Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Crypt.TPM.Gen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.01.2013, 13:11   #1
sgp41
 
TR/Crypt.TPM.Gen - Standard

TR/Crypt.TPM.Gen



Hallo zusammen,
mein Antivir meldete mir gerade den Trojaner TR/Crypt.TPM.Gen und hat ihn in Quarantäne verschoben. Bin nach Eurer Anweisung vorgegangen und habe als erstes defogger geladen und den Rechner gescannt.
Als nächsten Schritt nun OTL runter geladen und quick scan ausgeführt.
Folgend OTL.Text und Extras.Text:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.01.2013 12:40:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 3,54 Gb Available Physical Memory | 59,21% Memory free
11,96 Gb Paging File | 9,38 Gb Available in Paging File | 78,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,40 Gb Total Space | 362,69 Gb Free Space | 79,64% Space Free | Partition Type: NTFS
Drive D: | 1,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***-VAIO | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.03 12:40:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2013.01.03 12:35:26 | 000,711,240 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\is-31L95.tmp\mbam-setup.tmp
PRC - [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.10.27 14:45:39 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
PRC - [2012.08.13 19:32:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.08.13 14:20:06 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012.06.06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 14:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.10.14 18:18:43 | 000,854,040 | ---- | M] (hxxp://izloader.com/) -- C:\Program Files (x86)\Easy Downloads\easydownloads.exe
PRC - [2010.05.14 13:29:50 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010.04.30 12:56:04 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2010.04.30 12:55:54 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2010.04.12 17:03:44 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe
PRC - [2010.03.18 07:56:06 | 000,852,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2010.03.02 15:22:44 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010.02.24 13:59:08 | 000,422,768 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
PRC - [2010.02.24 13:59:08 | 000,108,400 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
PRC - [2010.02.24 13:59:08 | 000,099,696 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
PRC - [2010.02.19 18:19:26 | 000,386,416 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
PRC - [2010.02.19 18:19:24 | 000,529,776 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2010.01.21 19:31:32 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.15 12:40:22 | 000,316,784 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2009.11.20 23:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.11.20 23:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.03 12:35:26 | 000,711,240 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\is-31L95.tmp\mbam-setup.tmp
MOD - [2013.01.03 03:36:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2013.01.03 03:32:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2013.01.03 03:31:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2013.01.03 03:31:33 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2013.01.03 03:31:26 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2013.01.03 03:31:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2013.01.03 03:31:18 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2013.01.03 03:31:01 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.12.05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
MOD - [2012.12.05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012.12.05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012.12.05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012.12.05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012.12.05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012.12.05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2010.12.21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.02 20:03:42 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.27 22:41:22 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.13 09:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.05.14 13:29:50 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.04.30 12:55:54 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010.04.12 17:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService)
SRV - [2010.04.08 13:27:18 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.18 07:56:06 | 000,852,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.03.12 16:15:40 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.02.24 13:59:08 | 000,422,768 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010.02.24 13:59:08 | 000,108,400 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010.02.24 13:59:08 | 000,067,952 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010.02.19 18:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010.02.19 18:19:26 | 000,386,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2010.02.19 18:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2010.02.08 09:46:46 | 000,302,448 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe -- (SpfService)
SRV - [2010.01.20 14:10:10 | 000,574,320 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.25 03:49:14 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.11.25 03:49:04 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.11.20 23:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.09.21 15:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009.09.21 15:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 14:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.05 07:59:22 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.05 16:27:22 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVicHW32.sys -- (TVICHW32)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.08.16 20:21:27 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.03.20 11:06:18 | 002,203,136 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.03.19 11:03:49 | 000,093,184 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010.03.19 11:03:46 | 000,077,312 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2010.03.18 21:47:39 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.03.18 21:47:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.03.18 21:47:38 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.03.18 21:47:37 | 000,334,888 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.03.18 21:47:03 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.03.18 10:16:10 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.03.17 21:02:57 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010.03.03 23:56:59 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.11 20:19:26 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.11.20 23:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.10.20 16:02:25 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.09.15 11:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.05 22:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007.04.17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2011.01.05 16:27:22 | 000,029,536 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TVicHW32.sys -- (TVICHW32)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.07.24 10:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100842&mntrId=8691acc5000000000000002314b8cced
IE - HKCU\..\SearchScopes\{5A6C85CE-58F0-49BD-884E-41EECB7E6E47}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=af1ee370-c1f9-4989-ac19-6c1ec3ebdb77&apn_sauid=5ACE7A80-4303-479A-8758-F7293EA7A550
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SVED_deDE388DE388
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={80C4041B-6D14-472E-996C-A3FF69AFB153}&mid=cf2b51753b0d47d0b033850b0fbb1e2d-94a4d02c730b86f7d5c2b478d817a6b75e2523bf&lang=de&ds=od011&pr=sa&d=2012-09-30 17:23:11&v=12.1.0.20&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A67C1857-CB98-4061-B6DF-2525ECA01527}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKCU\..\SearchScopes\{B46FC204-4117-411A-9566-0E05E5D7594B}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKCU\..\SearchScopes\{B82039A1-06D6-4AAA-BCE5-D44208C4EF2A}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: engine%40plasmoo.com:1.0.0.32
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.1.9
FF - prefs.js..extensions.enabledAddons: gutscheinmieze%40synatix-gmbh.de:1.03
FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.16.0.100
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.4.100013
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=af1ee370-c1f9-4989-ac19-6c1ec3ebdb77&apn_ptnrs=^AAA&apn_sauid=5ACE7A80-4303-479A-8758-F7293EA7A550&apn_dtid=^YYYYYY^YY^DE&&q="
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
 
[2010.07.15 20:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.01.01 03:56:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions
[2013.01.01 03:56:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.05.13 17:43:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\engine@conduit.com
[2011.05.11 19:18:18 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\engine@plasmoo.com
[2011.10.14 18:18:48 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\ffxtlbr@babylon.com
[2011.05.06 21:14:42 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\gutscheinmieze@synatix-gmbh.de
[2012.06.20 22:50:26 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\toolbar@ask.com
[2010.09.16 20:26:27 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\vshare@toolbar
[2013.01.02 20:03:41 | 000,002,404 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e3qmgbf3.default\searchplugins\askcom.xml
[2010.07.15 21:09:30 | 000,000,873 | ---- | M] () -- C:\Users\Siebert\AppData\Roaming\mozilla\firefox\profiles\e3qmgbf3.default\searchplugins\conduit.xml
[2011.04.28 18:42:58 | 000,001,975 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\e3qmgbf3.default\searchplugins\plasmoo.xml
[2012.02.11 18:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.27 22:41:22 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2012.06.19 21:11:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.30 16:23:07 | 000,003,752 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.10.14 18:18:45 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.10.03 23:33:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.19 21:11:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.06 21:14:42 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2012.06.19 21:11:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 21:11:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 21:11:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: https://isearch.avg.com/?cid={80C4041B-6D14-472E-996C-A3FF69AFB153}&mid=cf2b51753b0d47d0b033850b0fbb1e2d-94a4d02c730b86f7d5c2b478d817a6b75e2523bf&lang=de&ds=od011&pr=sa&d=2012-09-30 17:23:11&v=12.1.0.20&sap=hp
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = https://isearch.avg.com/search?cid={80C4041B-6D14-472E-996C-A3FF69AFB153}&mid=cf2b51753b0d47d0b033850b0fbb1e2d-94a4d02c730b86f7d5c2b478d817a6b75e2523bf&lang=de&ds=od011&pr=sa&d=2012-09-30 17:23:11&v=12.1.0.20&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: https://isearch.avg.com/?cid={80C4041B-6D14-472E-996C-A3FF69AFB153}&mid=cf2b51753b0d47d0b033850b0fbb1e2d-94a4d02c730b86f7d5c2b478d817a6b75e2523bf&lang=de&ds=od011&pr=sa&d=2012-09-30 17:23:11&v=12.1.0.20&sap=hp
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\***\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\***\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EasyDownloads] C:\Program Files (x86)\Easy Downloads\easydownloads.exe (hxxp://izloader.com/)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKCU..\Run: [Facebook Update] C:\Users\***\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_E90BCE67979467FA0DC07BE0C508D3DF] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [Regedit32] C:\Windows\system32\regedit.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00A5F9A2-0BDE-4838-AC0E-24094A8A01E4}: NameServer = 212.23.97.2 212.23.97.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7778BCE7-2A10-4702-9287-4D6B9F0A21F5}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB9F53EC-CA10-40D8-B7C0-543D3FA66BF5}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.07.23 15:24:03 | 000,000,131 | RH-- | M] () - D:\autorun.bat -- [ CDFS ]
O32 - AutoRun File - [2012.07.23 15:24:03 | 000,000,063 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0f503dac-56c7-11e0-a8df-5442495ff7de}\Shell - "" = AutoRun
O33 - MountPoints2\{0f503dac-56c7-11e0-a8df-5442495ff7de}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{31f65abd-8092-11e0-88b3-5442495ff7de}\Shell - "" = AutoRun
O33 - MountPoints2\{31f65abd-8092-11e0-88b3-5442495ff7de}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{31f65ac1-8092-11e0-88b3-5442495ff7de}\Shell - "" = AutoRun
O33 - MountPoints2\{31f65ac1-8092-11e0-88b3-5442495ff7de}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{52fd6418-ab77-11df-9863-5442495ff7de}\Shell - "" = AutoRun
O33 - MountPoints2\{52fd6418-ab77-11df-9863-5442495ff7de}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{52fd6429-ab77-11df-9863-5442495ff7de}\Shell - "" = AutoRun
O33 - MountPoints2\{52fd6429-ab77-11df-9863-5442495ff7de}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{97d3410b-a96a-11df-9a71-5442495ff7de}\Shell - "" = AutoRun
O33 - MountPoints2\{97d3410b-a96a-11df-9a71-5442495ff7de}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{97d34111-a96a-11df-9a71-5442495ff7de}\Shell - "" = AutoRun
O33 - MountPoints2\{97d34111-a96a-11df-9a71-5442495ff7de}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{d6ea8ffc-8d2f-11df-a9f9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d6ea8ffc-8d2f-11df-a9f9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.bat -- [2012.07.23 15:24:03 | 000,000,131 | RH-- | M] ()
O33 - MountPoints2\{dc22ce69-4b20-11e0-9872-5442495ff7de}\Shell - "" = AutoRun
O33 - MountPoints2\{dc22ce69-4b20-11e0-9872-5442495ff7de}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.01 17:37:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\.elfohilfe
[2012.12.30 19:04:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.12.30 19:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.12.30 19:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.12.30 19:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2012.12.09 15:25:02 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Gabi
[2012.12.09 15:22:34 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Internat-Juamt
[2012.12.09 01:34:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Metin2
[2012.12.09 01:30:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.12.09 01:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.09 01:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.03 12:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.03 12:30:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.03 12:25:01 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2509783427-3330760283-4264450646-1000UA.job
[2013.01.03 10:38:41 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.03 10:38:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.03 03:40:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.03 03:40:41 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.03 03:33:09 | 000,438,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.03 03:32:41 | 522,760,191 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.02 17:56:26 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2509783427-3330760283-4264450646-1000Core.job
[2013.01.01 18:03:21 | 000,159,620 | ---- | M] () -- C:\Users\***\Desktop\ESt2011_***_GABRIELE_Final_Final.elfo
[2012.12.30 19:03:34 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.12.29 16:26:58 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2012.12.28 00:12:48 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.12.26 15:49:19 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_MONTHLY.job
[2012.12.15 12:17:29 | 000,000,702 | ---- | M] () -- C:\Users\***\Desktop\Bibliotheken - Verknüpfung (2).lnk
[2012.12.10 15:45:06 | 000,056,576 | ---- | M] () -- C:\Users\***\Documents\päckchen.xps
[2012.12.09 01:30:54 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.12.07 13:06:46 | 000,019,728 | ---- | M] () -- C:\Users\Siebert\Desktop\kaffeemaschine.jpg
[2012.12.07 13:05:17 | 000,033,537 | ---- | M] () -- C:\Users\***\Desktop\Kaffeemaschine_2.jpg
[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.01 17:19:50 | 000,159,620 | ---- | C] () -- C:\Users\***\Desktop\ESt2011_***_GABRIELE_Final_Final.elfo
[2012.12.30 19:03:34 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.12.15 12:17:29 | 000,000,702 | ---- | C] () -- C:\Users\***\Desktop\Bibliotheken - Verknüpfung (2).lnk
[2012.12.10 15:44:40 | 000,056,576 | ---- | C] () -- C:\Users\***\Documents\päckchen.xps
[2012.12.07 13:10:29 | 000,033,537 | ---- | C] () -- C:\Users\***\Desktop\Kaffeemaschine_2.jpg
[2012.12.07 13:07:05 | 000,019,728 | ---- | C] () -- C:\Users\***\Desktop\kaffeemaschine.jpg
[2012.09.01 15:04:03 | 001,806,336 | ---- | C] () -- C:\Windows\SysWow64\speedtreert.dll
[2012.05.27 20:57:12 | 000,000,000 | ---- | C] () -- C:\Users\Siebert\defogger_reenable
[2011.11.13 23:37:35 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{39B99734-236D-40B7-90AC-7444B93AAD31}
[2011.10.28 17:13:00 | 000,174,756 | ---- | C] () -- C:\Users\***\Mojo verde.pdf
[2011.10.28 16:46:09 | 000,145,485 | ---- | C] () -- C:\Users\***\Aioli.pdf
[2011.10.28 16:44:18 | 000,000,839 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2011.10.28 16:29:36 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2011.05.07 12:11:58 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{8D669B6F-E7BF-47F2-88C6-D42C0A7BCD33}
[2011.05.06 21:14:56 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011.05.06 21:14:56 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011.01.23 17:56:02 | 000,000,043 | ---- | C] () -- C:\Users\***\.gtk-bookmarks
[2011.01.03 14:54:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.01 19:53:35 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.05.17 04:40:25 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
 
