late Night    Electronic Arts    13.09.2011        6.5.1  Notwendig(Spiel)
Die Sims™ 3 Reiseabenteuer    Electronic Arts    01.09.2011        2.0.86  Notwendig(Spiel)
DivX-Setup    DivX, LLC    01.03.2013        2.6.1.24    Notwendig
Fallout 3    Bethesda Softworks    08.03.2012        1.00.0000  Notwendig
Fallout 3 - The Garden of Eden Creation Kit    Bethesda Softworks    12.03.2012  Notwendig        1.00.0000
Free YouTube to MP3 Converter version 3.10.11.923    DVDVideoSoft Ltd.    06.11.2011    42,3MB    Notwendig    
HP Customer Participation Program 14.0    HP    11.06.2011        14.0  Notwendig
HP Imaging Device Functions 14.0    HP    11.06.2011        14.0  Notwendig
HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6    HP    14.12.2011        14.0  Notwendig
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7    HP    11.06.2011        14.0  Notwendig
HP Smart Web Printing 4.60    HP    11.06.2011        4.60   UNNotwendig
HP Solution Center 14.0    HP    11.06.2011        14.0  Notwendig
HP Update    Hewlett-Packard    11.06.2011    2,97MB    5.002.002.002 Notwendig
ICQ 7.6 Build #5618 Banner Remover 1.0    murb.com    27.09.2011    2,77MB    Notwendig
ICQ7.5    ICQ    06.06.2011        7.5 Notwendig
Intel(R) Management Engine Components    Intel Corporation    08.07.2013        7.0.0.1144 Notwendig
IrfanView (remove only)    Irfan Skiljan    11.06.2011    1,50MB    4.28 Notwendig
Java(TM) 6 Update 26    Oracle    03.06.2011    97,0MB    6.0.260 Notwendig
Java(TM) 7 Update 4 (64-bit)    Oracle    31.05.2012    95,0MB    7.0.40  Notwendig
Launch Manager    Acer Inc.    26.03.2011        5.0.3    Notwendig
Lexware Info Service    Haufe-Lexware GmbH & Co.KG    08.09.2012    15,8MB    2.80.00.0007 Notwendig
LyricsWoofer    Lyrics Woofer LTD    02.07.2013        Unbekannt
Malwarebytes Anti-Malware Version 1.75.0.1300    Malwarebytes Corporation    09.07.2013    19,2MB    1.75.0.1300  Notwendig
Microsoft .NET Framework 4 Client Profile    Microsoft Corporation    06.06.2011    38,8MB    4.0.30319  Notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack    Microsoft Corporation    06.06.2011    2,93MB    4.0.30319  Notwendig
Microsoft Games for Windows - LIVE Redistributable    Microsoft Corporation    08.03.2012    32,5MB     2.0.673.0  Unnötig
Microsoft Office Enterprise 2007    Microsoft Corporation    04.02.2012        12.0.6612.1000 Notwendig
Microsoft Office Live Add-in 1.5    Microsoft Corporation    30.05.2012    508KB    2.0.4024.1   unNotwendig
Microsoft Security Essentials    Microsoft Corporation    04.07.2013        4.2.223.1      unNotwendig
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    15.10.2011    300KB    8.0.59193     Notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148    Microsoft Corporation    03.06.2011    784KB    9.0.30729.4148  Notwendig
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161    Microsoft Corporation    15.10.2011    788KB    9.0.30729.6161  Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17    Microsoft Corporation    10.12.2010    596KB    9.0.30729  Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    03.06.2011    592KB    9.0.30729.4148  Notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    15.10.2011    600KB    9.0.30729.6161  Notwendig
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219    Microsoft Corporation    15.10.2011    13,8MB    10.0.40219  Notwendig
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    15.10.2011    15,0MB    10.0.40219   Notwendig
Microsoft WSE 3.0 Runtime    Microsoft Corp.    01.09.2011    942KB    3.0.5305.0  v  Notwendig
MSXML 4.0 SP2 (KB954430)    Microsoft Corporation    13.07.2011    1,27MB    4.20.9870.0  Notwendig
MSXML 4.0 SP2 (KB973688)    Microsoft Corporation    14.07.2011    1,33MB    4.20.9876.0  Notwendig
NVIDIA PhysX    NVIDIA Corporation    12.02.2012    119MB    9.09.0203  Notwendig
PDF24 Creator 3.7.0    PDF24.org    23.10.2011    33,4MB      Notwendig
QuickTime    Apple Inc.    07.03.2013    73,1MB    7.73.80.64  Notwendig
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    26.03.2011        6.0.1.6254  Notwendig
Realtek USB 2.0 Card Reader    Realtek Semiconductor Corp.    10.12.2010        6.1.7600.30123  Notwendig
Renesas Electronics USB 3.0 Host Controller Driver    Renesas Electronics Corporation    26.03.2011    1,00MB    2.0.26.0  Notwendig
Risen    Deep Silver    12.02.2012        1.00.0000   Notwendig
Skype™ 5.10    Skype Technologies S.A.    08.09.2012    19,4MB    5.10.116  Notwendig
TAXMAN 2012    Haufe-Lexware GmbH & Co.KG    28.05.2013    629MB    18.09.00.0004  Notwendig
Torchlight    JoWooD    17.05.2012    455MB    1.15  Notwendig
Vectorworks 2011 Hilfe    UNKNOWN    10.09.2011        1.1  Notwendig
Waterfox    Waterfox Limited    08.07.2013    84,7MB    18.0.1
WEKA VOB-Musterbriefe und -Formulare Stand 10.10    WEKA    07.01.2012        Stand 10.10  Notwendig
Winamp    Nullsoft, Inc    03.06.2011        5.61   Notwendig
Winamp Erkennungs-Plug-in    Nullsoft, Inc    03.06.2011    75,0KB    1.0.0.1  Notwendig 
Windows Live Mesh ActiveX control for remote connections    Microsoft Corporation    26.03.2011    5,57MB    15.4.5722.2  unNotwendig
WinRAR 4.01 (64-Bit)    win.rar GmbH    11.09.2011        4.01.0  Notwendig
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0    Intel    26.03.2011    27,5MB    2.0.82.0  Notwendig
         
