Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.01.2013, 11:14   #1
Clifford
 
C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen - Standard

C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen



Hallo Community,

ich habe letztens einen vollständigen System-Scan mit AntiVir durchgeführt. Es gab während dessen meherer Funde. Ich hab die betroffenen Dateien anschließend In Quarantäne schieben lassen.
Seitdem taucht die im Thema genannte Meldung auf.
Leider kann ich denn ausführlichen Bericht von AntiVir nicht mehr posten das AntiVir diesen aufgrund ungünstiger Einstellung schon automatisch gelöscht hat.
Anbei hab ich zumindest Log-Files der Fundsachen angefügt.
Wie sollte ich ich jetzt vorgehen?

MfG




Typ: Datei
Quelle: C:\Users\bumblebee\wgsdgsdgdsgsd.dll
Status: Infiziert
Quarantäne-Objekt: 54db098b.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.224
Virendefinitionsdatei: 7.11.54.132
Meldung: TR/Crypt.ZPACK.Gen8
Datum/Uhrzeit: 21.12.2012, 00:41


Typ: Datei
Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\6e15cd83-5420b045
Status: Infiziert
Quarantäne-Objekt: 781202ab.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.222
Virendefinitionsdatei: 7.11.54.118
Meldung: EXP/2008-5353.AO.1
Datum/Uhrzeit: 21.12.2012, 00:06


Typ: Datei
Quelle: C:\Users\bumblebee\AppData\Local\Temp\jar_cache9048985776644632411.tmp
Status: Infiziert
Quarantäne-Objekt: 42cc1df0.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.222
Virendefinitionsdatei: 7.11.54.118
Meldung: EXP/2010-0840.CQ.2
Datum/Uhrzeit: 21.12.2012, 00:06


Typ: Datei
Quelle: D:\Dokumente und Einstellungen\Bumblebee\Eigene Dateien\Downloads\Partition+Magic.exe
Status: Infiziert
Quarantäne-Objekt: 54ac3822.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.222
Virendefinitionsdatei: 7.11.54.118
Meldung: APPL/Solimba.Gen
Datum/Uhrzeit: 21.12.2012, 00:06


Typ: Datei
Quelle: D:\Dokumente und Einstellungen\Bumblebee\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\58ce481b-3f008b81
Status: Infiziert
Quarantäne-Objekt: 4c4817fc.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.222
Virendefinitionsdatei: 7.11.54.118
Meldung: TR/Maljava.A.86
Datum/Uhrzeit: 21.12.2012, 00:06


Typ: Datei
Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\2a0e8e8c-462637e0
Status: Infiziert
Quarantäne-Objekt: 3d912f91.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.222
Virendefinitionsdatei: 7.11.54.118
Meldung: EXP/CVE-2012-0507.A.434
Datum/Uhrzeit: 21.12.2012, 00:06


Typ: Datei
Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\3192f7e9-6c9274eb
Status: Infiziert
Quarantäne-Objekt: 1e2d4d1d.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.222
Virendefinitionsdatei: 7.11.54.118
Meldung: EXP/CVE-2012-4681.A.165
Datum/Uhrzeit: 21.12.2012, 00:06


Typ: Datei
Quelle: C:\Users\bumblebee\Downloads\flvplayer-setup.exe
Status: Infiziert
Quarantäne-Objekt: 56bb941e.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.132
Virendefinitionsdatei: 7.11.40.176
Meldung: ADWARE/DownAdmin.D
Datum/Uhrzeit: 23.08.2012, 16:06


Typ: Datei
Quelle: C:\Program Files (x86)\FoxTabFLVPlayer\FLVPlayer.exe
Status: Infiziert
Quarantäne-Objekt: 55e98e20.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.120
Virendefinitionsdatei: 7.11.38.48
Meldung: ADWARE/InstallCore.Gen
Datum/Uhrzeit: 31.07.2012, 20:34


Typ: Datei
Quelle: C:\Users\bumblebee\Downloads\FLVPlayer30Upgrade.exe
Status: Infiziert
Quarantäne-Objekt: 56970d54.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.120
Virendefinitionsdatei: 7.11.38.48
Meldung: APPL/InstallIQ.Gen5
Datum/Uhrzeit: 31.07.2012, 12:12


Typ: Datei
Quelle: F:\Qoobox\Quarantine\C\Users\Clifford\AppData\Local\{0533EE76-5A3E-44BC-8152-9CCCA3A5EC43}\chrome\content\overlay.xul.vir
Status: Infiziert
Quarantäne-Objekt: 565c080b.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.80
Virendefinitionsdatei: 7.11.32.52
Meldung: JS/Hiloti.C.1
Datum/Uhrzeit: 07.06.2012, 15:24


Typ: Datei
Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\1974269c-151bbcb2
Status: Infiziert
Quarantäne-Objekt: 416c18e3.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.80
Virendefinitionsdatei: 7.11.32.52
Meldung: EXP/CVE-2011-3544
Datum/Uhrzeit: 07.06.2012, 14:22


Typ: Datei
Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\2db9d472-222cbe67
Status: Infiziert
Quarantäne-Objekt: 1df14811.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.80
Virendefinitionsdatei: 7.11.32.52
Meldung: EXP/JAVA.Ternub.Gen
Datum/Uhrzeit: 07.06.2012, 14:22


Typ: Datei
Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\5f0ec4a2-3afff761
Status: Infiziert
Quarantäne-Objekt: 3e702aef.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.80
Virendefinitionsdatei: 7.11.32.52
Meldung: EXP/CVE-2010-0840
Datum/Uhrzeit: 07.06.2012, 14:22


Typ: Datei
Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\3f397e29-6ba6de1f
Status: Infiziert
Quarantäne-Objekt: 7bf707d1.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.80
Virendefinitionsdatei: 7.11.32.52
Meldung: EXP/JAVA.Ternub.Gen
Datum/Uhrzeit: 07.06.2012, 14:22


Typ: Datei
Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\17db837e-13a9b831
Status: Infiziert
Quarantäne-Objekt: 573f3d33.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.80
Virendefinitionsdatei: 7.11.32.52
Meldung: EXP/CVE-2010-0840.HD
Datum/Uhrzeit: 07.06.2012, 14:22


Typ: Datei
Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\72cecafd-78b8ac04
Status: Infiziert
Quarantäne-Objekt: 4faf12af.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.80
Virendefinitionsdatei: 7.11.32.52
Meldung: EXP/JAVA.Ternub.Gen
Datum/Uhrzeit: 07.06.2012, 14:22


Typ: Datei
Quelle: C:\Users\bumblebee\AppData\Local\Mozilla\Firefox\Profiles\di0dag23.default\Cache\4\B9\68289d01
Status: Infiziert
Quarantäne-Objekt: 497403a5.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.28
Virendefinitionsdatei: 7.11.26.88
Meldung: HTML/Malicious.PDF.Gen
Datum/Uhrzeit: 29.03.2012, 20:53


Typ: Datei
Quelle: C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\43c9a235-36143bd0
Status: Infiziert
Quarantäne-Objekt: 4a4b0549.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.28
Virendefinitionsdatei: 7.11.26.88
Meldung: EXP/CVE-2011-3544
Datum/Uhrzeit: 29.03.2012, 20:53


Typ: Datei
Quelle: C:\Users\bumblebee\AppData\Local\Temp\plugtmp-21\plugin-xnivhphmxwiukoi.pdf
Status: Infiziert
Quarantäne-Objekt: 4acb64dd.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.08.44
Virendefinitionsdatei: 7.11.21.193
Meldung: EXP/Pidief.ajl
Datum/Uhrzeit: 27.01.2012, 17:15


Typ: Datei
Quelle: C:\Users\bumblebee\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
Status: Infiziert
Quarantäne-Objekt: 4a5ee82f.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.08.34
Virendefinitionsdatei: 7.11.21.141
Meldung: TR/Crypt.ZPACK.Gen
Datum/Uhrzeit: 25.01.2012, 01:06


Typ: Datei
Quelle: C:\Users\bumblebee\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
Status: Infiziert
Quarantäne-Objekt: 4a4c42ff.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.08.34
Virendefinitionsdatei: 7.11.21.141
Meldung: TR/Crypt.ZPACK.Gen
Datum/Uhrzeit: 24.01.2012, 18:23

Alt 22.01.2013, 11:17   #2
markusg
/// Malware-holic
 
C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen - Standard

C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen



hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 22.01.2013, 11:41   #3
Clifford
 
C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen - Standard

C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.01.2013 12:22:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\bumblebee\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,90 Gb Available Physical Memory | 72,59% Memory free
8,00 Gb Paging File | 6,57 Gb Available in Paging File | 82,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,14 Gb Total Space | 119,10 Gb Free Space | 48,78% Space Free | Partition Type: NTFS
Drive D: | 210,52 Gb Total Space | 102,24 Gb Free Space | 48,57% Space Free | Partition Type: NTFS
Drive E: | 11,10 Gb Total Space | 11,01 Gb Free Space | 99,21% Space Free | Partition Type: NTFS
Drive F: | 6,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TRANSISTOR | User Name: bumblebee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.22 12:20:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bumblebee\Desktop\OTL.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.12 10:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.08.08 12:15:27 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.28 16:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2012.06.21 17:43:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.05.08 13:34:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 10:13:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.18 16:11:22 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2009.05.18 13:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.03.15 17:38:30 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.21 13:16:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.09 01:14:17 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.19 16:56:30 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.11 13:57:17 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.21 17:43:16 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.05.08 13:34:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 10:13:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.09.21 20:03:12 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.09.21 20:03:12 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.05.08 13:34:35 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 13:34:35 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.15 17:38:30 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.09.30 20:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.09.30 20:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.01.07 03:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187)
DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=b829ebd10000000000000015af28c496
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20120102,16981,0,26,0"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.140.0
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.66.2
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@innoplus.de/inoPanoViewer: C:\Program Files (x86)\innoPlus\Rundum-Betrachter-innoPlus\npirsviewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.11.22 12:54:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.21 13:16:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.21 13:16:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.14 12:16:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.01.14 12:16:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.21 13:16:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.21 13:16:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.14 12:16:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.01.14 12:16:15 | 000,000,000 | ---D | M]
 