========== ZeroAccess Check ==========
 
[2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\L
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\U
[2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Siebert\AppData\Local\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Siebert\AppData\Local\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\L
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Siebert\AppData\Local\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\***\AppData\Local\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = \\.\globalroot\systemroot\Installer\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\n.
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.02.25 19:33:06 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2010.12.25 23:24:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.08.26 23:50:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics
[2011.10.14 18:18:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2012.09.01 15:03:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dll-files.com
[2012.09.30 11:03:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.09.30 11:02:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.30 19:04:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.04.10 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Esku
[2011.04.16 15:52:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.05.06 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Gutscheinmieze
[2012.09.30 11:01:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2011.04.10 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Qoniyc
[2012.04.30 13:01:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.08.13 23:42:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2011.05.17 16:42:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Verbindungsassistent
[2012.08.15 03:04:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XSManager
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.01.2013 12:40:38 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 3,54 Gb Available Physical Memory | 59,21% Memory free
11,96 Gb Paging File | 9,38 Gb Available in Paging File | 78,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,40 Gb Total Space | 362,69 Gb Free Space | 79,64% Space Free | Partition Type: NTFS
Drive D: | 1,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SIEBERT-VAIO | User Name: Siebert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe ()
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe ()
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1" ()
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery MergeModules x64
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{393A9268-A428-4F5A-9B20-BD753309A98E}" = Click to Disc MergeModules x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VMp MergeModule x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C37B6246-7D4A-4E5C-BFB4-11C8660BDC99}" = VAIO Movie Story MergeModules x64
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{DA57D9DF-BE05-416A-96E4-2BB4884308E7}" = MSI_SPF_x64
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"3366905E6EFF86120E12E2DB3F8F2EDC3B7F5003" = Windows-Treiberpaket - Broadcom HIDClass  (09/11/2009 6.3.0.1500)
"C3D0C7A1290AAA6A45D0D0422262CE3370E27BE5" = Windows-Treiberpaket - Broadcom Corporation (BTHUSB) Bluetooth  (02/12/2010 6.3.0.3820)
"CCleaner" = CCleaner
"D9022850BCF278EAFBF9EDC8741DC09A1AE20B6B" = Windows-Treiberpaket - Broadcom Corporation (BTHUSB) Bluetooth  (02/28/2010 6.3.0.3850)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play mit PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21D1464A-1C54-451E-B780-3ECB3DF8BD4E}" = VAIO Content Monitoring Settings
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Einstellungen für VAIO-Inhaltsüberwachung
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BDD5DFD-9F1F-4754-8BEB-A780D49E8C73}" = Sony Home Network Library
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44E0DB64-566D-4126-82E6-206B4D76E902}" = VAIO Original Function Settings
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{641DD10E-47E0-4A1D-B858-EF507F948C50}" = VAIO Hardware Diagnostics
"{65B138AE-F636-4D4C-BA5D-A06E21E47C53}" = Remote-Tastatur mit PlayStation 3
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D320CE8-79EB-4D45-8C6D-DEF74D84B49A}" = VAIO Window Organizer
"{6D423AE8-0E7D-4703-8EF7-500C5D36FD7F}" = Sony Home Network Library
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7D556460-6E5A-4C53-BCDD-7A7EAEBC169A}" = VAIO Entertainment Platform
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{84FFB317-A08A-4AEE-95EA-7FBA69A3F924}" = VAIO Entertainment Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{98F2FA0E-923A-48C2-8EC7-62BD97E38FC0}" = VAIO Data Restore Tool
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C416CBB4-00BA-4E78-878A-590C5FD4A7A1}" = VAIO Media plus
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C8A09003-7FAB-4D48-99DD-DC2A734EC9FA}" = Remote Play with PlayStation 3
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EFBA1469-E0DA-4825-96AB-12B2988E9A28}" = Media Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Dll-Files.com Fixer_is1" = Dll-Files.com Fixer
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ElsterFormular" = ElsterFormular
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Google Chrome" = Google Chrome
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"IpodConverter_is1" = IpodConverter 1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Metin2_is1" = Metin2
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 1.1.9
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"XSManager" = XSManager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.01.2013 22:29:17 | Computer Name = ***-VAIO | Source = WinMgmt | ID = 5604
Description = 
 
Error - 02.01.2013 22:29:43 | Computer Name = ***-VAIO | Source = WinMgmt | ID = 28
Description = 
 
Error - 02.01.2013 22:29:52 | Computer Name = ***-VAIO | Source = WinMgmt | ID = 28
Description = 
 
Error - 02.01.2013 22:33:15 | Computer Name = ***-VAIO | Source = WinMgmt | ID = 28
Description = 
 
Error - 03.01.2013 06:44:07 | Computer Name = ***-VAIO | Source = ESENT | ID = 490
Description = Windows (1160) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 03.01.2013 06:44:07 | Computer Name = ***-VAIO | Source = ESENT | ID = 439
Description = Windows (1160) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
 konnte nicht geschrieben werden. Fehler -1032.
 
Error - 03.01.2013 07:14:11 | Computer Name = ***-VAIO | Source = ESENT | ID = 490
Description = Windows (1160) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 03.01.2013 07:14:11 | Computer Name = ***-VAIO | Source = ESENT | ID = 439
Description = Windows (1160) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
 konnte nicht geschrieben werden. Fehler -1032.
 
Error - 03.01.2013 07:14:34 | Computer Name = ***-VAIO | Source = ESENT | ID = 490
Description = Windows (1160) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 03.01.2013 07:14:34 | Computer Name = ***-VAIO | Source = ESENT | ID = 439
Description = Windows (1160) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
 konnte nicht geschrieben werden. Fehler -1032.
 
[ Media Center Events ]
Error - 24.11.2012 18:38:54 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 23:38:53 - Fehler beim Herstellen der Internetverbindung.  23:38:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.11.2012 19:38:59 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 00:38:58 - Fehler beim Herstellen der Internetverbindung.  00:38:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 01.01.2013 12:24:43 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 17:24:43 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 01.01.2013 12:24:46 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 17:24:45 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 01.01.2013 12:24:47 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 17:24:47 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 01.01.2013 12:24:48 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 17:24:48 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 01.01.2013 13:24:56 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 18:24:56 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 01.01.2013 13:24:59 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 18:24:58 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 01.01.2013 13:25:00 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 18:24:59 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 01.01.2013 13:25:02 | Computer Name = ***-VAIO | Source = MCUpdate | ID = 0
Description = 18:25:00 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
[ System Events ]
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0826 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2750841)
 
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2758857)
 
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2770660)
 
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0826 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer
 9 für Windows 7 für x64-Systeme (KB2761465)
 
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 3.5.1 unter Windows 7 und Windows Server 2008 R2 SP1 für x64-basierte Systeme (KB2729452)
 
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2753842)
 
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0826 fehlgeschlagen: Update für Benutzermodus-Treiberframework Version
 1.11 für Windows 7 für x64-basierte Systeme (KB2685813)
 
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0826 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2727528)
 
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0826 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2762895)
 
Error - 02.01.2013 22:36:33 | Computer Name = ***-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x800f0826 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2761217)
 
 
< End of report >
         
--- --- ---

War das soweit richtig oder hätte ich die beiden Text Dateien irgendwie komprimieren müssen?
Bitte um Hilfe, wie ich nun weiter verfahren muß.
Vielen herzlichen Dank und viele Grüße
SGP41

Geändert von sgp41 (03.01.2013 um 13:58 Uhr)

Alt 03.01.2013, 13:23   #2
Larusso
/// Selecta Jahrusso
 
TR/Crypt.TPM.Gen - Standard

TR/Crypt.TPM.Gen





Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.
Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________

__________________

Alt 03.01.2013, 14:06   #3
sgp41
 
TR/Crypt.TPM.Gen - Standard

TR/Crypt.TPM.Gen



Hallo Daniel,
vielen Dank für die schnelle Nachricht. Habe den TDSSRKiller runtergeladen und gescannt, aber ohne Ergebnis.
Hier der LOGFILE:

14:01:29.0622 10064 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:01:29.0806 10064 ============================================================
14:01:29.0806 10064 Current date / time: 2013/01/03 14:01:29.0806
14:01:29.0806 10064 SystemInfo:
14:01:29.0806 10064
14:01:29.0806 10064 OS Version: 6.1.7601 ServicePack: 1.0
14:01:29.0806 10064 Product type: Workstation
14:01:29.0807 10064 ComputerName: SIEBERT-VAIO
14:01:29.0807 10064 UserName: Siebert
14:01:29.0807 10064 Windows directory: C:\Windows
14:01:29.0807 10064 System windows directory: C:\Windows
14:01:29.0807 10064 Running under WOW64
14:01:29.0807 10064 Processor architecture: Intel x64
14:01:29.0807 10064 Number of processors: 8
14:01:29.0807 10064 Page size: 0x1000
14:01:29.0807 10064 Boot type: Normal boot
14:01:29.0807 10064 ============================================================
14:01:30.0773 10064 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:01:30.0796 10064 ============================================================
14:01:30.0796 10064 \Device\Harddisk0\DR0:
14:01:30.0797 10064 MBR partitions:
14:01:30.0797 10064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1487800, BlocksNum 0x32000
14:01:30.0797 10064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14B9800, BlocksNum 0x38ECC030
14:01:30.0797 10064 ============================================================
14:01:30.0810 10064 C: <-> \Device\Harddisk0\DR0\Partition2
14:01:30.0810 10064 ============================================================
14:01:30.0810 10064 Initialize success
14:01:30.0810 10064 ============================================================
14:01:32.0827 4524 ============================================================
14:01:32.0827 4524 Scan started
14:01:32.0827 4524 Mode: Manual;
14:01:32.0827 4524 ============================================================
14:01:34.0624 4524 ================ Scan system memory ========================
14:01:34.0624 4524 System memory - ok
14:01:34.0625 4524 ================ Scan services =============================
14:01:34.0991 4524 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:01:34.0996 4524 1394ohci - ok
14:01:35.0084 4524 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:01:35.0087 4524 ACDaemon - ok
14:01:35.0122 4524 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:01:35.0131 4524 ACPI - ok
14:01:35.0162 4524 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:01:35.0163 4524 AcpiPmi - ok
14:01:35.0332 4524 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:01:35.0336 4524 AdobeFlashPlayerUpdateSvc - ok
14:01:35.0391 4524 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:01:35.0401 4524 adp94xx - ok
14:01:35.0424 4524 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:01:35.0432 4524 adpahci - ok
14:01:35.0452 4524 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:01:35.0455 4524 adpu320 - ok
14:01:35.0481 4524 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:01:35.0483 4524 AeLookupSvc - ok
14:01:35.0531 4524 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:01:35.0546 4524 AFD - ok
14:01:35.0583 4524 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:01:35.0584 4524 agp440 - ok
14:01:35.0604 4524 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:01:35.0606 4524 ALG - ok
14:01:35.0631 4524 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:01:35.0632 4524 aliide - ok
14:01:35.0644 4524 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:01:35.0645 4524 amdide - ok
14:01:35.0679 4524 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:01:35.0680 4524 AmdK8 - ok
14:01:35.0694 4524 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:01:35.0696 4524 AmdPPM - ok
14:01:35.0728 4524 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:01:35.0730 4524 amdsata - ok
14:01:35.0772 4524 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:01:35.0777 4524 amdsbs - ok
14:01:35.0794 4524 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:01:35.0795 4524 amdxata - ok
14:01:35.0875 4524 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
14:01:35.0879 4524 AntiVirSchedulerService - ok
14:01:35.0905 4524 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
14:01:35.0909 4524 AntiVirService - ok
14:01:35.0962 4524 [ 2D45F2DFBC3D8F53DF7EBEFFA8C9BC38 ] ApfiltrService C:\Windows\system32\drivers\Apfiltr.sys
14:01:35.0969 4524 ApfiltrService - ok
14:01:36.0012 4524 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:01:36.0014 4524 AppID - ok
14:01:36.0039 4524 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:01:36.0040 4524 AppIDSvc - ok
14:01:36.0079 4524 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:01:36.0081 4524 Appinfo - ok
14:01:36.0154 4524 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:01:36.0159 4524 Apple Mobile Device - ok
14:01:36.0197 4524 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
14:01:36.0198 4524 arc - ok
14:01:36.0225 4524 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:01:36.0227 4524 arcsas - ok
14:01:36.0272 4524 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
14:01:36.0273 4524 ArcSoftKsUFilter - ok
14:01:36.0311 4524 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:01:36.0312 4524 AsyncMac - ok
14:01:36.0352 4524 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:01:36.0353 4524 atapi - ok
14:01:36.0448 4524 [ 08BAAA2432E81031A6C3B11AD5A67E2B ] athr C:\Windows\system32\DRIVERS\athrx.sys
14:01:36.0515 4524 athr - ok
14:01:36.0576 4524 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:01:36.0599 4524 AudioEndpointBuilder - ok
14:01:36.0631 4524 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:01:36.0639 4524 AudioSrv - ok
14:01:36.0665 4524 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:01:36.0667 4524 avgntflt - ok
14:01:36.0700 4524 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:01:36.0702 4524 avipbb - ok
14:01:36.0715 4524 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:01:36.0716 4524 avkmgr - ok
14:01:36.0754 4524 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:01:36.0756 4524 AxInstSV - ok
14:01:36.0789 4524 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:01:36.0806 4524 b06bdrv - ok
14:01:36.0845 4524 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:01:36.0851 4524 b57nd60a - ok
14:01:36.0884 4524 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:01:36.0886 4524 BDESVC - ok
14:01:36.0902 4524 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:01:36.0918 4524 Beep - ok
14:01:36.0962 4524 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
14:01:36.0993 4524 BITS - ok
14:01:37.0018 4524 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:01:37.0019 4524 blbdrive - ok
14:01:37.0099 4524 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:01:37.0116 4524 Bonjour Service - ok
14:01:37.0158 4524 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:01:37.0160 4524 bowser - ok
14:01:37.0189 4524 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:01:37.0190 4524 BrFiltLo - ok
14:01:37.0201 4524 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:01:37.0202 4524 BrFiltUp - ok
14:01:37.0249 4524 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:01:37.0251 4524 Browser - ok
14:01:37.0283 4524 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:01:37.0287 4524 Brserid - ok
14:01:37.0305 4524 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:01:37.0306 4524 BrSerWdm - ok
14:01:37.0336 4524 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:01:37.0337 4524 BrUsbMdm - ok
14:01:37.0355 4524 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:01:37.0356 4524 BrUsbSer - ok
14:01:37.0404 4524 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
14:01:37.0405 4524 BthEnum - ok
14:01:37.0432 4524 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:01:37.0434 4524 BTHMODEM - ok
14:01:37.0458 4524 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:01:37.0460 4524 BthPan - ok
14:01:37.0500 4524 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
14:01:37.0523 4524 BTHPORT - ok
14:01:37.0560 4524 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:01:37.0562 4524 bthserv - ok
14:01:37.0592 4524 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
14:01:37.0594 4524 BTHUSB - ok
14:01:37.0634 4524 [ 71A07B6FC98030935E60EDBFFE9E9C85 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
14:01:37.0643 4524 btwampfl - ok
14:01:37.0670 4524 [ BA5622F5544C6C445DFF1A05ACC8B19D ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
14:01:37.0672 4524 btwaudio - ok
14:01:37.0697 4524 [ A11905D0F4BD34771F195217B6AA5AE0 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
14:01:37.0699 4524 btwavdt - ok
14:01:37.0763 4524 [ 1AF4ADB12E5EC25041166DA38C3B42C9 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:01:37.0797 4524 btwdins - ok
14:01:37.0813 4524 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
14:01:37.0814 4524 btwl2cap - ok
14:01:37.0837 4524 [ BD776F32D64EC615BE4563DC2747224E ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
14:01:37.0838 4524 btwrchid - ok
14:01:37.0873 4524 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:01:37.0874 4524 cdfs - ok
14:01:37.0916 4524 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
14:01:37.0918 4524 cdrom - ok
14:01:37.0964 4524 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:01:37.0965 4524 CertPropSvc - ok
14:01:37.0979 4524 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
14:01:37.0980 4524 circlass - ok
14:01:38.0019 4524 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:01:38.0029 4524 CLFS - ok
14:01:38.0098 4524 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:01:38.0100 4524 clr_optimization_v2.0.50727_32 - ok
14:01:38.0146 4524 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:01:38.0148 4524 clr_optimization_v2.0.50727_64 - ok
14:01:38.0220 4524 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:01:38.0225 4524 clr_optimization_v4.0.30319_32 - ok
14:01:38.0255 4524 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:01:38.0261 4524 clr_optimization_v4.0.30319_64 - ok
14:01:38.0296 4524 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:01:38.0297 4524 CmBatt - ok
14:01:38.0310 4524 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:01:38.0311 4524 cmdide - ok
14:01:38.0367 4524 [ 2B3B8CBEA1BA1BCE5700607FBDB31034 ] cmnsusbser C:\Windows\system32\DRIVERS\cmnsusbser.sys
14:01:38.0369 4524 cmnsusbser - ok
14:01:38.0418 4524 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:01:38.0434 4524 CNG - ok
14:01:38.0456 4524 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:01:38.0457 4524 Compbatt - ok
14:01:38.0496 4524 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:01:38.0497 4524 CompositeBus - ok
14:01:38.0508 4524 COMSysApp - ok
14:01:38.0536 4524 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:01:38.0537 4524 crcdisk - ok
14:01:38.0590 4524 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:01:38.0593 4524 CryptSvc - ok
14:01:38.0638 4524 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:01:38.0663 4524 DcomLaunch - ok
14:01:38.0702 4524 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:01:38.0710 4524 defragsvc - ok
14:01:38.0735 4524 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:01:38.0737 4524 DfsC - ok
14:01:38.0770 4524 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:01:38.0777 4524 Dhcp - ok
14:01:38.0802 4524 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:01:38.0803 4524 discache - ok
14:01:38.0836 4524 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
14:01:38.0838 4524 Disk - ok
14:01:38.0872 4524 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:01:38.0876 4524 Dnscache - ok
14:01:38.0913 4524 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:01:38.0919 4524 dot3svc - ok
14:01:38.0970 4524 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:01:38.0972 4524 Dot4 - ok
14:01:39.0000 4524 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
14:01:39.0001 4524 Dot4Print - ok
14:01:39.0019 4524 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:01:39.0020 4524 dot4usb - ok
14:01:39.0043 4524 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:01:39.0046 4524 DPS - ok
14:01:39.0074 4524 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:01:39.0075 4524 drmkaud - ok
14:01:39.0125 4524 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:01:39.0156 4524 DXGKrnl - ok
14:01:39.0198 4524 EagleX64 - ok
14:01:39.0230 4524 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:01:39.0233 4524 EapHost - ok
14:01:39.0326 4524 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:01:39.0418 4524 ebdrv - ok
14:01:39.0445 4524 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:01:39.0448 4524 EFS - ok
14:01:39.0507 4524 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:01:39.0530 4524 ehRecvr - ok
14:01:39.0554 4524 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:01:39.0556 4524 ehSched - ok
14:01:39.0602 4524 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:01:39.0623 4524 elxstor - ok
14:01:39.0648 4524 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:01:39.0649 4524 ErrDev - ok
14:01:39.0687 4524 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:01:39.0702 4524 EventSystem - ok
14:01:39.0794 4524 [ 51643EE2712D9212E1E53CA7E8D8EB4A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:01:39.0845 4524 EvtEng - ok
14:01:39.0900 4524 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:01:39.0903 4524 exfat - ok
14:01:40.0033 4524 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:01:40.0038 4524 fastfat - ok
14:01:40.0150 4524 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:01:40.0173 4524 Fax - ok
14:01:40.0194 4524 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
14:01:40.0195 4524 fdc - ok
14:01:40.0227 4524 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:01:40.0228 4524 fdPHost - ok
14:01:40.0246 4524 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:01:40.0248 4524 FDResPub - ok
14:01:40.0271 4524 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:01:40.0273 4524 FileInfo - ok
14:01:40.0287 4524 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:01:40.0288 4524 Filetrace - ok
14:01:40.0305 4524 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:01:40.0306 4524 flpydisk - ok
14:01:40.0341 4524 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:01:40.0348 4524 FltMgr - ok
14:01:40.0403 4524 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:01:40.0452 4524 FontCache - ok
14:01:40.0511 4524 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:01:40.0512 4524 FontCache3.0.0.0 - ok
14:01:40.0533 4524 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:01:40.0534 4524 FsDepends - ok
14:01:40.0558 4524 [ 53DAB1791917A72738539AD25C4EED7F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
14:01:40.0559 4524 fssfltr - ok
14:01:40.0629 4524 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:01:40.0653 4524 fsssvc - ok
14:01:40.0696 4524 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:01:40.0697 4524 Fs_Rec - ok
14:01:40.0719 4524 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:01:40.0724 4524 fvevol - ok
14:01:40.0754 4524 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:01:40.0756 4524 gagp30kx - ok
14:01:40.0788 4524 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:01:40.0790 4524 GEARAspiWDM - ok
14:01:40.0828 4524 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
14:01:40.0829 4524 getPlusHelper - ok
14:01:40.0879 4524 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:01:40.0904 4524 gpsvc - ok
14:01:40.0965 4524 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:01:40.0967 4524 gupdate - ok
14:01:41.0006 4524 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:01:41.0008 4524 gupdatem - ok
14:01:41.0042 4524 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:01:41.0043 4524 hcw85cir - ok
14:01:41.0088 4524 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:01:41.0096 4524 HdAudAddService - ok
14:01:41.0123 4524 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:01:41.0126 4524 HDAudBus - ok
14:01:41.0143 4524 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:01:41.0144 4524 HidBatt - ok
14:01:41.0171 4524 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:01:41.0173 4524 HidBth - ok
14:01:41.0198 4524 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:01:41.0199 4524 HidIr - ok
14:01:41.0229 4524 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:01:41.0231 4524 hidserv - ok
14:01:41.0247 4524 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:01:41.0249 4524 HidUsb - ok
14:01:41.0281 4524 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:01:41.0284 4524 hkmsvc - ok
14:01:41.0336 4524 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:01:41.0343 4524 HomeGroupListener - ok
14:01:41.0375 4524 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:01:41.0384 4524 HomeGroupProvider - ok
14:01:41.0405 4524 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:01:41.0407 4524 HpSAMD - ok