Ich hatte in einem anderen Post von dir bereits Adobe nach deinen Vorgaben geändert.
CCleaner zeigt dieses Lyrics Woofer auch in Autostart, dem Internetexplorer und den geplannten Aufgaben an.
ich hab sie alle erstmal deaktiviert.

Laut erstelldatum im Lyricyordner existiert dieses Programm seit dem 16.6.13
Ich kann es nur keinem Sinn zuordnen. CCleaner zeigt den 2.7 an weil ich vor der Threaderstellunbg eine Systemwiederherstellung gemacht hatte.
Da aus irgendeinem Grund mein CAD Programm nicht mehr funktionierte.

Edit:

Java läst sich auch nicht aktualisiern darum ist es deaktiviert im Browser

Antwort

Themen zu security essentials meldet Maleware
.dll, adobe, bho, converter, explorer, fehlermeldung, firefox, flash player, format, helper, home, launch, logfile, maleware, mp3, plug-in, programm, programme, realtek, registry, rundll, scan, security, software, temp, usb, windows



Ähnliche Themen: security essentials meldet Maleware


  1. Microsoft Security Essentials Einstellungen
    Antiviren-, Firewall- und andere Schutzprogramme - 07.04.2014 (12)
  2. Microsoft Security Essentials meldet Fund: C:\Users\Eric\AppData\Local\lollipop\ und Browser zeigt: feed.helperbar.com
    Log-Analyse und Auswertung - 09.02.2014 (7)
  3. Microsoft Security Essentials
    Antiviren-, Firewall- und andere Schutzprogramme - 06.01.2014 (4)
  4. Spyhunter 4, Maleware oder Maleware Security Suite?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (5)
  5. AV Security Essentials entfernen
    Anleitungen, FAQs & Links - 05.02.2012 (2)
  6. Microsoft Security Essentials
    Antiviren-, Firewall- und andere Schutzprogramme - 03.11.2011 (1)
  7. Microsoft Security Essentials + Threatfire
    Antiviren-, Firewall- und andere Schutzprogramme - 22.10.2011 (2)
  8. Microsoft Security Essentials - Befall
    Log-Analyse und Auswertung - 05.06.2011 (3)
  9. Microsoft Security Essentials Alert
    Plagegeister aller Art und deren Bekämpfung - 03.03.2011 (16)
  10. Microsoft Security Essentials
    Antiviren-, Firewall- und andere Schutzprogramme - 05.02.2011 (76)
  11. Security Essentials 2011 entfernen
    Anleitungen, FAQs & Links - 08.11.2010 (2)
  12. Microsoft Security Essentials Alert
    Plagegeister aller Art und deren Bekämpfung - 15.10.2010 (9)
  13. Security Essentials für Kleinunternehmen erhältlich
    Nachrichten - 09.10.2010 (0)
  14. Security Essentials Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.09.2010 (1)
  15. Betaversion von Microsoft Security Essentials 2
    Nachrichten - 24.07.2010 (0)
  16. security essentials 2010 entfernen
    Plagegeister aller Art und deren Bekämpfung - 31.05.2010 (2)
  17. Security Essentials 2010 entfernen
    Anleitungen, FAQs & Links - 18.02.2010 (2)

Zum Thema security essentials meldet Maleware - Hallo Forumuser, Ich hatte heut vom security essentials vermutlich nur eine Fehlmeldung. Möchte dennoch auf Nummer Sicher gehen und euch um Hilfe bitten. Die Fehlermeldung kam aus dem Ordner C:\Program - security essentials meldet Maleware...
Archiv
Du betrachtest: security essentials meldet Maleware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.