[2011.11.17 21:49:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bumblebee\AppData\Roaming\mozilla\Extensions
[2013.01.18 19:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\di0dag23.default\extensions
[2012.10.28 19:41:24 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\di0dag23.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2011.11.30 18:32:19 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\di0dag23.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.06.11 13:11:44 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\di0dag23.default\extensions\battlefieldheroespatcher@ea.com
[2012.06.14 11:22:44 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\bumblebee\AppData\Roaming\mozilla\Firefox\Profiles\di0dag23.default\extensions\battlefieldplay4free@ea.com
[2013.01.18 19:22:45 | 000,266,840 | ---- | M] () (No name found) -- C:\Users\bumblebee\AppData\Roaming\mozilla\firefox\profiles\di0dag23.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.01.21 13:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.21 13:16:01 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.09 00:17:04 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.08.29 13:33:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.09 01:32:58 | 000,002,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.117.1.25 89.16.129.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3705DFE0-6E76-4EB1-8044-8ADF5BCBA054}: DhcpNameServer = 62.117.1.25 89.16.129.25
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.01 13:21:49 | 001,418,544 | R--- | M] (Codemasters Software Co.) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.02.26 14:51:29 | 000,000,067 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2011.02.28 17:42:54 | 000,467,168 | R--- | M] (Electronic Arts) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2011.02.28 17:58:30 | 000,000,000 | ---D | M] - G:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2011.02.28 17:58:24 | 003,582,976 | R--- | M] () - G:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2011.02.28 17:58:24 | 000,000,152 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{25a55bee-041e-11e2-a197-001d60390bac}\Shell - "" = AutoRun
O33 - MountPoints2\{25a55bee-041e-11e2-a197-001d60390bac}\Shell\AutoRun\command - "" = L:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.22 12:20:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\bumblebee\Desktop\OTL.exe
[2013.01.22 11:53:35 | 000,000,000 | ---D | C] -- C:\Users\bumblebee\Desktop\mbar
[2013.01.21 13:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.14 12:16:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.01.08 23:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.22 12:20:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bumblebee\Desktop\OTL.exe
[2013.01.22 12:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.22 11:54:04 | 000,000,998 | ---- | M] () -- C:\Users\bumblebee\Desktop\mbar - Verknüpfung.lnk
[2013.01.22 11:46:59 | 000,025,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.22 11:46:59 | 000,025,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.22 11:39:33 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.22 11:39:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.22 11:39:19 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.22 00:37:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.13 23:46:17 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.01.13 23:46:17 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.13 23:46:00 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.01.09 02:07:01 | 000,297,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.09 01:22:18 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.09 01:22:18 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.09 01:22:18 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.09 01:22:18 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.09 01:22:18 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.08 23:14:48 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.01.08 23:14:48 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.22 11:54:04 | 000,000,998 | ---- | C] () -- C:\Users\bumblebee\Desktop\mbar - Verknüpfung.lnk
[2013.01.08 23:14:48 | 000,001,877 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2013.01.08 23:14:48 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.12.20 21:52:16 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.15 17:39:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.01.05 02:17:21 | 000,000,082 | ---- | C] () -- C:\Windows\SysWow64\Sun Clock 6.ini
[2012.01.05 02:15:59 | 001,269,644 | ---- | C] () -- C:\Windows\WKB  NASA ScreenSaver.dat
[2012.01.05 01:56:11 | 005,378,912 | ---- | C] () -- C:\Windows\Wallpaper Sexy Girls 2006.dat
[2012.01.05 01:56:11 | 000,180,224 | ---- | C] () -- C:\Windows\UninstallWSST.exe
[2011.11.23 00:11:18 | 000,007,681 | ---- | C] () -- C:\Users\bumblebee\AppData\Local\Resmon.ResmonCfg
[2011.11.17 23:20:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.11.17 22:57:27 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.17 22:57:26 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.31 23:14:20 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\Amazon
[2012.11.09 16:07:58 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\Applian FLV and Media Player
[2012.01.09 00:17:02 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\Babylon
[2011.11.17 21:54:31 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\IrfanView
[2012.01.05 01:41:12 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\Laconic Software
[2012.01.05 02:32:22 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\Map Maker
[2012.04.16 13:05:27 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\Need for Speed World
[2011.12.15 14:14:01 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\OpenOffice.org
[2012.11.30 15:14:25 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\Origin
[2012.01.31 12:36:57 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\pdfforge
[2012.05.10 13:17:21 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\Thunderbird
[2012.12.13 11:08:33 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\TS3Client
[2012.01.05 02:08:57 | 000,000,000 | ---D | M] -- C:\Users\bumblebee\AppData\Roaming\YoWindow
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.12.18 17:19:37 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.01.30 16:44:55 | 000,000,000 | ---D | M] -- C:\AMD
[2011.11.17 22:05:23 | 000,000,000 | ---D | M] -- C:\ATI
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.11.17 21:36:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.11.18 06:21:17 | 000,000,000 | ---D | M] -- C:\Drivers
[2011.11.18 06:21:17 | 000,000,000 | ---D | M] -- C:\Hotfix
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.08.31 12:11:24 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.21 14:28:49 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.21 00:40:24 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.11.17 21:36:55 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.11.17 21:36:55 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.05.15 06:11:24 | 000,000,000 | ---D | M] -- C:\Sicherung Intenso Stick
[2013.01.22 12:24:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.17 21:37:01 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.14 11:29:04 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.28 16:23:29 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.03.29 10:22:56 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.03.29 10:22:56 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.01.22 12:34:15 | 002,883,584 | -HS- | M] () -- C:\Users\bumblebee\NTUSER.DAT
[2013.01.22 12:34:15 | 000,262,144 | -HS- | M] () -- C:\Users\bumblebee\ntuser.dat.LOG1
[2011.11.17 21:37:01 | 000,000,000 | -HS- | M] () -- C:\Users\bumblebee\ntuser.dat.LOG2
[2011.11.17 23:19:17 | 000,065,536 | -HS- | M] () -- C:\Users\bumblebee\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.11.17 23:19:17 | 000,524,288 | -HS- | M] () -- C:\Users\bumblebee\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.11.17 23:19:17 | 000,524,288 | -HS- | M] () -- C:\Users\bumblebee\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.11.17 21:37:01 | 000,000,020 | -HS- | M] () -- C:\Users\bumblebee\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.01.2013 12:22:02 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\bumblebee\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,90 Gb Available Physical Memory | 72,59% Memory free
8,00 Gb Paging File | 6,57 Gb Available in Paging File | 82,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 244,14 Gb Total Space | 119,10 Gb Free Space | 48,78% Space Free | Partition Type: NTFS
Drive D: | 210,52 Gb Total Space | 102,24 Gb Free Space | 48,57% Space Free | Partition Type: NTFS
Drive E: | 11,10 Gb Total Space | 11,01 Gb Free Space | 99,21% Space Free | Partition Type: NTFS
Drive F: | 6,42 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,59 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TRANSISTOR | User Name: bumblebee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C0C4E47-5AD9-473F-A916-1ECB2F2155E1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{36E73970-44B3-4E54-B693-ECB540F5E232}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3DFF26D8-9609-466F-8CF0-780765BC3967}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5499DD91-715C-4E34-839D-9883729556FE}" = lport=57654 | protocol=6 | dir=in | name=pando media booster | 
"{60BE364B-2B3A-430F-BE96-AAD281B64BF3}" = lport=57654 | protocol=17 | dir=in | name=pando media booster | 
"{60C3EFAA-0664-4D60-ACE1-E8C3AE9147C9}" = rport=137 | protocol=17 | dir=out | app=system | 
"{63B17E61-25E3-4B63-9112-D676BD27BBE5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{659CFF77-5D41-460B-98E0-49CBCEEF3C4C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{72352618-2F79-4CD4-9D1C-637025DD5AD4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7D8018A6-A38F-4BAE-BE6F-F77BDFA87E27}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8B19D95F-4703-4D16-86E7-B689627E8CBE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8F0F1914-3077-42FD-A4F5-3A776B365385}" = lport=57654 | protocol=6 | dir=in | name=pando media booster | 
"{A0501EF0-02A0-451D-B093-F2B02383D158}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A45E3E40-F1D5-41A7-B77D-3C8148D153A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AC1E162D-5C4D-4059-93AC-2FA38AE1247C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B26B65F4-E4CE-4F83-8834-203E90D857FD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BEB0FB55-DFA3-475D-8D50-E6F58BB4733C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CB11DE07-2507-4417-B1B3-A182967CBBF3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CFD9EA27-90F9-4697-B120-CE01DCD6577E}" = lport=138 | protocol=17 | dir=in | app=system | 
"{DA661422-4C62-4FAF-8A6F-EE0D21BEA06C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DD3219D9-D0AE-4BFD-82DB-472636ED7009}" = lport=445 | protocol=6 | dir=in | app=system | 
"{DEA4A32E-D072-4BBF-8FEB-FDE9D1A44CD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E5F20F38-F5AB-4241-8907-46A581D22171}" = lport=57654 | protocol=17 | dir=in | name=pando media booster | 
"{E62967D9-22A9-4E84-B3AA-D8EAFEFF7A3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F391B080-A7D1-4EEC-BD39-7F2FF2670460}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F77A5DF1-4579-4534-B42F-C255D4EC5C3B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F82DE22C-EC28-44FB-A31E-38D6E4895AF6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04B8D7C2-2EE1-4663-A35C-DFD7F6C7B8E5}" = protocol=58 | dir=in | app=system | 
"{229999AA-39C9-4F77-9040-31DD6056E34A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{22B00522-9E08-44A2-BD2F-7BBA2B3C942B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{24ADA2C5-CA1E-4DFA-9559-C46FADEA2C1A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{2702C363-6362-4D1D-8A82-90764D0AA648}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{27AC26C3-9456-49AE-BA10-DB6D13943032}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2C839EF5-3463-40C9-A790-5B99F586282D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2CB473A0-18E9-4B64-8F4E-E47DB7CF968A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{33F6BBDD-8FF9-4679-BA3B-8221DF4F9524}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{36504CCE-4603-4790-9388-39403548D1C4}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{39BB2FD5-E7B9-4D13-8564-CEF60744CC63}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe | 
"{3C62D32E-9122-4A83-B459-285D870F1B88}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 1942\bf1942.exe | 
"{4B47568B-772F-42B0-A4B2-2C3A6EA7D353}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4BA2685C-3F85-458C-BE11-6C585C618808}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{57D2AFC8-7132-4899-A0C0-FCE508618D6A}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{58F7142C-B4D4-42AC-9AA5-5E0111DC9C64}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{5BF29C19-D15B-4560-A2E9-5311E74946B0}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{5F23F7B4-18B1-4D12-BF89-3E1CCBF41E98}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{69B6B863-3A5B-4F53-81D2-F6AA7945CA80}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{6E9A44D6-7B18-4D6A-BCED-37FB633F9797}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{74A3F2BA-33E2-49F5-957D-BF737D7E1A4C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{74ABF26F-ED82-4C16-98AA-A3F1ACD75DE2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen2demo\system\risen2.exe | 
"{7D2E1B32-9953-4110-A0CF-99C6D47D82CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8FFCA1A1-1961-4B3C-992A-60929EE7A10C}" = protocol=6 | dir=out | app=system | 
"{937D384D-B567-40B5-867D-CB40B5387F0A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen2demo\system\risen2.exe | 
"{9AD719DA-B415-485F-909B-F6079ABC1890}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{9CBCBE87-59BD-4F87-B839-C5B1127C0E16}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{9FF50858-EE7C-4A20-A671-244059F44FD1}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{A0CBB1DE-9882-4D71-A1DB-E5ADE268CE12}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{A1B60976-AEEB-4EE6-897E-650B3B76CC4E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A2E45C55-D559-4E23-9D8E-E29DA03F4FDC}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{A3E1C754-3E50-47ED-9FF6-98B280F2BF03}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A7267175-25E0-409A-975B-36B1A43C0281}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{AC06D72C-0183-4304-8202-D2E98B1F8F0B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{AED3BB2C-4D4B-4563-9163-32031539208E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f1 2012 demo\f1_2012.exe | 
"{AF8258E6-7BD8-4FDC-B6C2-D46D08D55D91}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{BD5A6F73-12AA-4EF1-ADE8-8F8637A336F0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BDCE6F1A-2B17-4876-8026-F0CC693FDB15}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BE9D6124-1E34-462D-A7EE-DAD8B9B27C4F}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{C1ED5363-D55E-4425-8275-47C415DE7E65}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{C29C0268-BA88-45D5-A4A7-552A8444E8B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C5662426-9012-4003-8816-9FC266719B9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CF9ED3C8-7E20-445E-859A-2907BC005F32}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D40F38FD-6F27-4CE2-A959-B19AC9DDB693}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D9827087-7423-4E4C-A7EB-49335FD56CE9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DA6274AA-230C-433D-B41C-3C6C4DFEABF9}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{DFD94560-AD16-46AE-8016-7729E8265A8A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{E0059A63-15F6-44F8-AC11-ED608E34494D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F00A49B6-8A43-4330-A083-4EF84F7F3122}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F0B4CAF7-AB99-4B2C-96AE-AF363BE22CB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\f1 2012 demo\f1_2012.exe | 
"{F2E30C1A-25B3-4A3B-9588-1705E1E2E844}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FB1991CD-8422-469E-A294-AA45C4DEA3D3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{7DF46E81-F787-4411-8951-7729B5940EB7}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{8FDAEC61-811C-4C7E-A2FB-A69FD1732780}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"TCP Query User{98BB7C61-58C7-4011-B550-F1DC59879469}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{AAB80412-8F40-404B-AE22-1D25828DFF5E}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{C23829D9-4121-41CC-AF60-6617E6F9E3A2}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{C3F7CCFC-41BD-4CA5-B1E3-E5B2018B006F}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{F886C80B-F842-46DC-94C8-060C404F35CD}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"UDP Query User{079CDAD7-4E2B-4C3A-9FB7-42869759BB7B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{5C236A52-9D4C-429C-B847-A95EDD7936DB}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{9799918D-22D1-4C63-8B96-2CD76F225C8B}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{AEF71D6C-5572-44EE-8047-DA0F2CC7D290}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{D15CD0F9-3F7E-47FD-B2F6-1820A43D6D1E}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"UDP Query User{DB85500C-75C9-4F19-B06C-0A5F8F994F22}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{E0549B7C-B3BC-4EBC-879C-E10A215B8260}C:\program files (x86)\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{18A5D014-E9AD-DEFE-FAFE-A409612F51B4}" = AMD Media Foundation Decoders
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50BD00DC-127E-BF00-FDD5-E1A93AB3507C}" = ccc-utility64
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B69A7CBA-9139-7ACB-7564-4CD5D8C36E26}" = AMD Drag and Drop Transcoding
"{BB009B20-0BA0-ABDF-1947-4D56639214C7}" = AMD Accelerated Video Transcoding
"{CD54A15F-4FBA-04DE-FE24-20AE11BE07AE}" = AMD AVIVO64 Codecs
"{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03AEAB60-A7B3-A8DB-468B-EB30FB4B40B0}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{162ABED6-E60C-6CFF-100E-43C16ABBC5BE}" = CCC Help Chinese Standard
"{1CB724FF-D18C-8FFB-E7C9-0A09CF8EC066}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C14CC3-5E3B-D39A-5B37-B15E59785063}" = CCC Help Chinese Traditional
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2632A2C0-ECF4-7F79-7136-9FEA4C253A4C}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{30F712DA-64FE-5DBE-AE76-3F8EA3F8223C}" = CCC Help French
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3C39B3CC-4EC8-C756-AF4B-72366504FCA5}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CC9D761-A9B6-D8EA-D2A9-B74B5A90B108}" = CCC Help Norwegian
"{54B227A6-BDBE-69FA-D450-B99609063044}" = CCC Help Greek
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7C587778-C433-980E-F3C1-203890DC4FBE}" = CCC Help Polish
"{7DC3EABF-66A2-6D79-B485-6328525CA387}" = CCC Help Swedish
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{843603C6-75B7-BAB5-80DE-E76FB28DEEF2}" = CCC Help Finnish
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBC66FD-0195-29B4-5A58-E0B0554E8F42}" = Catalyst Control Center
"{8D9EEAC7-42D5-3951-612A-EAA7B684C592}" = CCC Help Italian
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9791DAED-B734-2835-988B-157BDA087496}" = CCC Help Dutch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98B740C3-FAA4-C523-7478-4DBCAB7B27D1}" = Catalyst Control Center Graphics Previews Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0CAC6D-9B0D-A95F-CF61-6E88952D6181}" = CCC Help Thai
"{A2C60BF1-82E3-493C-911D-14AD50471F2F}" = Rundum-Betrachter-innoPlus
"{A625DB70-98D5-16FD-C49D-4B8B1B2304A4}" = CCC Help Spanish
"{A90214C3-3A0C-2F05-6083-E1A4BAD9E30D}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA123216-6DE0-E57C-DC57-4FECEACB482F}" = CCC Help Russian
"{AB25C7D6-B68B-DC97-5138-3A7E1E23683E}" = HydraVision
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoplus
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{D0837A59-83E6-3392-1BD9-86D3445676DB}" = CCC Help Korean
"{D70AB273-113B-D7DE-5C8D-82CABA7CB0AF}" = Catalyst Control Center Localization All
"{DC8772D4-C75F-5235-63E2-BBC73F909B7A}" = CCC Help Czech
"{DED7FD3C-DDD2-43BB-B0F5-B07F9D0430D3}" = CCC Help Portuguese
"{E157F2EB-E06F-B57F-9105-68F348DB2EAD}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EF036F44-A287-BC23-3F6E-AAE6FDEF47EF}" = Catalyst Control Center InstallProxy
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.108
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Battlelog Web Plugins" = Battlelog Web Plugins
"DivX Setup" = DivX-Setup
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"ESN Sonar-0.70.4" = ESN Sonar
"FLV Player" = FLV Player 2.0 (build 25)
"Free Fire Screensaver" = Free Fire Screensaver
"GlobFX Space Travel" = GlobFX Space Travel
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"INCEPTION SCREENSAVER" = INCEPTION SCREENSAVER
"IrfanView" = IrfanView (remove only)
"martin_1009" = martin_1009 Screen Saver
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PriceGong" = PriceGong 2.6.4
"PunkBusterSvc" = PunkBuster Services
"Star Trek Online" = Star Trek Online
"Steam App 202610" = Risen 2 Demo
"Steam App 211940" = F1 2012 Demo
"Sun Clock" = Sun Clock 6.5
"Update Engine" = Sony Ericsson Update Engine
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 2.0.0
"Winamp" = Winamp
"yowindow" = YoWindow
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab FLV Player" = FoxTab FLV Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.01.2013 10:18:57 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.01.2013 09:32:53 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description = 
 