14:01:41.0445 4524 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:01:41.0469 4524 HTTP - ok
14:01:41.0515 4524 [ CDAA8E257BB625B2387219E605DDE37D ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
14:01:41.0517 4524 hwdatacard - ok
14:01:41.0529 4524 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:01:41.0530 4524 hwpolicy - ok
14:01:41.0543 4524 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:01:41.0545 4524 i8042prt - ok
14:01:41.0579 4524 [ 073A606333B6F7BBF20AA856DF7F0997 ] iaStor C:\Windows\system32\drivers\iaStor.sys
14:01:41.0585 4524 iaStor - ok
14:01:41.0621 4524 [ CC800D2D9FD467542BAC7C186C4774AD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:01:41.0623 4524 IAStorDataMgrSvc - ok
14:01:41.0650 4524 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:01:41.0665 4524 iaStorV - ok
14:01:41.0717 4524 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:01:41.0741 4524 idsvc - ok
14:01:41.0782 4524 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:01:41.0784 4524 iirsp - ok
14:01:41.0845 4524 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:01:41.0870 4524 IKEEXT - ok
14:01:41.0903 4524 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\Windows\system32\drivers\Impcd.sys
14:01:41.0906 4524 Impcd - ok
14:01:41.0996 4524 [ 2E3B99E8C23BE2BF32EBE1DB5261F275 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:01:42.0063 4524 IntcAzAudAddService - ok
14:01:42.0099 4524 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:01:42.0100 4524 intelide - ok
14:01:42.0129 4524 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
14:01:42.0130 4524 intelppm - ok
14:01:42.0164 4524 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:01:42.0167 4524 IPBusEnum - ok
14:01:42.0197 4524 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:01:42.0198 4524 IpFilterDriver - ok
14:01:42.0231 4524 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:01:42.0233 4524 IPMIDRV - ok
14:01:42.0263 4524 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:01:42.0266 4524 IPNAT - ok
14:01:42.0334 4524 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:01:42.0365 4524 iPod Service - ok
14:01:42.0400 4524 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:01:42.0401 4524 IRENUM - ok
14:01:42.0424 4524 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:01:42.0425 4524 isapnp - ok
14:01:42.0457 4524 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:01:42.0463 4524 iScsiPrt - ok
14:01:42.0502 4524 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
14:01:42.0504 4524 IviRegMgr - ok
14:01:42.0534 4524 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:01:42.0535 4524 kbdclass - ok
14:01:42.0573 4524 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:01:42.0574 4524 kbdhid - ok
14:01:42.0589 4524 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:01:42.0591 4524 KeyIso - ok
14:01:42.0619 4524 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:01:42.0621 4524 KSecDD - ok
14:01:42.0657 4524 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:01:42.0660 4524 KSecPkg - ok
14:01:42.0677 4524 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:01:42.0678 4524 ksthunk - ok
14:01:42.0715 4524 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:01:42.0731 4524 KtmRm - ok
14:01:42.0770 4524 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:01:42.0778 4524 LanmanServer - ok
14:01:42.0810 4524 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:01:42.0815 4524 LanmanWorkstation - ok
14:01:42.0845 4524 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:01:42.0847 4524 lltdio - ok
14:01:42.0872 4524 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:01:42.0880 4524 lltdsvc - ok
14:01:42.0893 4524 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:01:42.0897 4524 lmhosts - ok
14:01:42.0928 4524 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:01:42.0931 4524 LSI_FC - ok
14:01:42.0964 4524 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:01:42.0966 4524 LSI_SAS - ok
14:01:42.0989 4524 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:01:42.0990 4524 LSI_SAS2 - ok
14:01:43.0010 4524 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:01:43.0012 4524 LSI_SCSI - ok
14:01:43.0039 4524 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:01:43.0042 4524 luafv - ok
14:01:43.0074 4524 [ DBC08862A71459E74F7538B432C114CC ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:01:43.0075 4524 MBAMProtector - ok
14:01:43.0122 4524 [ BA400ED640BCA1EAE5C727AE17C10207 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:01:43.0147 4524 MBAMService - ok
14:01:43.0231 4524 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
14:01:43.0234 4524 McComponentHostService - ok
14:01:43.0279 4524 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:01:43.0282 4524 Mcx2Svc - ok
14:01:43.0307 4524 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:01:43.0308 4524 megasas - ok
14:01:43.0352 4524 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:01:43.0358 4524 MegaSR - ok
14:01:43.0388 4524 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:01:43.0391 4524 MMCSS - ok
14:01:43.0420 4524 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:01:43.0421 4524 Modem - ok
14:01:43.0436 4524 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:01:43.0439 4524 monitor - ok
14:01:43.0463 4524 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:01:43.0465 4524 mouclass - ok
14:01:43.0495 4524 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:01:43.0496 4524 mouhid - ok
14:01:43.0537 4524 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:01:43.0539 4524 mountmgr - ok
14:01:43.0599 4524 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:01:43.0601 4524 MozillaMaintenance - ok
14:01:43.0625 4524 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:01:43.0628 4524 mpio - ok
14:01:43.0656 4524 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:01:43.0658 4524 mpsdrv - ok
14:01:43.0688 4524 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:01:43.0690 4524 MRxDAV - ok
14:01:43.0718 4524 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:01:43.0721 4524 mrxsmb - ok
14:01:43.0764 4524 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:01:43.0770 4524 mrxsmb10 - ok
14:01:43.0790 4524 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:01:43.0793 4524 mrxsmb20 - ok
14:01:43.0822 4524 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:01:43.0823 4524 msahci - ok
14:01:43.0841 4524 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:01:43.0844 4524 msdsm - ok
14:01:43.0865 4524 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:01:43.0869 4524 MSDTC - ok
14:01:43.0910 4524 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:01:43.0911 4524 Msfs - ok
14:01:43.0935 4524 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:01:43.0937 4524 mshidkmdf - ok
14:01:43.0961 4524 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:01:43.0962 4524 msisadrv - ok
14:01:43.0989 4524 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:01:43.0992 4524 MSiSCSI - ok
14:01:43.0999 4524 msiserver - ok
14:01:44.0028 4524 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:01:44.0029 4524 MSKSSRV - ok
14:01:44.0042 4524 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:01:44.0043 4524 MSPCLOCK - ok
14:01:44.0051 4524 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:01:44.0052 4524 MSPQM - ok
14:01:44.0088 4524 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:01:44.0096 4524 MsRPC - ok
14:01:44.0121 4524 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:01:44.0122 4524 mssmbios - ok
14:01:44.0129 4524 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:01:44.0130 4524 MSTEE - ok
14:01:44.0157 4524 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:01:44.0158 4524 MTConfig - ok
14:01:44.0178 4524 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:01:44.0179 4524 Mup - ok
14:01:44.0219 4524 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:01:44.0241 4524 napagent - ok
14:01:44.0271 4524 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:01:44.0277 4524 NativeWifiP - ok
14:01:44.0346 4524 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:01:44.0375 4524 NDIS - ok
14:01:44.0390 4524 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:01:44.0391 4524 NdisCap - ok
14:01:44.0408 4524 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:01:44.0409 4524 NdisTapi - ok
14:01:44.0436 4524 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:01:44.0438 4524 Ndisuio - ok
14:01:44.0469 4524 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:01:44.0472 4524 NdisWan - ok
14:01:44.0501 4524 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:01:44.0502 4524 NDProxy - ok
14:01:44.0510 4524 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:01:44.0511 4524 NetBIOS - ok
14:01:44.0547 4524 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:01:44.0552 4524 NetBT - ok
14:01:44.0577 4524 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:01:44.0579 4524 Netlogon - ok
14:01:44.0608 4524 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:01:44.0623 4524 Netman - ok
14:01:44.0641 4524 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:01:44.0655 4524 netprofm - ok
14:01:44.0702 4524 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:01:44.0721 4524 NetTcpPortSharing - ok
14:01:44.0931 4524 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
14:01:45.0109 4524 NETw5s64 - ok
14:01:45.0149 4524 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:01:45.0151 4524 nfrd960 - ok
14:01:45.0298 4524 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:01:45.0306 4524 NlaSvc - ok
14:01:45.0327 4524 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:01:45.0328 4524 Npfs - ok
14:01:45.0349 4524 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:01:45.0352 4524 nsi - ok
14:01:45.0366 4524 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:01:45.0367 4524 nsiproxy - ok
14:01:45.0430 4524 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:01:45.0471 4524 Ntfs - ok
14:01:45.0489 4524 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:01:45.0490 4524 Null - ok
14:01:45.0537 4524 [ CDDD4478757288DF4BB1494BFD084259 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
14:01:45.0539 4524 NVHDA - ok
14:01:45.0827 4524 [ DB2BEE926E7DFC59896A2D6800EB13F7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:01:46.0117 4524 nvlddmkm - ok
14:01:46.0162 4524 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:01:46.0165 4524 nvraid - ok
14:01:46.0198 4524 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:01:46.0201 4524 nvstor - ok
14:01:46.0247 4524 [ 24AB15D09A13D5A40567211A1AB9B479 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:01:46.0264 4524 nvsvc - ok
14:01:46.0294 4524 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:01:46.0297 4524 nv_agp - ok
14:01:46.0313 4524 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:01:46.0315 4524 ohci1394 - ok
14:01:46.0356 4524 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:01:46.0361 4524 ose - ok
14:01:46.0510 4524 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:01:46.0625 4524 osppsvc - ok
14:01:46.0655 4524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:01:46.0664 4524 p2pimsvc - ok
14:01:46.0688 4524 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:01:46.0709 4524 p2psvc - ok
14:01:46.0739 4524 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
14:01:46.0741 4524 Parport - ok
14:01:46.0778 4524 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:01:46.0779 4524 partmgr - ok
14:01:46.0795 4524 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:01:46.0800 4524 PcaSvc - ok
14:01:46.0831 4524 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:01:46.0838 4524 pci - ok
14:01:46.0851 4524 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:01:46.0852 4524 pciide - ok
14:01:46.0883 4524 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:01:46.0886 4524 pcmcia - ok
14:01:46.0914 4524 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:01:46.0916 4524 pcw - ok
14:01:46.0944 4524 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:01:46.0967 4524 PEAUTH - ok
14:01:47.0057 4524 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:01:47.0059 4524 PerfHost - ok
14:01:47.0134 4524 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:01:47.0176 4524 pla - ok
14:01:47.0211 4524 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:01:47.0232 4524 PlugPlay - ok
14:01:47.0299 4524 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
14:01:47.0307 4524 PMBDeviceInfoProvider - ok
14:01:47.0318 4524 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:01:47.0321 4524 PNRPAutoReg - ok
14:01:47.0340 4524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:01:47.0346 4524 PNRPsvc - ok
14:01:47.0374 4524 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:01:47.0390 4524 PolicyAgent - ok
14:01:47.0428 4524 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:01:47.0433 4524 Power - ok
14:01:47.0480 4524 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:01:47.0482 4524 PptpMiniport - ok
14:01:47.0509 4524 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
14:01:47.0511 4524 Processor - ok
14:01:47.0540 4524 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
14:01:47.0547 4524 ProfSvc - ok
14:01:47.0563 4524 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:01:47.0566 4524 ProtectedStorage - ok
14:01:47.0603 4524 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:01:47.0606 4524 Psched - ok
14:01:47.0653 4524 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
14:01:47.0656 4524 PSI_SVC_2 - ok
14:01:47.0683 4524 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
14:01:47.0684 4524 PxHlpa64 - ok
14:01:47.0736 4524 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:01:47.0778 4524 ql2300 - ok
14:01:47.0793 4524 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:01:47.0796 4524 ql40xx - ok
14:01:47.0829 4524 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:01:47.0836 4524 QWAVE - ok
14:01:47.0851 4524 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:01:47.0853 4524 QWAVEdrv - ok
14:01:47.0870 4524 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:01:47.0872 4524 RasAcd - ok
14:01:47.0902 4524 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:01:47.0904 4524 RasAgileVpn - ok
14:01:47.0920 4524 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:01:47.0924 4524 RasAuto - ok
14:01:47.0947 4524 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:01:47.0949 4524 Rasl2tp - ok
14:01:47.0990 4524 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:01:48.0006 4524 RasMan - ok
14:01:48.0019 4524 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:01:48.0021 4524 RasPppoe - ok
14:01:48.0048 4524 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:01:48.0050 4524 RasSstp - ok
14:01:48.0083 4524 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:01:48.0090 4524 rdbss - ok
14:01:48.0109 4524 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
14:01:48.0110 4524 rdpbus - ok
14:01:48.0130 4524 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:01:48.0131 4524 RDPCDD - ok
14:01:48.0149 4524 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:01:48.0150 4524 RDPENCDD - ok
14:01:48.0160 4524 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:01:48.0161 4524 RDPREFMP - ok
14:01:48.0195 4524 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:01:48.0200 4524 RDPWD - ok
14:01:48.0231 4524 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:01:48.0234 4524 rdyboost - ok
14:01:48.0254 4524 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\Windows\system32\drivers\regi.sys
14:01:48.0255 4524 regi - ok
14:01:48.0308 4524 [ 3B71B5B91E7DCA93585D5A86C897ADC4 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:01:48.0333 4524 RegSrvc - ok
14:01:48.0369 4524 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:01:48.0373 4524 RemoteAccess - ok
14:01:48.0407 4524 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:01:48.0411 4524 RemoteRegistry - ok
14:01:48.0446 4524 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:01:48.0449 4524 RFCOMM - ok
14:01:48.0468 4524 [ 6DED176A14770339F1415CFDBCC9E07F ] rimspci C:\Windows\system32\drivers\rimssne64.sys
14:01:48.0470 4524 rimspci - ok
14:01:48.0506 4524 [ DDF5F666C2A5B3729E8BEA01FB999CC0 ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys
14:01:48.0508 4524 risdsnpe - ok
14:01:48.0559 4524 [ BA6CE930E1453677F7565AE45181AD76 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
14:01:48.0565 4524 Roxio UPnP Renderer 10 - ok
14:01:48.0584 4524 [ 3A3D707A35EA30A6CF88B9E555E3D815 ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
14:01:48.0592 4524 Roxio Upnp Server 10 - ok
14:01:48.0605 4524 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:01:48.0609 4524 RpcEptMapper - ok
14:01:48.0619 4524 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:01:48.0621 4524 RpcLocator - ok