Error - 13.01.2013 15:30:35 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.01.2013 07:12:03 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.01.2013 10:52:03 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.01.2013 14:12:57 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.01.2013 08:00:40 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.01.2013 09:28:41 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.01.2013 15:32:03 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.01.2013 06:41:09 | Computer Name = transistor | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 11.09.2012 11:38:35 | Computer Name = transistor | Source = DCOM | ID = 10010
Description = 
 
Error - 12.09.2012 07:57:28 | Computer Name = transistor | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 12.09.2012 07:57:28 | Computer Name = transistor | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 24.10.2012 03:49:52 | Computer Name = transistor | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 IPsec-Richtlinien-Agent erreicht.
 
Error - 24.10.2012 03:49:52 | Computer Name = transistor | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 26.10.2012 06:15:40 | Computer Name = transistor | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 12.11.2012 08:30:03 | Computer Name = transistor | Source = volsnap | ID = 393245
Description = Die Schattenkopien von Volume "C:" wurde während der Ermittlung abgebrochen.
 
Error - 27.11.2012 11:36:21 | Computer Name = transistor | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 27.11.2012 12:26:32 | Computer Name = transistor | Source = volsnap | ID = 393245
Description = Die Schattenkopien von Volume "C:" wurde während der Ermittlung abgebrochen.
 
Error - 28.11.2012 13:47:24 | Computer Name = transistor | Source = WMPNetworkSvc | ID = 866300
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 22.01.2013, 12:18   #4
markusg
/// Malware-holic
 
C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen - Standard

C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.01.2013, 14:06   #5
Clifford
 