14:01:48.0661 4524 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:01:48.0670 4524 RpcSs - ok
14:01:48.0689 4524 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:01:48.0691 4524 rspndr - ok
14:01:48.0702 4524 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:01:48.0704 4524 SamSs - ok
14:01:48.0729 4524 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:01:48.0732 4524 sbp2port - ok
14:01:48.0775 4524 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:01:48.0780 4524 SCardSvr - ok
14:01:48.0855 4524 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:01:48.0856 4524 scfilter - ok
14:01:48.0902 4524 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:01:48.0927 4524 Schedule - ok
14:01:48.0970 4524 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:01:48.0972 4524 SCPolicySvc - ok
14:01:48.0995 4524 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
14:01:48.0997 4524 sdbus - ok
14:01:49.0013 4524 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:01:49.0019 4524 SDRSVC - ok
14:01:49.0048 4524 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:01:49.0049 4524 secdrv - ok
14:01:49.0068 4524 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:01:49.0071 4524 seclogon - ok
14:01:49.0094 4524 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:01:49.0098 4524 SENS - ok
14:01:49.0110 4524 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:01:49.0114 4524 SensrSvc - ok
14:01:49.0134 4524 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
14:01:49.0136 4524 Serenum - ok
14:01:49.0163 4524 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
14:01:49.0165 4524 Serial - ok
14:01:49.0184 4524 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:01:49.0185 4524 sermouse - ok
14:01:49.0224 4524 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:01:49.0228 4524 SessionEnv - ok
14:01:49.0265 4524 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\drivers\SFEP.sys
14:01:49.0267 4524 SFEP - ok
14:01:49.0279 4524 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:01:49.0280 4524 sffdisk - ok
14:01:49.0291 4524 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:01:49.0292 4524 sffp_mmc - ok
14:01:49.0306 4524 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:01:49.0307 4524 sffp_sd - ok
14:01:49.0334 4524 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:01:49.0335 4524 sfloppy - ok
14:01:49.0376 4524 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:01:49.0383 4524 ShellHWDetection - ok
14:01:49.0413 4524 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:01:49.0415 4524 SiSRaid2 - ok
14:01:49.0447 4524 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:01:49.0449 4524 SiSRaid4 - ok
14:01:49.0502 4524 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:01:49.0507 4524 SkypeUpdate - ok
14:01:49.0531 4524 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:01:49.0533 4524 Smb - ok
14:01:49.0577 4524 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:01:49.0581 4524 SNMPTRAP - ok
14:01:49.0635 4524 [ C3E69DB0A4E59564230E053232F39AC7 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
14:01:49.0639 4524 SOHCImp - ok
14:01:49.0666 4524 [ C1CD71C672EA281A424FBCF24AC99553 ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
14:01:49.0681 4524 SOHDms - ok
14:01:49.0699 4524 [ F47D75CEE1844EEF4A9EA6EE768828FB ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
14:01:49.0703 4524 SOHDs - ok
14:01:49.0744 4524 [ E2E40C0D24456B6EB440BE01AF829829 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
14:01:49.0753 4524 SpfService - ok
14:01:49.0771 4524 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:01:49.0772 4524 spldr - ok
14:01:49.0813 4524 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
14:01:49.0837 4524 Spooler - ok
14:01:49.0937 4524 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:01:50.0030 4524 sppsvc - ok
14:01:50.0063 4524 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:01:50.0067 4524 sppuinotify - ok
14:01:50.0104 4524 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:01:50.0120 4524 srv - ok
14:01:50.0144 4524 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:01:50.0151 4524 srv2 - ok
14:01:50.0186 4524 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:01:50.0188 4524 srvnet - ok
14:01:50.0210 4524 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:01:50.0218 4524 SSDPSRV - ok
14:01:50.0233 4524 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:01:50.0237 4524 SstpSvc - ok
14:01:50.0259 4524 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:01:50.0260 4524 stexstor - ok
14:01:50.0304 4524 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:01:50.0328 4524 stisvc - ok
14:01:50.0363 4524 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:01:50.0364 4524 swenum - ok
14:01:50.0395 4524 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:01:50.0408 4524 swprv - ok
14:01:50.0484 4524 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:01:50.0538 4524 SysMain - ok
14:01:50.0575 4524 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:01:50.0579 4524 TabletInputService - ok
14:01:50.0620 4524 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:01:50.0636 4524 TapiSrv - ok
14:01:50.0655 4524 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:01:50.0659 4524 TBS - ok
14:01:50.0729 4524 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:01:50.0795 4524 Tcpip - ok
14:01:50.0853 4524 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:01:50.0875 4524 TCPIP6 - ok
14:01:50.0912 4524 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:01:50.0914 4524 tcpipreg - ok
14:01:50.0941 4524 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:01:50.0942 4524 TDPIPE - ok
14:01:50.0972 4524 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:01:50.0973 4524 TDTCP - ok
14:01:51.0002 4524 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:01:51.0005 4524 tdx - ok
14:01:51.0127 4524 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
14:01:51.0204 4524 TeamViewer7 - ok
14:01:51.0239 4524 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:01:51.0241 4524 TermDD - ok
14:01:51.0268 4524 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:01:51.0291 4524 TermService - ok
14:01:51.0317 4524 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:01:51.0321 4524 Themes - ok
14:01:51.0349 4524 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:01:51.0352 4524 THREADORDER - ok
14:01:51.0372 4524 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:01:51.0376 4524 TrkWks - ok
14:01:51.0427 4524 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:01:51.0431 4524 TrustedInstaller - ok
14:01:51.0459 4524 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:01:51.0460 4524 tssecsrv - ok
14:01:51.0500 4524 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:01:51.0502 4524 TsUsbFlt - ok
14:01:51.0542 4524 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:01:51.0544 4524 tunnel - ok
14:01:51.0583 4524 [ 1A006963644C7FDE5BE60036F3A43E68 ] TVICHW32 C:\Windows\system32\DRIVERS\TVICHW32.SYS
14:01:51.0585 4524 TVICHW32 - ok
14:01:51.0609 4524 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:01:51.0611 4524 uagp35 - ok
14:01:51.0642 4524 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
14:01:51.0646 4524 uCamMonitor - ok
14:01:51.0691 4524 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:01:51.0698 4524 udfs - ok
14:01:51.0728 4524 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:01:51.0732 4524 UI0Detect - ok
14:01:51.0756 4524 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:01:51.0758 4524 uliagpkx - ok
14:01:51.0783 4524 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
14:01:51.0785 4524 umbus - ok
14:01:51.0816 4524 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:01:51.0818 4524 UmPass - ok
14:01:51.0841 4524 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:01:51.0858 4524 upnphost - ok
14:01:51.0902 4524 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:01:51.0903 4524 USBAAPL64 - ok
14:01:51.0920 4524 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:01:51.0922 4524 usbccgp - ok
14:01:51.0941 4524 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:01:51.0943 4524 usbcir - ok
14:01:51.0964 4524 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:01:51.0966 4524 usbehci - ok
14:01:51.0986 4524 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:01:51.0993 4524 usbhub - ok
14:01:52.0011 4524 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:01:52.0013 4524 usbohci - ok
14:01:52.0031 4524 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
14:01:52.0032 4524 usbprint - ok
14:01:52.0048 4524 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:01:52.0050 4524 USBSTOR - ok
14:01:52.0069 4524 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:01:52.0070 4524 usbuhci - ok
14:01:52.0112 4524 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:01:52.0117 4524 usbvideo - ok
14:01:52.0140 4524 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:01:52.0144 4524 UxSms - ok
14:01:52.0192 4524 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
14:01:52.0194 4524 VAIO Entertainment TV Device Arbitration Service - ok
14:01:52.0243 4524 [ 218F78B39832A2A0761CE2422828A57C ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
14:01:52.0249 4524 VAIO Event Service - ok
14:01:52.0306 4524 [ 1CF1A4DD7A58C966C9014B83C7229CF3 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
14:01:52.0329 4524 VAIO Power Management - ok
14:01:52.0340 4524 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:01:52.0342 4524 VaultSvc - ok
14:01:52.0387 4524 [ 917FB366B6CF2834CDBF9256D18A8FF0 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
14:01:52.0413 4524 VCFw - ok
14:01:52.0466 4524 [ 10E212BFB7EAB152A64C1AAEC2F7F4E0 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
14:01:52.0491 4524 VcmIAlzMgr - ok
14:01:52.0523 4524 [ 7A88CFD3FE99F2C9B95A6E2A08B96E14 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
14:01:52.0533 4524 VcmINSMgr - ok
14:01:52.0564 4524 [ 8EFAACCC7BFA1E9031EFDFB01A1B0D69 ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
14:01:52.0566 4524 VcmXmlIfHelper - ok
14:01:52.0605 4524 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:01:52.0606 4524 vdrvroot - ok
14:01:52.0651 4524 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:01:52.0674 4524 vds - ok
14:01:52.0696 4524 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:01:52.0698 4524 vga - ok
14:01:52.0716 4524 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:01:52.0717 4524 VgaSave - ok
14:01:52.0755 4524 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:01:52.0758 4524 vhdmp - ok
14:01:52.0774 4524 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:01:52.0775 4524 viaide - ok
14:01:52.0799 4524 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:01:52.0801 4524 volmgr - ok
14:01:52.0844 4524 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:01:52.0853 4524 volmgrx - ok
14:01:52.0873 4524 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:01:52.0879 4524 volsnap - ok
14:01:52.0925 4524 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:01:52.0928 4524 vsmraid - ok
14:01:52.0997 4524 [ 047F22BDFDAE6DF6F1E47E747A1237A2 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
14:01:53.0027 4524 VSNService - ok
14:01:53.0086 4524 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:01:53.0144 4524 VSS - ok
14:01:53.0249 4524 [ FB4A1695D2D74F9C92CA5E84795CDBE1 ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
14:01:53.0300 4524 VUAgent - ok
14:01:53.0319 4524 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:01:53.0320 4524 vwifibus - ok
14:01:53.0332 4524 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:01:53.0334 4524 vwififlt - ok
14:01:53.0358 4524 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:01:53.0359 4524 vwifimp - ok
14:01:53.0404 4524 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:01:53.0420 4524 W32Time - ok
14:01:53.0453 4524 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:01:53.0454 4524 WacomPen - ok
14:01:53.0495 4524 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:01:53.0497 4524 WANARP - ok
14:01:53.0516 4524 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:01:53.0518 4524 Wanarpv6 - ok
14:01:53.0581 4524 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:01:53.0631 4524 wbengine - ok
14:01:53.0663 4524 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:01:53.0670 4524 WbioSrvc - ok
14:01:53.0707 4524 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:01:53.0723 4524 wcncsvc - ok
14:01:53.0743 4524 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:01:53.0747 4524 WcsPlugInService - ok
14:01:53.0772 4524 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
14:01:53.0774 4524 Wd - ok
14:01:53.0813 4524 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:01:53.0838 4524 Wdf01000 - ok
14:01:53.0857 4524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:01:53.0864 4524 WdiServiceHost - ok
14:01:53.0870 4524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:01:53.0874 4524 WdiSystemHost - ok
14:01:53.0907 4524 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:01:53.0915 4524 WebClient - ok
14:01:53.0932 4524 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:01:53.0940 4524 Wecsvc - ok
14:01:53.0955 4524 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:01:53.0961 4524 wercplsupport - ok
14:01:53.0984 4524 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:01:53.0989 4524 WerSvc - ok
14:01:54.0005 4524 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:01:54.0006 4524 WfpLwf - ok
14:01:54.0018 4524 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:01:54.0019 4524 WIMMount - ok
14:01:54.0027 4524 WinHttpAutoProxySvc - ok
14:01:54.0084 4524 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:01:54.0089 4524 Winmgmt - ok
14:01:54.0146 4524 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:01:54.0214 4524 WinRM - ok
14:01:54.0288 4524 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:01:54.0289 4524 WinUsb - ok
14:01:54.0330 4524 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:01:54.0359 4524 Wlansvc - ok
14:01:54.0375 4524 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:01:54.0376 4524 WmiAcpi - ok
14:01:54.0409 4524 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:01:54.0414 4524 wmiApSrv - ok
14:01:54.0435 4524 WMPNetworkSvc - ok
14:01:54.0463 4524 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:01:54.0467 4524 WPCSvc - ok
14:01:54.0500 4524 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:01:54.0505 4524 WPDBusEnum - ok
14:01:54.0531 4524 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:01:54.0533 4524 ws2ifsl - ok
14:01:54.0539 4524 WSearch - ok
14:01:54.0633 4524 [ 624809FE31F0EBBA33FD4C98E016DD83 ] WTGService C:\Program Files (x86)\XSManager\WTGService.exe
14:01:54.0642 4524 WTGService - ok
14:01:54.0724 4524 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:01:54.0808 4524 wuauserv - ok
14:01:54.0839 4524 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:01:54.0841 4524 WudfPf - ok
14:01:54.0881 4524 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:01:54.0884 4524 WUDFRd - ok
14:01:55.0004 4524 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:01:55.0010 4524 wudfsvc - ok
14:01:55.0040 4524 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:01:55.0048 4524 WwanSvc - ok
14:01:55.0086 4524 [ B9A3655BED42A2D7B8C111B93481BCCC ] XS Stick Service C:\Windows\service4g.exe
14:01:55.0088 4524 XS Stick Service - ok
14:01:55.0132 4524 [ 6AFFD75C6807B3DD3AB018E27B88EF95 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
14:01:55.0140 4524 yukonw7 - ok
14:01:55.0155 4524 ================ Scan global ===============================
14:01:55.0191 4524 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:01:55.0269 4524 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
14:01:55.0293 4524 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
14:01:55.0324 4524 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:01:55.0355 4524 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:01:55.0370 4524 [Global] - ok
14:01:55.0371 4524 ================ Scan MBR ==================================
14:01:55.0385 4524 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:01:55.0732 4524 \Device\Harddisk0\DR0 - ok
14:01:55.0733 4524 ================ Scan VBR ==================================
14:01:55.0737 4524 [ 11DE3BBCC6B2860A936BD6A094AA1727 ] \Device\Harddisk0\DR0\Partition1
14:01:55.0741 4524 \Device\Harddisk0\DR0\Partition1 - ok
14:01:55.0753 4524 [ 2525F737EC61B8271157D78F6A2B4641 ] \Device\Harddisk0\DR0\Partition2
14:01:55.0757 4524 \Device\Harddisk0\DR0\Partition2 - ok
14:01:55.0758 4524 ============================================================
14:01:55.0758 4524 Scan finished
14:01:55.0758 4524 ============================================================
14:01:55.0774 9256 Detected object count: 0
14:01:55.0774 9256 Actual detected object count: 0


VG Gabi
__________________

Alt 03.01.2013, 14:11   #4
Larusso
/// Selecta Jahrusso
 
TR/Crypt.TPM.Gen - Standard

TR/Crypt.TPM.Gen



Kein Problem

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 03.01.2013, 15:19   #5
sgp41
 
TR/Crypt.TPM.Gen - Standard

TR/Crypt.TPM.Gen



Hallo Daniel,

habe combofix herunter geladen und nun folgende Logdatei:

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-03.02 - Siebert 03.01.2013  14:23:17.1.8 - x64
ausgeführt von:: c:\users\Siebert\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Siebert\AppData\Roaming\.#
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-03 bis 2013-01-03  ))))))))))))))))))))))))))))))
.
.
2013-01-03 13:30 . 2013-01-03 13:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-01 16:37 . 2013-01-01 16:45	--------	d-----w-	c:\users\Siebert\AppData\Local\.elfohilfe
2012-12-30 18:04 . 2012-12-30 18:04	--------	d-----w-	c:\users\Siebert\AppData\Roaming\elsterformular
2012-12-30 18:03 . 2012-12-30 18:03	--------	d-----w-	c:\programdata\elsterformular
2012-12-30 18:02 . 2012-12-30 18:02	--------	d-----w-	c:\program files (x86)\ElsterFormular
2012-12-27 21:41 . 2012-12-27 21:41	96224	----a-w-	c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-12-27 21:41 . 2012-12-27 21:41	157272	----a-w-	c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-12-09 00:30 . 2012-12-09 00:30	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-12-09 00:30 . 2012-12-09 00:30	--------	d-----r-	c:\program files (x86)\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-02 19:03 . 2012-08-24 15:30	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-02 19:03 . 2012-08-24 15:30	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-01 18:31 . 2011-10-18 20:06	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-01-01 18:30 . 2011-10-18 20:05	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-01 18:30 . 2011-10-18 20:05	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-27 23:12 . 2010-08-01 18:53	952	--sha-w-	c:\programdata\KGyGaAvL.sys
2012-12-16 20:23 . 2010-07-28 11:52	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-11-26 15:39 . 2011-11-24 22:02	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-18 13:35 . 2012-11-18 13:35	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2012-11-18 13:35 . 2012-11-18 13:35	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-3\StartResources.dll
2012-11-15 20:24 . 2011-11-02 21:03	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-11-15 20:24 . 2011-11-02 21:03	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-10-25 02:12 . 2012-10-25 02:12	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 08:49	176936	----a-w-	c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-06 19:33	1519304	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Siebert\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-13 138096]
"GoogleChromeAutoLaunch_E90BCE67979467FA0DC07BE0C508D3DF"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-21 597792]
"starter4g"="c:\windows\starter4g.exe" [2010-04-30 160424]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"EasyDownloads"="c:\program files (x86)\Easy Downloads\easydownloads.exe" [2011-10-14 854040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2010-02-24 99696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Siebert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"62.75.206.182,255.255.255.255,192.168.2.112,1"=""
"173.245.61.58,255.255.255.255,192.168.2.112,1"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952]
R2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
R2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2010-04-12 329168]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-18 334888]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-18 39464]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2011-04-05 117888]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-03-03 158720]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-03-19 93184]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-03-19 77312]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-19 386416]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-04-30 145064]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-02-11 12032]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 302448]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-10-20 393216]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 19:03]
.
2012-12-26 c:\windows\Tasks\DLL-files.com Fixer_MONTHLY.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-09-01 12:12]
.
2012-12-29 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-09-01 12:12]
.
2013-01-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509783427-3330760283-4264450646-1000Core.job
- c:\users\Siebert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-28 13:20]
.
2013-01-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509783427-3330760283-4264450646-1000UA.job
- c:\users\Siebert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-28 13:20]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 03:34]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 03:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10060320]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"62.75.206.182,255.255.255.255,192.168.2.112,1"=""
"173.245.61.58,255.255.255.255,192.168.2.112,1"=""
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Siebert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{00A5F9A2-0BDE-4838-AC0E-24094A8A01E4}: NameServer = 212.23.97.2 212.23.97.3
FF - ProfilePath - c:\users\Siebert\AppData\Roaming\Mozilla\Firefox\Profiles\e3qmgbf3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=af1ee370-c1f9-4989-ac19-6c1ec3ebdb77&apn_ptnrs=^AAA&apn_sauid=5ACE7A80-4303-479A-8758-F7293EA7A550&apn_dtid=^YYYYYY^YY^DE&&q=
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Regedit32 - c:\windows\system32\regedit.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-Metin2_is1 - c:\program files (x86)\Metin2\unins000.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-03  14:40:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-03 13:40
.
Vor Suchlauf: 16 Verzeichnis(se), 389.406.433.280 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 389.568.143.360 Bytes frei
.
- - End Of File - - B17784877F863F40AC6A0796F445D667
         
--- --- ---

VG Gabi

Hallo Daniel,
muß ich noch etwas tun?
VG
Gabi


Alt 03.01.2013, 18:05   #6
Larusso
/// Selecta Jahrusso
 
TR/Crypt.TPM.Gen - Standard

TR/Crypt.TPM.Gen



Hy.


Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.
__________________
--> TR/Crypt.TPM.Gen

Alt 03.01.2013, 19:12   #7
sgp41
 
TR/Crypt.TPM.Gen - Standard

TR/Crypt.TPM.Gen



Hallo Daniel,

hier die otl.txt :OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.01.2013 18:51:27 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Siebert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 3,79 Gb Available Physical Memory | 63,32% Memory free
11,96 Gb Paging File | 9,42 Gb Available in Paging File | 78,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,40 Gb Total Space | 362,12 Gb Free Space | 79,52% Space Free | Partition Type: NTFS
Drive D: | 1,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SIEBERT-VAIO | User Name: Siebert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.03 18:51:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Siebert\Desktop\OTL.exe
PRC - [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.08.13 19:32:30 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 14:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.10.14 18:18:43 | 000,854,040 | ---- | M] (hxxp://izloader.com/) -- C:\Program Files (x86)\Easy Downloads\easydownloads.exe
PRC - [2010.05.14 13:29:50 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010.04.30 12:56:04 | 000,160,424 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2010.04.30 12:55:54 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2010.04.12 17:03:44 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe
PRC - [2010.03.18 07:56:06 | 000,852,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2010.03.02 15:22:44 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010.02.24 13:59:08 | 000,422,768 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
PRC - [2010.02.24 13:59:08 | 000,108,400 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
PRC - [2010.02.24 13:59:08 | 000,099,696 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
PRC - [2010.02.19 18:19:26 | 000,386,416 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
PRC - [2010.02.19 18:19:24 | 000,529,776 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2010.01.21 19:31:32 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.15 12:40:22 | 000,316,784 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2009.11.20 23:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.11.20 23:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
MOD - [2012.12.05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012.12.05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012.12.05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012.12.05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012.12.05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012.12.05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012.08.31 11:59:23 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.08.31 11:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012.04.23 23:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.03.21 23:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.02.11 00:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
MOD - [2010.12.21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.05 02:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010.11.05 02:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2009.06.10 22:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.02 20:03:42 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.27 22:41:22 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.19 12:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.13 09:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.05.14 13:29:50 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.04.30 12:55:54 | 000,145,064 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010.04.12 17:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService)
SRV - [2010.04.08 13:27:18 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2010.03.29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.18 07:56:06 | 000,852,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.03.12 16:15:40 | 000,920,352 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.02.24 13:59:08 | 000,422,768 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010.02.24 13:59:08 | 000,108,400 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010.02.24 13:59:08 | 000,067,952 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010.02.19 18:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010.02.19 18:19:26 | 000,386,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2010.02.19 18:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2010.02.08 09:46:46 | 000,302,448 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe -- (SpfService)
SRV - [2010.01.20 14:10:10 | 000,574,320 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.25 03:49:14 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.11.25 03:49:04 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.11.20 23:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.10.24 02:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.09.21 15:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009.09.21 15:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 14:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.05 07:59:22 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.05 16:27:22 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVicHW32.sys -- (TVICHW32)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.08.16 20:21:27 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.03.20 11:06:18 | 002,203,136 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.03.19 11:03:49 | 000,093,184 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010.03.19 11:03:46 | 000,077,312 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2010.03.18 21:47:39 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.03.18 21:47:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.03.18 21:47:38 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.03.18 21:47:37 | 000,334,888 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.03.18 21:47:03 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.03.18 10:16:10 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.03.17 21:02:57 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010.03.03 23:56:59 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.11 20:19:26 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.11.20 23:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.10.20 16:02:25 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.09.15 11:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.05 22:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.09 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007.04.17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2011.01.05 16:27:22 | 000,029,536 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TVicHW32.sys -- (TVICHW32)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.07.24 10:04:34 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100842&mntrId=8691acc5000000000000002314b8cced
IE - HKCU\..\SearchScopes\{5A6C85CE-58F0-49BD-884E-41EECB7E6E47}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=af1ee370-c1f9-4989-ac19-6c1ec3ebdb77&apn_sauid=5ACE7A80-4303-479A-8758-F7293EA7A550
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SVED_deDE388DE388
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={80C4041B-6D14-472E-996C-A3FF69AFB153}&mid=cf2b51753b0d47d0b033850b0fbb1e2d-94a4d02c730b86f7d5c2b478d817a6b75e2523bf&lang=de&ds=od011&pr=sa&d=2012-09-30 17:23:11&v=12.1.0.20&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A67C1857-CB98-4061-B6DF-2525ECA01527}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKCU\..\SearchScopes\{B46FC204-4117-411A-9566-0E05E5D7594B}: "URL" = Shopping.com Deutschland - der große Produkt- und Preisvergleich
IE - HKCU\..\SearchScopes\{B82039A1-06D6-4AAA-BCE5-D44208C4EF2A}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: engine%40plasmoo.com:1.0.0.32
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.1.9
FF - prefs.js..extensions.enabledAddons: gutscheinmieze%40synatix-gmbh.de:1.03
FF - prefs.js..extensions.enabledAddons: %7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:3.16.0.100
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.4.100013
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=af1ee370-c1f9-4989-ac19-6c1ec3ebdb77&apn_ptnrs=^AAA&apn_sauid=5ACE7A80-4303-479A-8758-F7293EA7A550&apn_dtid=^YYYYYY^YY^DE&&q="
 
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Siebert\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Siebert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.27 22:41:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.28 14:34:01 | 000,000,000 | ---D | M]
 