C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen - Standard

C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen



15:03:08.0176 4340 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:03:08.0336 4340 ============================================================
15:03:08.0336 4340 Current date / time: 2013/01/22 15:03:08.0336
15:03:08.0336 4340 SystemInfo:
15:03:08.0336 4340
15:03:08.0336 4340 OS Version: 6.1.7601 ServicePack: 1.0
15:03:08.0336 4340 Product type: Workstation
15:03:08.0336 4340 ComputerName: TRANSISTOR
15:03:08.0336 4340 UserName: bumblebee
15:03:08.0336 4340 Windows directory: C:\Windows
15:03:08.0336 4340 System windows directory: C:\Windows
15:03:08.0336 4340 Running under WOW64
15:03:08.0336 4340 Processor architecture: Intel x64
15:03:08.0336 4340 Number of processors: 2
15:03:08.0336 4340 Page size: 0x1000
15:03:08.0336 4340 Boot type: Normal boot
15:03:08.0336 4340 ============================================================
15:03:09.0176 4340 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:03:09.0196 4340 ============================================================
15:03:09.0196 4340 \Device\Harddisk0\DR0:
15:03:09.0196 4340 MBR partitions:
15:03:09.0196 4340 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1A507BDA
15:03:09.0206 4340 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A507C58, BlocksNum 0x163322A
15:03:09.0286 4340 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1BB3AEC1, BlocksNum 0x1E849D80
15:03:09.0286 4340 ============================================================
15:03:09.0366 4340 C: <-> \Device\Harddisk0\DR0\Partition3
15:03:09.0386 4340 D: <-> \Device\Harddisk0\DR0\Partition1
15:03:09.0406 4340 E: <-> \Device\Harddisk0\DR0\Partition2
15:03:09.0406 4340 ============================================================
15:03:09.0406 4340 Initialize success
15:03:09.0406 4340 ============================================================
15:03:48.0407 4516 ============================================================
15:03:48.0407 4516 Scan started
15:03:48.0407 4516 Mode: Manual; SigCheck; TDLFS;
15:03:48.0407 4516 ============================================================
15:03:48.0953 4516 ================ Scan system memory ========================
15:03:48.0953 4516 System memory - ok
15:03:48.0953 4516 ================ Scan services =============================
15:03:49.0062 4516 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:03:49.0140 4516 1394ohci - ok
15:03:49.0155 4516 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:03:49.0171 4516 ACPI - ok
15:03:49.0187 4516 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:03:49.0343 4516 AcpiPmi - ok
15:03:49.0389 4516 [ 1C090E86AFD15231377AD37436C3C719 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
15:03:49.0436 4516 ADIHdAudAddService - ok
15:03:49.0530 4516 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:03:49.0530 4516 AdobeARMservice - ok
15:03:49.0623 4516 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:03:49.0655 4516 AdobeFlashPlayerUpdateSvc - ok
15:03:49.0686 4516 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:03:49.0701 4516 adp94xx - ok
15:03:49.0748 4516 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:03:49.0764 4516 adpahci - ok
15:03:49.0779 4516 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:03:49.0795 4516 adpu320 - ok
15:03:49.0826 4516 [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
15:03:49.0842 4516 AEADIFilters - ok
15:03:49.0857 4516 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:03:49.0951 4516 AeLookupSvc - ok
15:03:49.0998 4516 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:03:50.0029 4516 AFD - ok
15:03:50.0060 4516 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:03:50.0076 4516 agp440 - ok
15:03:50.0091 4516 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:03:50.0123 4516 ALG - ok
15:03:50.0138 4516 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:03:50.0138 4516 aliide - ok
15:03:50.0185 4516 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:03:50.0247 4516 AMD External Events Utility - ok
15:03:50.0263 4516 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:03:50.0279 4516 amdide - ok
15:03:50.0294 4516 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:03:50.0325 4516 AmdK8 - ok
15:03:50.0513 4516 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:03:50.0684 4516 amdkmdag - ok
15:03:50.0747 4516 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:03:50.0762 4516 amdkmdap - ok
15:03:50.0778 4516 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
15:03:50.0793 4516 AmdPPM - ok
15:03:50.0809 4516 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:03:50.0825 4516 amdsata - ok
15:03:50.0856 4516 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
15:03:50.0871 4516 amdsbs - ok
15:03:50.0887 4516 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:03:50.0887 4516 amdxata - ok
15:03:50.0934 4516 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:03:50.0934 4516 AntiVirSchedulerService - ok
15:03:50.0965 4516 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:03:50.0981 4516 AntiVirService - ok
15:03:50.0996 4516 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:03:51.0105 4516 AppID - ok
15:03:51.0121 4516 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:03:51.0168 4516 AppIDSvc - ok
15:03:51.0183 4516 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:03:51.0215 4516 Appinfo - ok
15:03:51.0277 4516 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
15:03:51.0308 4516 AppMgmt - ok
15:03:51.0324 4516 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
15:03:51.0339 4516 arc - ok
15:03:51.0355 4516 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:03:51.0371 4516 arcsas - ok
15:03:51.0386 4516 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:03:51.0417 4516 AsyncMac - ok
15:03:51.0433 4516 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:03:51.0449 4516 atapi - ok
15:03:51.0480 4516 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
15:03:51.0495 4516 AtiHDAudioService - ok
15:03:51.0527 4516 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:03:51.0573 4516 AudioEndpointBuilder - ok
15:03:51.0589 4516 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:03:51.0620 4516 AudioSrv - ok
15:03:51.0636 4516 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:03:51.0651 4516 avgntflt - ok
15:03:51.0683 4516 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:03:51.0683 4516 avipbb - ok
15:03:51.0698 4516 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:03:51.0714 4516 avkmgr - ok
15:03:51.0761 4516 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:03:51.0823 4516 AxInstSV - ok
15:03:51.0854 4516 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
15:03:51.0885 4516 b06bdrv - ok
15:03:51.0917 4516 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:03:51.0948 4516 b57nd60a - ok
15:03:51.0963 4516 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:03:51.0995 4516 BDESVC - ok
15:03:52.0010 4516 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:03:52.0057 4516 Beep - ok
15:03:52.0088 4516 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:03:52.0135 4516 BFE - ok
15:03:52.0166 4516 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:03:52.0244 4516 BITS - ok
15:03:52.0260 4516 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:03:52.0275 4516 blbdrive - ok
15:03:52.0322 4516 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:03:52.0353 4516 bowser - ok
15:03:52.0385 4516 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
15:03:52.0400 4516 BrFiltLo - ok
15:03:52.0400 4516 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
15:03:52.0431 4516 BrFiltUp - ok
15:03:52.0463 4516 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:03:52.0478 4516 Browser - ok
15:03:52.0494 4516 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:03:52.0541 4516 Brserid - ok
15:03:52.0541 4516 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:03:52.0556 4516 BrSerWdm - ok
15:03:52.0572 4516 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:03:52.0603 4516 BrUsbMdm - ok
15:03:52.0603 4516 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:03:52.0603 4516 BrUsbSer - ok
15:03:52.0619 4516 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:03:52.0634 4516 BTHMODEM - ok
15:03:52.0665 4516 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:03:52.0697 4516 bthserv - ok
15:03:52.0712 4516 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:03:52.0743 4516 cdfs - ok
15:03:52.0775 4516 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:03:52.0790 4516 cdrom - ok
15:03:52.0806 4516 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:03:52.0853 4516 CertPropSvc - ok
15:03:52.0868 4516 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
15:03:52.0868 4516 circlass - ok
15:03:52.0899 4516 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:03:52.0915 4516 CLFS - ok
15:03:52.0962 4516 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:03:52.0977 4516 clr_optimization_v2.0.50727_32 - ok
15:03:53.0024 4516 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:03:53.0024 4516 clr_optimization_v2.0.50727_64 - ok
15:03:53.0102 4516 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:03:53.0118 4516 clr_optimization_v4.0.30319_32 - ok
15:03:53.0149 4516 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:03:53.0165 4516 clr_optimization_v4.0.30319_64 - ok
15:03:53.0165 4516 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
15:03:53.0196 4516 CmBatt - ok
15:03:53.0211 4516 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:03:53.0227 4516 cmdide - ok
15:03:53.0258 4516 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
15:03:53.0289 4516 CNG - ok
15:03:53.0305 4516 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:03:53.0321 4516 Compbatt - ok
15:03:53.0336 4516 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:03:53.0367 4516 CompositeBus - ok
15:03:53.0367 4516 COMSysApp - ok
15:03:53.0383 4516 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:03:53.0399 4516 crcdisk - ok
15:03:53.0430 4516 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:03:53.0477 4516 CryptSvc - ok
15:03:53.0508 4516 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
15:03:53.0555 4516 CSC - ok
15:03:53.0570 4516 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
15:03:53.0601 4516 CscService - ok
15:03:53.0633 4516 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:03:53.0679 4516 DcomLaunch - ok
15:03:53.0711 4516 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:03:53.0742 4516 defragsvc - ok
15:03:53.0757 4516 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:03:53.0789 4516 DfsC - ok
15:03:53.0820 4516 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:03:53.0851 4516 Dhcp - ok
15:03:53.0867 4516 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:03:53.0898 4516 discache - ok
15:03:53.0929 4516 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
15:03:53.0945 4516 Disk - ok
15:03:53.0976 4516 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
15:03:54.0007 4516 dmvsc - ok
15:03:54.0038 4516 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:03:54.0069 4516 Dnscache - ok
15:03:54.0085 4516 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:03:54.0132 4516 dot3svc - ok
15:03:54.0147 4516 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:03:54.0179 4516 DPS - ok
15:03:54.0210 4516 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:03:54.0225 4516 drmkaud - ok
15:03:54.0272 4516 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:03:54.0288 4516 DXGKrnl - ok