[2010.07.15 20:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siebert\AppData\Roaming\mozilla\Extensions
[2013.01.01 03:56:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Siebert\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions
[2013.01.01 03:56:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Siebert\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.05.13 17:43:18 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Siebert\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\engine@conduit.com
[2011.05.11 19:18:18 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Siebert\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\engine@plasmoo.com
[2011.10.14 18:18:48 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Siebert\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\ffxtlbr@babylon.com
[2011.05.06 21:14:42 | 000,000,000 | ---D | M] (Gutscheinmieze) -- C:\Users\Siebert\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\gutscheinmieze@synatix-gmbh.de
[2012.06.20 22:50:26 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Siebert\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\toolbar@ask.com
[2010.09.16 20:26:27 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Siebert\AppData\Roaming\mozilla\Firefox\Profiles\e3qmgbf3.default\extensions\vshare@toolbar
[2013.01.02 20:03:41 | 000,002,404 | ---- | M] () -- C:\Users\Siebert\AppData\Roaming\mozilla\firefox\profiles\e3qmgbf3.default\searchplugins\askcom.xml
[2010.07.15 21:09:30 | 000,000,873 | ---- | M] () -- C:\Users\Siebert\AppData\Roaming\mozilla\firefox\profiles\e3qmgbf3.default\searchplugins\conduit.xml
[2011.04.28 18:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Siebert\AppData\Roaming\mozilla\firefox\profiles\e3qmgbf3.default\searchplugins\plasmoo.xml
[2012.02.11 18:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.27 22:41:22 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2012.06.19 21:11:02 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.30 16:23:07 | 000,003,752 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.10.14 18:18:45 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.10.03 23:33:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.19 21:11:02 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.06 21:14:42 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2012.06.19 21:11:02 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 21:11:02 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 21:11:02 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: https://isearch.avg.com/?cid={80C4041B-6D14-472E-996C-A3FF69AFB153}&mid=cf2b51753b0d47d0b033850b0fbb1e2d-94a4d02c730b86f7d5c2b478d817a6b75e2523bf&lang=de&ds=od011&pr=sa&d=2012-09-30 17:23:11&v=12.1.0.20&sap=hp
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = https://isearch.avg.com/search?cid={80C4041B-6D14-472E-996C-A3FF69AFB153}&mid=cf2b51753b0d47d0b033850b0fbb1e2d-94a4d02c730b86f7d5c2b478d817a6b75e2523bf&lang=de&ds=od011&pr=sa&d=2012-09-30 17:23:11&v=12.1.0.20&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - homepage: https://isearch.avg.com/?cid={80C4041B-6D14-472E-996C-A3FF69AFB153}&mid=cf2b51753b0d47d0b033850b0fbb1e2d-94a4d02c730b86f7d5c2b478d817a6b75e2523bf&lang=de&ds=od011&pr=sa&d=2012-09-30 17:23:11&v=12.1.0.20&sap=hp
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Siebert\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: getPlusPlus for Adobe 16263 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Siebert\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Siebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Siebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Siebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\Siebert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Siebert\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Siebert\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EasyDownloads] C:\Program Files (x86)\Easy Downloads\easydownloads.exe (hxxp://izloader.com/)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Siebert\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_E90BCE67979467FA0DC07BE0C508D3DF] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Siebert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Siebert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00A5F9A2-0BDE-4838-AC0E-24094A8A01E4}: NameServer = 212.23.97.2 212.23.97.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7778BCE7-2A10-4702-9287-4D6B9F0A21F5}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB9F53EC-CA10-40D8-B7C0-543D3FA66BF5}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.07.23 15:24:03 | 000,000,131 | RH-- | M] () - D:\autorun.bat -- [ CDFS ]
O32 - AutoRun File - [2012.07.23 15:24:03 | 000,000,063 | RH-- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.03 18:51:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Siebert\Desktop\OTL.exe
[2013.01.03 14:40:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.03 14:35:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.01.03 14:21:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.03 14:21:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.03 14:21:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.03 14:21:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.03 14:20:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.03 14:16:10 | 005,018,169 | R--- | C] (Swearware) -- C:\Users\Siebert\Desktop\ComboFix.exe
[2013.01.03 14:01:14 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Siebert\Desktop\tdsskiller.exe
[2013.01.01 17:37:27 | 000,000,000 | ---D | C] -- C:\Users\Siebert\AppData\Local\.elfohilfe
[2012.12.30 19:04:11 | 000,000,000 | ---D | C] -- C:\Users\Siebert\AppData\Roaming\elsterformular
[2012.12.30 19:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.12.30 19:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2012.12.30 19:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2012.12.09 15:25:02 | 000,000,000 | ---D | C] -- C:\Users\Siebert\Documents\Gabi
[2012.12.09 15:22:34 | 000,000,000 | ---D | C] -- C:\Users\Siebert\Documents\Internat-Juamt
[2012.12.09 01:34:45 | 000,000,000 | ---D | C] -- C:\Users\Siebert\Desktop\Metin2
[2012.12.09 01:30:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.12.09 01:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.09 01:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2 C:\Users\Siebert\Desktop\*.tmp files -> C:\Users\Siebert\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.03 18:51:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Siebert\Desktop\OTL.exe
[2013.01.03 18:48:22 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.03 18:48:22 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.03 18:48:22 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.03 18:48:22 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.03 18:48:22 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.03 18:47:13 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2509783427-3330760283-4264450646-1000UA.job
[2013.01.03 18:47:08 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.03 18:47:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.03 18:47:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.03 17:36:37 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.03 15:25:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2509783427-3330760283-4264450646-1000Core.job
[2013.01.03 15:19:12 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.03 15:19:12 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.03 15:11:28 | 000,440,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.03 15:10:09 | 522,760,191 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.03 14:16:29 | 005,018,169 | R--- | M] (Swearware) -- C:\Users\Siebert\Desktop\ComboFix.exe
[2013.01.03 14:01:24 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Siebert\Desktop\tdsskiller.exe
[2013.01.01 18:03:21 | 000,159,620 | ---- | M] () -- C:\Users\Siebert\Desktop\ESt2011_SIEBERT_GABRIELE_Final_Final.elfo
[2012.12.30 19:03:34 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.12.29 16:26:58 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2012.12.28 00:12:48 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.12.26 15:49:19 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_MONTHLY.job
[2012.12.15 12:17:29 | 000,000,702 | ---- | M] () -- C:\Users\Siebert\Desktop\Bibliotheken - Verknüpfung (2).lnk
[2012.12.10 15:45:06 | 000,056,576 | ---- | M] () -- C:\Users\Siebert\Documents\päckchen.xps
[2012.12.09 01:30:54 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.12.07 13:06:46 | 000,019,728 | ---- | M] () -- C:\Users\Siebert\Desktop\kaffeemaschine.jpg
[2012.12.07 13:05:17 | 000,033,537 | ---- | M] () -- C:\Users\Siebert\Desktop\Kaffeemaschine_2.jpg
[2 C:\Users\Siebert\Desktop\*.tmp files -> C:\Users\Siebert\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.03 14:21:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.03 14:21:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.03 14:21:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.03 14:21:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.03 14:21:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.03 03:01:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.01.01 17:19:50 | 000,159,620 | ---- | C] () -- C:\Users\Siebert\Desktop\ESt2011_SIEBERT_GABRIELE_Final_Final.elfo
[2012.12.30 19:03:34 | 000,001,233 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.12.29 03:06:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.15 12:17:29 | 000,000,702 | ---- | C] () -- C:\Users\Siebert\Desktop\Bibliotheken - Verknüpfung (2).lnk
[2012.12.10 15:44:40 | 000,056,576 | ---- | C] () -- C:\Users\Siebert\Documents\päckchen.xps
[2012.12.07 13:10:29 | 000,033,537 | ---- | C] () -- C:\Users\Siebert\Desktop\Kaffeemaschine_2.jpg
[2012.12.07 13:07:05 | 000,019,728 | ---- | C] () -- C:\Users\Siebert\Desktop\kaffeemaschine.jpg
[2012.09.01 15:04:03 | 001,806,336 | ---- | C] () -- C:\Windows\SysWow64\speedtreert.dll
[2012.05.27 20:57:12 | 000,000,000 | ---- | C] () -- C:\Users\Siebert\defogger_reenable
[2011.11.13 23:37:35 | 000,000,000 | ---- | C] () -- C:\Users\Siebert\AppData\Local\{39B99734-236D-40B7-90AC-7444B93AAD31}
[2011.10.28 17:13:00 | 000,174,756 | ---- | C] () -- C:\Users\Siebert\Mojo verde.pdf
[2011.10.28 16:46:09 | 000,145,485 | ---- | C] () -- C:\Users\Siebert\Aioli.pdf
[2011.10.28 16:44:18 | 000,000,839 | ---- | C] () -- C:\Users\Siebert\.recently-used.xbel
[2011.10.28 16:29:36 | 000,004,096 | -H-- | C] () -- C:\Users\Siebert\AppData\Local\keyfile3.drm
[2011.05.07 12:11:58 | 000,000,000 | ---- | C] () -- C:\Users\Siebert\AppData\Local\{8D669B6F-E7BF-47F2-88C6-D42C0A7BCD33}
[2011.05.06 21:14:56 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011.05.06 21:14:56 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011.01.23 17:56:02 | 000,000,043 | ---- | C] () -- C:\Users\Siebert\.gtk-bookmarks
[2011.01.03 14:54:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.01 19:53:35 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.05.17 04:40:25 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
 
========== ZeroAccess Check ==========
 
[2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\L
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\U
[2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Siebert\AppData\Local\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Siebert\AppData\Local\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\L
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Siebert\AppData\Local\{b99f63cd-6ea5-5866-3dd6-8f764413191e}\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.12.25 23:24:52 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\Amazon
[2010.08.26 23:50:47 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\Auslogics
[2011.10.14 18:18:44 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\Babylon
[2012.09.01 15:03:50 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\dll-files.com
[2012.09.30 11:03:23 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\DVDVideoSoft
[2012.09.30 11:02:17 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.30 19:04:13 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\elsterformular
[2011.04.10 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\Esku
[2011.04.16 15:52:10 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\gtk-2.0
[2011.05.06 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\Gutscheinmieze
[2012.09.30 11:01:55 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\OpenCandy
[2011.04.10 19:41:45 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\Qoniyc
[2012.04.30 13:01:37 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\TeamViewer
[2012.08.13 23:42:28 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\TS3Client
[2011.05.17 16:42:14 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\Verbindungsassistent
[2012.08.15 03:04:51 | 000,000,000 | ---D | M] -- C:\Users\Siebert\AppData\Roaming\XSManager
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Was muß ich nun tun?
Vielen herzlichen Dank für die Hilfestellung.
Grüße
Gabi

Alt 03.01.2013, 20:57   #8
Larusso
/// Selecta Jahrusso
 
TR/Crypt.TPM.Gen - Standard

TR/Crypt.TPM.Gen



Hy.

Deinstalliere bitte:
Babylon toolbar on IE
DVDVideoSoftTB Toolbar
Gutscheinmieze - Toolbar
McAfee Security Scan Plus


Starte danach den Rechner neu auf.



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:
    ATTFilter
    Folder::
    C:\Windows\Installer\{b99f63cd-6ea5-5866-3dd6-8f764413191e}
    C:\Users\Siebert\AppData\Local\{b99f63cd-6ea5-5866-3dd6-8f764413191e}
    File::
    C:\Windows\assembly\Desktop.ini
    ClearJavaCache::
    Reboot::
             
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 04.01.2013, 14:57   #9
sgp41
 
TR/Crypt.TPM.Gen - Standard

TR/Crypt.TPM.Gen



Hallo Daniel,
habe es gestern noch die halbe Nacht versucht und auch heute Vormittag, aber leider erfolglos. Ich ziehe auf dem Desktop die CFScript.txt in die ComboFix.exe,
ComboFix startet auch aber bleibt bei Stufe 4 hängen.
Habe Anitvir abgestellt, aber es funktioniert nicht. Kannst Du mir sagen was ich falsch mache?
VG
Gabi

Alt 04.01.2013, 15:06   #10
Larusso
/// Selecta Jahrusso
 
TR/Crypt.TPM.Gen - Standard

TR/Crypt.TPM.Gen



Versuchen wir es mal im abgesicherten Modus.