15:03:54.0319 4516 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:03:54.0366 4516 EapHost - ok
15:03:54.0413 4516 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
15:03:54.0475 4516 ebdrv - ok
15:03:54.0491 4516 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:03:54.0522 4516 EFS - ok
15:03:54.0569 4516 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:03:54.0600 4516 ehRecvr - ok
15:03:54.0631 4516 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:03:54.0647 4516 ehSched - ok
15:03:54.0662 4516 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:03:54.0678 4516 elxstor - ok
15:03:54.0693 4516 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:03:54.0725 4516 ErrDev - ok
15:03:54.0756 4516 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:03:54.0787 4516 EventSystem - ok
15:03:54.0803 4516 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:03:54.0834 4516 exfat - ok
15:03:54.0849 4516 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:03:54.0881 4516 fastfat - ok
15:03:54.0912 4516 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:03:54.0943 4516 Fax - ok
15:03:54.0959 4516 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
15:03:54.0974 4516 fdc - ok
15:03:54.0990 4516 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:03:55.0021 4516 fdPHost - ok
15:03:55.0021 4516 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:03:55.0068 4516 FDResPub - ok
15:03:55.0083 4516 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:03:55.0099 4516 FileInfo - ok
15:03:55.0099 4516 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:03:55.0130 4516 Filetrace - ok
15:03:55.0146 4516 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
15:03:55.0161 4516 flpydisk - ok
15:03:55.0177 4516 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:03:55.0193 4516 FltMgr - ok
15:03:55.0239 4516 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:03:55.0302 4516 FontCache - ok
15:03:55.0333 4516 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:03:55.0333 4516 FontCache3.0.0.0 - ok
15:03:55.0349 4516 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:03:55.0364 4516 FsDepends - ok
15:03:55.0411 4516 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:03:55.0411 4516 Fs_Rec - ok
15:03:55.0442 4516 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:03:55.0473 4516 fvevol - ok
15:03:55.0489 4516 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:03:55.0505 4516 gagp30kx - ok
15:03:55.0536 4516 [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
15:03:55.0551 4516 ggflt - ok
15:03:55.0567 4516 [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
15:03:55.0583 4516 ggsemc - ok
15:03:55.0614 4516 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:03:55.0661 4516 gpsvc - ok
15:03:55.0723 4516 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:03:55.0739 4516 gupdate - ok
15:03:55.0739 4516 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:03:55.0754 4516 gupdatem - ok
15:03:55.0770 4516 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:03:55.0801 4516 hcw85cir - ok
15:03:55.0832 4516 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:03:55.0863 4516 HdAudAddService - ok
15:03:55.0879 4516 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:03:55.0910 4516 HDAudBus - ok
15:03:55.0926 4516 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
15:03:55.0941 4516 HidBatt - ok
15:03:55.0957 4516 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:03:55.0973 4516 HidBth - ok
15:03:55.0988 4516 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:03:56.0004 4516 HidIr - ok
15:03:56.0004 4516 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:03:56.0051 4516 hidserv - ok
15:03:56.0082 4516 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:03:56.0097 4516 HidUsb - ok
15:03:56.0113 4516 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:03:56.0144 4516 hkmsvc - ok
15:03:56.0160 4516 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:03:56.0175 4516 HomeGroupListener - ok
15:03:56.0207 4516 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:03:56.0238 4516 HomeGroupProvider - ok
15:03:56.0238 4516 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:03:56.0253 4516 HpSAMD - ok
15:03:56.0285 4516 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:03:56.0331 4516 HTTP - ok
15:03:56.0331 4516 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:03:56.0347 4516 hwpolicy - ok
15:03:56.0378 4516 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:03:56.0378 4516 i8042prt - ok
15:03:56.0409 4516 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:03:56.0425 4516 iaStorV - ok
15:03:56.0456 4516 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:03:56.0487 4516 idsvc - ok
15:03:56.0503 4516 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:03:56.0519 4516 iirsp - ok
15:03:56.0550 4516 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:03:56.0597 4516 IKEEXT - ok
15:03:56.0612 4516 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:03:56.0628 4516 intelide - ok
15:03:56.0643 4516 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:03:56.0659 4516 intelppm - ok
15:03:56.0675 4516 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:03:56.0706 4516 IPBusEnum - ok
15:03:56.0721 4516 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:03:56.0753 4516 IpFilterDriver - ok
15:03:56.0799 4516 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:03:56.0831 4516 iphlpsvc - ok
15:03:56.0846 4516 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:03:56.0846 4516 IPMIDRV - ok
15:03:56.0862 4516 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:03:56.0893 4516 IPNAT - ok
15:03:56.0924 4516 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:03:56.0955 4516 IRENUM - ok
15:03:56.0971 4516 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:03:56.0971 4516 isapnp - ok
15:03:57.0002 4516 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:03:57.0018 4516 iScsiPrt - ok
15:03:57.0033 4516 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:03:57.0049 4516 kbdclass - ok
15:03:57.0065 4516 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:03:57.0096 4516 kbdhid - ok
15:03:57.0096 4516 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:03:57.0111 4516 KeyIso - ok
15:03:57.0143 4516 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:03:57.0158 4516 KSecDD - ok
15:03:57.0189 4516 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:03:57.0205 4516 KSecPkg - ok
15:03:57.0221 4516 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:03:57.0252 4516 ksthunk - ok
15:03:57.0283 4516 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:03:57.0314 4516 KtmRm - ok
15:03:57.0345 4516 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:03:57.0377 4516 LanmanServer - ok
15:03:57.0392 4516 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:03:57.0423 4516 LanmanWorkstation - ok
15:03:57.0455 4516 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:03:57.0486 4516 lltdio - ok
15:03:57.0501 4516 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:03:57.0548 4516 lltdsvc - ok
15:03:57.0564 4516 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:03:57.0611 4516 lmhosts - ok
15:03:57.0626 4516 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:03:57.0642 4516 LSI_FC - ok
15:03:57.0657 4516 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:03:57.0673 4516 LSI_SAS - ok
15:03:57.0689 4516 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
15:03:57.0689 4516 LSI_SAS2 - ok
15:03:57.0704 4516 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:03:57.0720 4516 LSI_SCSI - ok
15:03:57.0751 4516 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:03:57.0782 4516 luafv - ok
15:03:57.0829 4516 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
15:03:57.0845 4516 LVRS64 - ok
15:03:57.0954 4516 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
15:03:58.0032 4516 LVUVC64 - ok
15:03:58.0063 4516 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:03:58.0079 4516 Mcx2Svc - ok
15:03:58.0094 4516 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
15:03:58.0110 4516 megasas - ok
15:03:58.0125 4516 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
15:03:58.0141 4516 MegaSR - ok
15:03:58.0172 4516 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:03:58.0203 4516 MMCSS - ok
15:03:58.0219 4516 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:03:58.0250 4516 Modem - ok
15:03:58.0281 4516 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:03:58.0297 4516 monitor - ok
15:03:58.0313 4516 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:03:58.0328 4516 mouclass - ok
15:03:58.0344 4516 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:03:58.0359 4516 mouhid - ok
15:03:58.0375 4516 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:03:58.0391 4516 mountmgr - ok
15:03:58.0422 4516 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:03:58.0437 4516 MozillaMaintenance - ok
15:03:58.0453 4516 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:03:58.0453 4516 mpio - ok
15:03:58.0469 4516 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:03:58.0500 4516 mpsdrv - ok
15:03:58.0531 4516 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:03:58.0562 4516 MpsSvc - ok
15:03:58.0578 4516 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:03:58.0609 4516 MRxDAV - ok
15:03:58.0640 4516 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:03:58.0671 4516 mrxsmb - ok
15:03:58.0687 4516 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:03:58.0703 4516 mrxsmb10 - ok
15:03:58.0718 4516 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:03:58.0734 4516 mrxsmb20 - ok
15:03:58.0749 4516 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:03:58.0765 4516 msahci - ok
15:03:58.0765 4516 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:03:58.0781 4516 msdsm - ok
15:03:58.0796 4516 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:03:58.0812 4516 MSDTC - ok
15:03:58.0827 4516 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:03:58.0859 4516 Msfs - ok
15:03:58.0874 4516 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:03:58.0905 4516 mshidkmdf - ok
15:03:58.0921 4516 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:03:58.0921 4516 msisadrv - ok
15:03:58.0952 4516 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:03:58.0983 4516 MSiSCSI - ok
15:03:58.0983 4516 msiserver - ok
15:03:58.0999 4516 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:03:59.0046 4516 MSKSSRV - ok
15:03:59.0061 4516 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:03:59.0093 4516 MSPCLOCK - ok
15:03:59.0108 4516 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:03:59.0139 4516 MSPQM - ok
15:03:59.0155 4516 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:03:59.0171 4516 MsRPC - ok
15:03:59.0186 4516 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:03:59.0186 4516 mssmbios - ok
15:03:59.0202 4516 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:03:59.0233 4516 MSTEE - ok
15:03:59.0233 4516 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:03:59.0249 4516 MTConfig - ok
15:03:59.0280 4516 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
15:03:59.0295 4516 MTsensor - ok
15:03:59.0295 4516 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:03:59.0311 4516 Mup - ok
15:03:59.0342 4516 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:03:59.0373 4516 napagent - ok
15:03:59.0420 4516 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:03:59.0436 4516 NativeWifiP - ok
15:03:59.0483 4516 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:03:59.0514 4516 NDIS - ok
15:03:59.0529 4516 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:03:59.0576 4516 NdisCap - ok
15:03:59.0592 4516 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:03:59.0623 4516 NdisTapi - ok
15:03:59.0654 4516 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:03:59.0701 4516 Ndisuio - ok
15:03:59.0717 4516 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:03:59.0795 4516 NdisWan - ok
15:03:59.0810 4516 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:03:59.0841 4516 NDProxy - ok
15:03:59.0857 4516 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:03:59.0888 4516 NetBIOS - ok
15:03:59.0919 4516 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:03:59.0951 4516 NetBT - ok
15:03:59.0951 4516 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:03:59.0966 4516 Netlogon - ok
15:03:59.0997 4516 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:04:00.0029 4516 Netman - ok
15:04:00.0044 4516 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:04:00.0075 4516 netprofm - ok
15:04:00.0091 4516 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:04:00.0138 4516 NetTcpPortSharing - ok
15:04:00.0153 4516 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:04:00.0153 4516 nfrd960 - ok
15:04:00.0200 4516 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:04:00.0231 4516 NlaSvc - ok
15:04:00.0247 4516 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:04:00.0278 4516 Npfs - ok
15:04:00.0294 4516 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:04:00.0325 4516 nsi - ok
15:04:00.0341 4516 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:04:00.0387 4516 nsiproxy - ok
15:04:00.0434 4516 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:04:00.0481 4516 Ntfs - ok
15:04:00.0481 4516 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:04:00.0512 4516 Null - ok
15:04:00.0543 4516 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
15:04:00.0575 4516 nusb3hub - ok
15:04:00.0590 4516 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
15:04:00.0606 4516 nusb3xhc - ok
15:04:00.0637 4516 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:04:00.0653 4516 nvraid - ok
15:04:00.0668 4516 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:04:00.0684 4516 nvstor - ok
15:04:00.0715 4516 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:04:00.0731 4516 nv_agp - ok
15:04:00.0731 4516 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:04:00.0746 4516 ohci1394 - ok
15:04:00.0777 4516 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:04:00.0809 4516 p2pimsvc - ok
15:04:00.0824 4516 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:04:00.0840 4516 p2psvc - ok
15:04:00.0871 4516 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
15:04:00.0887 4516 Parport - ok
15:04:00.0918 4516 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:04:00.0933 4516 partmgr - ok
15:04:00.0949 4516 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:04:00.0965 4516 PcaSvc - ok
15:04:00.0980 4516 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:04:00.0996 4516 pci - ok
15:04:00.0996 4516 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:04:01.0011 4516 pciide - ok
15:04:01.0027 4516 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:04:01.0043 4516 pcmcia - ok
15:04:01.0058 4516 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:04:01.0058 4516 pcw - ok
15:04:01.0089 4516 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:04:01.0136 4516 PEAUTH - ok
15:04:01.0167 4516 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:04:01.0214 4516 PeerDistSvc - ok
15:04:01.0261 4516 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:04:01.0277 4516 PerfHost - ok
15:04:01.0339 4516 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:04:01.0401 4516 pla - ok
15:04:01.0448 4516 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:04:01.0479 4516 PlugPlay - ok
15:04:01.0511 4516 PnkBstrA - ok
15:04:01.0526 4516 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:04:01.0542 4516 PNRPAutoReg - ok
15:04:01.0557 4516 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:04:01.0589 4516 PNRPsvc - ok
15:04:01.0604 4516 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:04:01.0651 4516 PolicyAgent - ok
15:04:01.0667 4516 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:04:01.0713 4516 Power - ok
15:04:01.0745 4516 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:04:01.0776 4516 PptpMiniport - ok
15:04:01.0791 4516 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
15:04:01.0807 4516 Processor - ok
15:04:01.0854 4516 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:04:01.0869 4516 ProfSvc - ok
15:04:01.0885 4516 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:04:01.0901 4516 ProtectedStorage - ok
15:04:01.0916 4516 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:04:01.0963 4516 Psched - ok
15:04:01.0994 4516 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:04:02.0025 4516 ql2300 - ok
15:04:02.0041 4516 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:04:02.0057 4516 ql40xx - ok
15:04:02.0072 4516 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:04:02.0088 4516 QWAVE - ok
15:04:02.0103 4516 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:04:02.0119 4516 QWAVEdrv - ok
15:04:02.0135 4516 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:04:02.0150 4516 RasAcd - ok
15:04:02.0181 4516 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:04:02.0213 4516 RasAgileVpn - ok
15:04:02.0228 4516 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:04:02.0259 4516 RasAuto - ok
15:04:02.0275 4516 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:04:02.0337 4516 Rasl2tp - ok
15:04:02.0353 4516 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:04:02.0384 4516 RasMan - ok
15:04:02.0400 4516 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:04:02.0431 4516 RasPppoe - ok
15:04:02.0447 4516 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:04:02.0478 4516 RasSstp - ok
15:04:02.0493 4516 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:04:02.0525 4516 rdbss - ok
15:04:02.0540 4516 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:04:02.0571 4516 rdpbus - ok
15:04:02.0571 4516 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:04:02.0603 4516 RDPCDD - ok
15:04:02.0618 4516 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:04:02.0649 4516 RDPDR - ok
15:04:02.0665 4516 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:04:02.0696 4516 RDPENCDD - ok
15:04:02.0712 4516 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:04:02.0743 4516 RDPREFMP - ok
15:04:02.0790 4516 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:04:02.0821 4516 RdpVideoMiniport - ok
15:04:02.0852 4516 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:04:02.0883 4516 RDPWD - ok
15:04:02.0915 4516 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:04:02.0930 4516 rdyboost - ok
15:04:02.0961 4516 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:04:02.0993 4516 RemoteAccess - ok
15:04:03.0024 4516 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:04:03.0071 4516 RemoteRegistry - ok
15:04:03.0086 4516 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:04:03.0117 4516 RpcEptMapper - ok
15:04:03.0133 4516 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:04:03.0149 4516 RpcLocator - ok
15:04:03.0180 4516 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:04:03.0211 4516 RpcSs - ok
15:04:03.0227 4516 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:04:03.0242 4516 rspndr - ok
15:04:03.0289 4516 [ 333224D4D25F9BCCA488E08345083E1C ] RTL8187 C:\Windows\system32\DRIVERS\RTL8187.sys
15:04:03.0320 4516 RTL8187 - ok
15:04:03.0336 4516 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:04:03.0351 4516 s3cap - ok
15:04:03.0367 4516 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:04:03.0367 4516 SamSs - ok
15:04:03.0383 4516 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:04:03.0398 4516 sbp2port - ok
15:04:03.0414 4516 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:04:03.0445 4516 SCardSvr - ok
15:04:03.0461 4516 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:04:03.0507 4516 scfilter - ok
15:04:03.0523 4516 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:04:03.0570 4516 Schedule - ok
15:04:03.0585 4516 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:04:03.0617 4516 SCPolicySvc - ok
15:04:03.0632 4516 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:04:03.0663 4516 SDRSVC - ok
15:04:03.0695 4516 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:04:03.0726 4516 secdrv - ok
15:04:03.0726 4516 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:04:03.0757 4516 seclogon - ok
15:04:03.0773 4516 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:04:03.0804 4516 SENS - ok
15:04:03.0819 4516 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:04:03.0851 4516 SensrSvc - ok
15:04:03.0866 4516 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:04:03.0882 4516 Serenum - ok
15:04:03.0897 4516 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:04:03.0913 4516 Serial - ok
15:04:03.0929 4516 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:04:03.0944 4516 sermouse - ok
15:04:03.0960 4516 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:04:04.0007 4516 SessionEnv - ok
15:04:04.0022 4516 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:04:04.0022 4516 sffdisk - ok
15:04:04.0038 4516 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:04:04.0069 4516 sffp_mmc - ok
15:04:04.0069 4516 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:04:04.0085 4516 sffp_sd - ok
15:04:04.0085 4516 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:04:04.0100 4516 sfloppy - ok
15:04:04.0131 4516 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:04:04.0194 4516 SharedAccess - ok
15:04:04.0209 4516 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:04:04.0241 4516 ShellHWDetection - ok
15:04:04.0256 4516 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:04:04.0272 4516 SiSRaid2 - ok
15:04:04.0272 4516 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:04:04.0287 4516 SiSRaid4 - ok
15:04:04.0350 4516 [ 8B603F150942992F2E6792E507B4C67F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:04:04.0365 4516 SkypeUpdate - ok
15:04:04.0365 4516 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:04:04.0412 4516 Smb - ok
15:04:04.0428 4516 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:04:04.0459 4516 SNMPTRAP - ok
15:04:04.0537 4516 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
15:04:04.0537 4516 Sony PC Companion - ok
15:04:04.0568 4516 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:04:04.0568 4516 spldr - ok
15:04:04.0615 4516 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:04:04.0646 4516 Spooler - ok
15:04:04.0709 4516 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:04:04.0787 4516 sppsvc - ok
15:04:04.0802 4516 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:04:04.0833 4516 sppuinotify - ok
15:04:04.0865 4516 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:04:04.0896 4516 srv - ok
15:04:04.0911 4516 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:04:04.0927 4516 srv2 - ok
15:04:04.0943 4516 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:04:04.0958 4516 srvnet - ok
15:04:04.0974 4516 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:04:05.0005 4516 SSDPSRV - ok
15:04:05.0021 4516 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:04:05.0052 4516 SstpSvc - ok
15:04:05.0083 4516 Steam Client Service - ok