Gehe in den abgesicherten Modus (Link bitte unbedingt anklicken & lesen!) von windows
  • Starte den Rechner neu auf.
  • Sobald du den Rechner das erste mal piepen hörst, drücke die F8 Taste. ( Dies kann von System zu System variieren )
  • Windows wird dir ein Auswahlmenu geben anstatt sich normal zu starten.
  • Wähle hier Abgesicherter Modus und drücke Enter.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 05.01.2013, 18:36   #11
sgp41
 
TR/Crypt.TPM.Gen - Standard

TR/Crypt.TPM.Gen



Hallo Daniel,
super, im abgesicherten Modus gat es funktioniert. Hier die txt Datei:

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-05.01 - Siebert 05.01.2013  18:11:51.6.8 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6126.5197 [GMT 1:00]
ausgeführt von:: c:\users\Siebert\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Siebert\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\assembly\Desktop.ini"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\Desktop.ini
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-05 bis 2013-01-05  ))))))))))))))))))))))))))))))
.
.
2013-01-05 17:18 . 2013-01-05 17:18	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-04 09:51 . 2012-11-19 00:01	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E755C8CC-7D0F-4392-9387-0926A0635C03}\mpengine.dll
2013-01-03 02:02 . 2012-11-14 07:11	763424	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2013-01-03 02:02 . 2012-11-14 06:04	1346048	----a-w-	c:\windows\system32\urlmon.dll
2013-01-03 02:02 . 2012-11-14 06:02	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2013-01-03 02:02 . 2012-11-14 06:04	1392128	----a-w-	c:\windows\system32\wininet.dll
2013-01-03 02:02 . 2012-11-14 05:55	729088	----a-w-	c:\windows\system32\msfeeds.dll
2013-01-03 02:02 . 2012-11-14 05:59	85504	----a-w-	c:\windows\system32\jsproxy.dll
2013-01-03 02:02 . 2012-11-14 06:06	887296	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2013-01-03 02:01 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2013-01-03 02:01 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2013-01-03 02:01 . 2012-07-26 03:08	229888	----a-w-	c:\windows\system32\WUDFHost.exe
2013-01-03 02:01 . 2012-07-26 03:08	84992	----a-w-	c:\windows\system32\WUDFSvc.dll
2013-01-03 02:01 . 2012-07-26 03:08	744448	----a-w-	c:\windows\system32\WUDFx.dll
2013-01-03 02:01 . 2012-07-26 03:08	45056	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2013-01-03 02:01 . 2012-07-26 03:08	194048	----a-w-	c:\windows\system32\WUDFPlatform.dll
2013-01-03 02:01 . 2012-07-26 02:26	87040	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2013-01-03 02:01 . 2012-07-26 02:26	198656	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2013-01-01 16:37 . 2013-01-01 16:45	--------	d-----w-	c:\users\Siebert\AppData\Local\.elfohilfe
2012-12-30 18:04 . 2012-12-30 18:04	--------	d-----w-	c:\users\Siebert\AppData\Roaming\elsterformular
2012-12-30 18:03 . 2012-12-30 18:03	--------	d-----w-	c:\programdata\elsterformular
2012-12-30 18:02 . 2012-12-30 18:02	--------	d-----w-	c:\program files (x86)\ElsterFormular
2012-12-29 02:06 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-12-29 02:06 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-12-29 02:06 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-12-29 02:06 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-12-29 02:01 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-29 02:01 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-27 21:41 . 2012-12-27 21:41	96224	----a-w-	c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-12-27 21:41 . 2012-12-27 21:41	157272	----a-w-	c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-12-17 09:58 . 2012-10-04 17:41	1161216	----a-w-	c:\windows\system32\kernel32.dll
2012-12-17 09:58 . 2012-10-04 15:21	338432	----a-w-	c:\windows\system32\conhost.exe
2012-12-17 09:58 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-12-17 09:58 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-16 14:08 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-16 14:08 . 2012-11-09 04:42	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-12-16 14:08 . 2012-11-22 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2012-12-09 00:30 . 2012-12-09 00:30	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-12-09 00:30 . 2012-12-09 00:30	--------	d-----r-	c:\program files (x86)\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-02 19:03 . 2012-08-24 15:30	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-02 19:03 . 2012-08-24 15:30	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-01 18:31 . 2011-10-18 20:06	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-01-01 18:30 . 2011-10-18 20:05	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-01 18:30 . 2011-10-18 20:05	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-27 23:12 . 2010-08-01 18:53	952	--sha-w-	c:\programdata\KGyGaAvL.sys
2012-12-16 20:23 . 2010-07-28 11:52	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-11-26 15:39 . 2011-11-24 22:02	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-18 13:35 . 2012-11-18 13:35	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2012-11-18 13:35 . 2012-11-18 13:35	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-3\StartResources.dll
2012-11-15 20:24 . 2011-11-02 21:03	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-11-15 20:24 . 2011-11-02 21:03	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-10-25 02:12 . 2012-10-25 02:12	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-10-16 08:38 . 2012-11-27 19:03	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 19:03	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 19:03	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 15:29	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 15:29	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 15:29	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 15:29	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Siebert\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-13 138096]
"GoogleChromeAutoLaunch_E90BCE67979467FA0DC07BE0C508D3DF"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2012-12-05 1242728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-21 597792]
"starter4g"="c:\windows\starter4g.exe" [2010-04-30 160424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"EasyDownloads"="c:\program files (x86)\Easy Downloads\easydownloads.exe" [2011-10-14 854040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-13 348664]
"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2010-02-24 99696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Siebert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"62.75.206.182,255.255.255.255,192.168.2.112,1"=""
"173.245.61.58,255.255.255.255,192.168.2.112,1"=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 67952]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-03-18 334888]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-18 39464]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2011-04-05 117888]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-03-03 158720]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 115568]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-03-19 93184]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-03-19 77312]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 108400]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 422768]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-18 852336]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 529776]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-19 386416]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2010-04-12 329168]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-04-30 145064]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-02-11 12032]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 302448]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-10-20 393216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 19:03]
.
2012-12-26 c:\windows\Tasks\DLL-files.com Fixer_MONTHLY.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-09-01 12:12]
.
2013-01-05 c:\windows\Tasks\DLL-files.com Fixer_UPDATES.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2012-09-01 12:12]
.
2013-01-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509783427-3330760283-4264450646-1000Core.job
- c:\users\Siebert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-28 13:20]
.
2013-01-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2509783427-3330760283-4264450646-1000UA.job
- c:\users\Siebert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-28 13:20]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 03:34]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-17 03:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-25 10060320]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"62.75.206.182,255.255.255.255,192.168.2.112,1"=""
"173.245.61.58,255.255.255.255,192.168.2.112,1"=""
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Siebert\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{00A5F9A2-0BDE-4838-AC0E-24094A8A01E4}: NameServer = 212.23.97.2 212.23.97.3
FF - ProfilePath - c:\users\Siebert\AppData\Roaming\Mozilla\Firefox\Profiles\e3qmgbf3.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-Metin2_is1 - c:\program files (x86)\Metin2\unins000.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-05  18:30:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-05 17:30
ComboFix2.txt  2013-01-03 13:40
.
Vor Suchlauf: 18 Verzeichnis(se), 390.209.986.560 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 389.900.881.920 Bytes frei
.
- - End Of File - - 58B829709DEE20A0265A6273161E9DC1
         
--- --- ---


Was muß ich nun tun?
VG Gabi

Alt 05.01.2013, 19:01   #12
Larusso
/// Selecta Jahrusso
 
TR/Crypt.TPM.Gen - Standard

TR/Crypt.TPM.Gen



Hy. Sieht eigentlich alles ganz gut aus.



Update bitte Malwarebytes und lass einen QuickScan laufen.
Entferne alle Funde und poste die Logfile hier.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 06.01.2013, 20:10   #13
sgp41
 
TR/Crypt.TPM.Gen - Standard

TR/Crypt.TPM.Gen



Hallo Daniel,

hier die Logfile vin Malwarebyte:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.05.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Siebert :: SIEBERT-VAIO [Administrator]

06.01.2013 00:15:06
mbam-log-2013-01-06 (00-15-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 224116
Laufzeit: 4 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)



Und hier die Logfile von Eset (war etwas schwierig, da der Scanner unheimlich lange brauchte):

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=945f6842c67c604cb60a22e1cd6383f0
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-06 01:58:40
# local_time=2013-01-06 02:58:40 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 98 77612 222904010 0 0
# compatibility_mode=5893 16776573 100 94 187620 109110570 0 0
# scanned=230596
# found=1
# cleaned=0
# scan_time=52024
C:\Users\Siebert\Downloads\vlc-1.1.9-win32.exe Win32/StartPage.OIE trojan (unable to clean) 1D435CA0C4BA455742225989F95CC529198E86DB I
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=945f6842c67c604cb60a22e1cd6383f0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-06 05:04:07
# local_time=2013-01-06 06:04:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1799 16775165 100 98 88739 222915137 81519 0
# compatibility_mode=5893 16776573 100 94 198747 109121697 0 0
# scanned=231290
# found=1
# cleaned=0
# scan_time=11022
C:\Users\Siebert\Downloads\vlc-1.1.9-win32.exe Win32/StartPage.OIE trojan (unable to clean) 1D435CA0C4BA455742225989F95CC529198E86DB I


Was mache ich nun?

VG Gabi

Alt 06.01.2013, 20:31   #14
Larusso
/// Selecta Jahrusso
 
TR/Crypt.TPM.Gen - Standard

TR/Crypt.TPM.Gen



Wenn du mit Defogger irgendwelche Treiber deaktiviert hast,
starte bitte Defogger und klicke den Re-enable Button.
Defogger wir gegebenfalls einen Neustart verlangen. Dies bitte zulassen.

Wichtig: Sollte es eine Fehlermeldung geben, poste bitte die Defogger_reenable Log hier.



Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
ATTFilter
Combofix /Uninstall
         


Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.



Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Belasse die Einstellungen wie sie sind.
  • Klicke auf Start.
  • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
Dies sollte alle von uns verwendeten Tools entfernen. Falls nicht, bitte manuell entfernen.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher, immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Eine out of date Anti Virensoftware ist nutzlos!


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.


Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 08.01.2013, 17:55   #15
sgp41
 
TR/Crypt.TPM.Gen - Icon24

TR/Crypt.TPM.Gen



Hallo Daniel,

vielen herzlichen Dank für die tolle Unterstützung. Es scheint tatsächlich alles bereinigt zu sein, die Virenprogramme haben auch heute nichts mehr gefunden.
Klasse Arbeit. Werde zukünftig sehr vorsichtig sein.

Viele Grüsse
Gabi

Antwort

Themen zu TR/Crypt.TPM.Gen
7-zip, antivir, avg secure search, avira, babylontoolbar, bho, bonjour, cid, converter, desktop, error, excel, firefox, flash player, google, home, install.exe, limited.com/facebook, logfile, mp3, realtek, registry, secure search, security, senden, server, software, symantec, teamspeak, tr/crypt., trojaner, windows



Ähnliche Themen: TR/Crypt.TPM.Gen


  1. TR/Crypt.ZPACK.*, TR.Crypt.XPACK.*, nicht gefundene AdWare
    Log-Analyse und Auswertung - 12.11.2015 (10)
  2. avira findet : tr/crypt.zpack.36522 ,tr/crypt.xpack.gen ,adware/installcore.gen
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (4)
  3. AntiVir hat folgede Viren gefunden: TR/Crypt.ZPACK.Gen2' & 'TR/Crypt.XPACK.Gen5' [trojan
    Plagegeister aller Art und deren Bekämpfung - 26.09.2012 (33)
  4. Probleme mit .NET Framework, windows update und Systemwiederherstellung, Trojaner TR/Crypt.XPACK.Gen8, TR/Crypt.ULPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (11)
  5. TR/Crypt.EPACK.Gen8, TR/Crypt.XPACK.Gen, TR/Vcaredrix.A.3 und einige EXP/CVE-xx, EXP/2010-xx Viren.
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (7)
  6. TR/Crypt.XPACK.Gen8 - TR/Crypt.EPACK.Gen2 - TR/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (18)
  7. TR/Crypt.XPACK.Gen5, TR/Crypt.ZPACK.Gen2, TR/Fake.Rean.3394, TR/PSW.Fareit.A.64
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (30)
  8. TR/Crypt.XPACK.Gen und TR/Crypt.ZPACK.Gen2 gefunden PC extrem langsam
    Log-Analyse und Auswertung - 19.10.2011 (8)
  9. Kurze Fragen zu TR/Crypt.XPACK.Gen + TR/Crypt.ZPACK.Gen + Avira Scan
    Plagegeister aller Art und deren Bekämpfung - 02.12.2010 (3)
  10. W32/Induc.A, TR/Dropper.Gen, TR/Crypt.ZPACK.Gen, TR/Crypt.XPACK.Gen3 gefunden - wie entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.12.2010 (5)
  11. Massenweise Viren werden in Windows/Temp erstellt (Tr/Crypt.xpack.Gen3+TR/Crypt.Pepn.Gen und andere)
    Plagegeister aller Art und deren Bekämpfung - 08.10.2010 (6)
  12. TR/dldr.swizzor.gen2, TR/crypt.xpack.gen, TR/crypt.zpack.gen unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (15)
  13. Trojaner TR/Vundo.Gen TR/Crypt.XPACK.Gen TR/Crypt.Morphine.Gen
    Log-Analyse und Auswertung - 09.04.2010 (4)
  14. Massives Trojaner Problem TR/Crypt.XPACK.Gen TR/dropper.Gen TR/Crypt.ASPM.Gen
    Plagegeister aller Art und deren Bekämpfung - 21.03.2010 (1)
  15. 3 Trojaner: TR/FraudPack.240128 TR/Crypt.XPACK.Gen TR/Crypt.ZPACK.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.01.2010 (1)
  16. Heftiger Trojaner Befall Crypt.XPACK.Gen/Click.YABECTOR.B.1/ Crypt.PEPM.Gen
    Log-Analyse und Auswertung - 28.12.2009 (1)
  17. TR/Crypt.IL,TR/Crypt.FSPM.Gen,TR/Dldr.Agent.vxo,etc.;formatieren wird geblockt
    Plagegeister aller Art und deren Bekämpfung - 03.05.2009 (1)

Zum Thema TR/Crypt.TPM.Gen - Hallo zusammen, mein Antivir meldete mir gerade den Trojaner TR/Crypt.TPM.Gen und hat ihn in Quarantäne verschoben. Bin nach Eurer Anweisung vorgegangen und habe als erstes defogger geladen und den Rechner - TR/Crypt.TPM.Gen...
Archiv
Du betrachtest: TR/Crypt.TPM.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.