15:04:05.0099 4516 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:04:05.0114 4516 stexstor - ok
15:04:05.0145 4516 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:04:05.0161 4516 stisvc - ok
15:04:05.0192 4516 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:04:05.0208 4516 storflt - ok
15:04:05.0223 4516 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
15:04:05.0239 4516 StorSvc - ok
15:04:05.0255 4516 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:04:05.0270 4516 storvsc - ok
15:04:05.0286 4516 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:04:05.0286 4516 swenum - ok
15:04:05.0317 4516 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:04:05.0348 4516 swprv - ok
15:04:05.0395 4516 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:04:05.0442 4516 SysMain - ok
15:04:05.0457 4516 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:04:05.0489 4516 TabletInputService - ok
15:04:05.0504 4516 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:04:05.0535 4516 TapiSrv - ok
15:04:05.0535 4516 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:04:05.0582 4516 TBS - ok
15:04:05.0629 4516 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:04:05.0676 4516 Tcpip - ok
15:04:05.0707 4516 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:04:05.0738 4516 TCPIP6 - ok
15:04:05.0738 4516 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:04:05.0754 4516 tcpipreg - ok
15:04:05.0769 4516 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:04:05.0801 4516 TDPIPE - ok
15:04:05.0832 4516 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:04:05.0832 4516 TDTCP - ok
15:04:05.0863 4516 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:04:05.0894 4516 tdx - ok
15:04:05.0910 4516 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:04:05.0925 4516 TermDD - ok
15:04:05.0941 4516 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:04:05.0988 4516 TermService - ok
15:04:05.0988 4516 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:04:06.0003 4516 Themes - ok
15:04:06.0019 4516 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:04:06.0050 4516 THREADORDER - ok
15:04:06.0066 4516 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:04:06.0097 4516 TrkWks - ok
15:04:06.0128 4516 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:04:06.0159 4516 TrustedInstaller - ok
15:04:06.0175 4516 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:04:06.0206 4516 tssecsrv - ok
15:04:06.0253 4516 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:04:06.0269 4516 TsUsbFlt - ok
15:04:06.0300 4516 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:04:06.0315 4516 TsUsbGD - ok
15:04:06.0347 4516 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:04:06.0393 4516 tunnel - ok
15:04:06.0393 4516 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:04:06.0409 4516 uagp35 - ok
15:04:06.0425 4516 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:04:06.0471 4516 udfs - ok
15:04:06.0487 4516 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:04:06.0503 4516 UI0Detect - ok
15:04:06.0518 4516 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:04:06.0534 4516 uliagpkx - ok
15:04:06.0565 4516 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:04:06.0581 4516 umbus - ok
15:04:06.0581 4516 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
15:04:06.0612 4516 UmPass - ok
15:04:06.0643 4516 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
15:04:06.0690 4516 UmRdpService - ok
15:04:06.0846 4516 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
15:04:06.0893 4516 UMVPFSrv - ok
15:04:06.0924 4516 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:04:06.0955 4516 upnphost - ok
15:04:06.0971 4516 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:04:07.0002 4516 usbaudio - ok
15:04:07.0017 4516 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:04:07.0033 4516 usbccgp - ok
15:04:07.0049 4516 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:04:07.0049 4516 usbcir - ok
15:04:07.0064 4516 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:04:07.0080 4516 usbehci - ok
15:04:07.0111 4516 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:04:07.0127 4516 usbhub - ok
15:04:07.0142 4516 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:04:07.0158 4516 usbohci - ok
15:04:07.0189 4516 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:04:07.0220 4516 usbprint - ok
15:04:07.0236 4516 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:04:07.0267 4516 USBSTOR - ok
15:04:07.0283 4516 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:04:07.0314 4516 usbuhci - ok
15:04:07.0329 4516 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:04:07.0345 4516 usbvideo - ok
15:04:07.0361 4516 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:04:07.0407 4516 UxSms - ok
15:04:07.0407 4516 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:04:07.0423 4516 VaultSvc - ok
15:04:07.0454 4516 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:04:07.0454 4516 vdrvroot - ok
15:04:07.0485 4516 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:04:07.0532 4516 vds - ok
15:04:07.0548 4516 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:04:07.0563 4516 vga - ok
15:04:07.0579 4516 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:04:07.0610 4516 VgaSave - ok
15:04:07.0626 4516 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:04:07.0641 4516 vhdmp - ok
15:04:07.0657 4516 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:04:07.0657 4516 viaide - ok
15:04:07.0688 4516 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:04:07.0704 4516 vmbus - ok
15:04:07.0704 4516 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:04:07.0719 4516 VMBusHID - ok
15:04:07.0735 4516 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:04:07.0751 4516 volmgr - ok
15:04:07.0766 4516 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:04:07.0782 4516 volmgrx - ok
15:04:07.0797 4516 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:04:07.0813 4516 volsnap - ok
15:04:07.0813 4516 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:04:07.0829 4516 vsmraid - ok
15:04:07.0860 4516 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:04:07.0922 4516 VSS - ok
15:04:07.0938 4516 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:04:07.0953 4516 vwifibus - ok
15:04:07.0969 4516 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:04:08.0000 4516 vwififlt - ok
15:04:08.0016 4516 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:04:08.0031 4516 vwifimp - ok
15:04:08.0047 4516 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:04:08.0094 4516 W32Time - ok
15:04:08.0094 4516 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:04:08.0109 4516 WacomPen - ok
15:04:08.0141 4516 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:04:08.0172 4516 WANARP - ok
15:04:08.0172 4516 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:04:08.0203 4516 Wanarpv6 - ok
15:04:08.0234 4516 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:04:08.0281 4516 wbengine - ok
15:04:08.0297 4516 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:04:08.0312 4516 WbioSrvc - ok
15:04:08.0328 4516 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:04:08.0359 4516 wcncsvc - ok
15:04:08.0375 4516 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:04:08.0406 4516 WcsPlugInService - ok
15:04:08.0406 4516 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
15:04:08.0421 4516 Wd - ok
15:04:08.0453 4516 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:04:08.0484 4516 Wdf01000 - ok
15:04:08.0499 4516 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:04:08.0562 4516 WdiServiceHost - ok
15:04:08.0577 4516 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:04:08.0593 4516 WdiSystemHost - ok
15:04:08.0609 4516 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:04:08.0640 4516 WebClient - ok
15:04:08.0655 4516 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:04:08.0702 4516 Wecsvc - ok
15:04:08.0718 4516 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:04:08.0749 4516 wercplsupport - ok
15:04:08.0765 4516 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:04:08.0796 4516 WerSvc - ok
15:04:08.0811 4516 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:04:08.0843 4516 WfpLwf - ok
15:04:08.0858 4516 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:04:08.0858 4516 WIMMount - ok
15:04:08.0889 4516 WinDefend - ok
15:04:08.0889 4516 WinHttpAutoProxySvc - ok
15:04:08.0936 4516 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:04:08.0967 4516 Winmgmt - ok
15:04:09.0014 4516 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:04:09.0077 4516 WinRM - ok
15:04:09.0123 4516 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:04:09.0139 4516 WinUsb - ok
15:04:09.0170 4516 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:04:09.0201 4516 Wlansvc - ok
15:04:09.0201 4516 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:04:09.0217 4516 WmiAcpi - ok
15:04:09.0233 4516 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:04:09.0264 4516 wmiApSrv - ok
15:04:09.0279 4516 WMPNetworkSvc - ok
15:04:09.0295 4516 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:04:09.0311 4516 WPCSvc - ok
15:04:09.0326 4516 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:04:09.0357 4516 WPDBusEnum - ok
15:04:09.0373 4516 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:04:09.0404 4516 ws2ifsl - ok
15:04:09.0420 4516 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:04:09.0451 4516 wscsvc - ok
15:04:09.0451 4516 WSearch - ok
15:04:09.0513 4516 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:04:09.0560 4516 wuauserv - ok
15:04:09.0591 4516 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:04:09.0623 4516 WudfPf - ok
15:04:09.0638 4516 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:04:09.0669 4516 WUDFRd - ok
15:04:09.0669 4516 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:04:09.0701 4516 wudfsvc - ok
15:04:09.0716 4516 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:04:09.0747 4516 WwanSvc - ok
15:04:09.0779 4516 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
15:04:09.0810 4516 yukonw7 - ok
15:04:09.0825 4516 ================ Scan global ===============================
15:04:09.0841 4516 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:04:09.0872 4516 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:04:09.0872 4516 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:04:09.0888 4516 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:04:09.0919 4516 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:04:09.0919 4516 [Global] - ok
15:04:09.0919 4516 ================ Scan MBR ==================================
15:04:09.0935 4516 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:04:10.0137 4516 \Device\Harddisk0\DR0 - ok
15:04:10.0137 4516 ================ Scan VBR ==================================
15:04:10.0137 4516 [ 40A157B1B71966B0899B0A211F8F1BB3 ] \Device\Harddisk0\DR0\Partition1
15:04:10.0137 4516 \Device\Harddisk0\DR0\Partition1 - ok
15:04:10.0153 4516 [ 9E062D245C0EA814A4D52E92D1EDEA17 ] \Device\Harddisk0\DR0\Partition2
15:04:10.0153 4516 \Device\Harddisk0\DR0\Partition2 - ok
15:04:10.0169 4516 [ 8874EC646E6A9018ADFF00F9EC58316C ] \Device\Harddisk0\DR0\Partition3
15:04:10.0169 4516 \Device\Harddisk0\DR0\Partition3 - ok
15:04:10.0169 4516 ============================================================
15:04:10.0169 4516 Scan finished
15:04:10.0169 4516 ============================================================
15:04:10.0184 2488 Detected object count: 0
15:04:10.0184 2488 Actual detected object count: 0


Alt 22.01.2013, 16:22   #6
markusg
/// Malware-holic
 
C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen - Standard

C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen



hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen

Alt 22.01.2013, 16:46   #7
Clifford
 
C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen - Standard

C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-21.04 - bumblebee 22.01.2013  17:37:50.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4095.2757 [GMT 1:00]
ausgeführt von:: c:\users\bumblebee\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\bumblebee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-22 bis 2013-01-22  ))))))))))))))))))))))))))))))
.
.
2013-01-22 16:42 . 2013-01-22 16:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-21 19:36 . 2013-01-08 05:32	9161176	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF28FB5F-2EEC-40A9-B13A-A43EA93A4244}\mpengine.dll
2013-01-16 19:02 . 2013-01-12 02:30	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-14 11:16 . 2013-01-14 12:45	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2013-01-08 21:43 . 2012-11-30 05:41	424448	----a-w-	c:\windows\system32\KernelBase.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-22 12:40 . 2011-11-17 22:37	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-01-22 12:40 . 2011-11-17 21:57	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-01-22 12:40 . 2011-11-17 21:57	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-01-09 00:19 . 2011-11-20 18:41	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-09 00:14 . 2012-03-28 15:23	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 00:14 . 2011-11-17 21:41	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:11 . 2012-12-21 12:28	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 12:28	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:28	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:28	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-08 21:43	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-12 18:35	17811968	----a-w-	c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 18:35	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 18:36	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 18:36	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 18:36	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 18:36	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 18:36	237056	----a-w-	c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 18:36	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 18:36	816640	----a-w-	c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 18:36	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 18:36	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 18:35	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 18:36	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 18:36	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 18:36	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 18:36	248320	----a-w-	c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 18:36	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 18:36	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 18:36	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 18:36	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 18:36	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 18:36	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-13 20:29 . 2012-11-13 20:29	354216	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-11-09 05:45 . 2012-12-12 11:35	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 11:35	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 11:35	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 11:35	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-10-25 02:12 . 2012-10-25 02:12	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2012-03-18 16:32	413568	----a-w-	c:\program files (x86)\PriceGong\2.6.4\PriceGongIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2012-03-15 1310720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-12-12 163000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-09-21 14448]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-09-30 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-09-30 180736]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2010-01-07 448512]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 00:14]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29 09:22]
.
2013-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29 09:22]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
TCP: DhcpNameServer = 62.117.1.25 89.16.129.25
FF - ProfilePath - c:\users\bumblebee\AppData\Roaming\Mozilla\Firefox\Profiles\di0dag23.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - b829ebd10000000000000015af28c496
FF - user.js: extensions.BabylonToolbar_i.hardId - b829ebd10000000000000015af28c496
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15347
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-martin_1009 - c:\windows\system32\martin_1009.scr
AddRemove-FoxTab FLV Player - c:\progra~2\FOXTAB~1\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-22  17:44:48
ComboFix-quarantined-files.txt  2013-01-22 16:44
.
Vor Suchlauf: 11 Verzeichnis(se), 127.218.966.528 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 128.981.983.232 Bytes frei
.
- - End Of File - - 89B2BD32E01C1171254C16CE60293840
         
--- --- ---

Alt 22.01.2013, 16:57   #8
markusg
/// Malware-holic
 
C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen - Standard

C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen



hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.01.2013, 18:54   #9
Clifford
 
C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen - Standard

C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen



So ich habe den Suchlauf mit folgendem Ergebnis durchgeführt:

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.22.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
bumblebee :: TRANSISTOR [Administrator]

Schutz: Aktiviert

22.01.2013 18:43:33
mbam-log-2013-01-22 (18-43-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 485087
Laufzeit: 1 Stunde(n), 5 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Nur was komisch ist, zwischendurch hatte sich AntiVir gemeldet weil ich den Echtzeitscanner nicht aus hatte mit fogender Meldung:



Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 22. Januar 2013 19:05

Es wird nach 4709346 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : TRANSISTOR

Versionsinformationen:
BUILD.DAT : 12.1.9.1236 40872 Bytes 11.10.2012 15:29:00
AVSCAN.EXE : 12.3.0.48 468256 Bytes 14.11.2012 21:29:06
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 09:13:42
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 12:34:32
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 12:34:36
AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 13:11:13
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 19:09:48
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 15:39:14
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:01:00
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 00:12:47
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 09:56:27
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 11:54:44
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 15:40:29
VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 15:40:30
VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 15:40:30
VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 15:40:30
VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 15:40:30
VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 20:59:38
VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 21:09:08
VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 21:39:19
VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 21:41:38
VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 19:33:49
VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 19:33:49
VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 14:56:20
VBASE020.VDF : 7.11.57.163 190976 Bytes 17.01.2013 12:03:50
VBASE021.VDF : 7.11.57.219 119808 Bytes 18.01.2013 12:03:51
VBASE022.VDF : 7.11.58.7 167936 Bytes 21.01.2013 12:03:51
VBASE023.VDF : 7.11.58.8 2048 Bytes 21.01.2013 12:03:51
VBASE024.VDF : 7.11.58.9 2048 Bytes 21.01.2013 12:03:51
VBASE025.VDF : 7.11.58.10 2048 Bytes 21.01.2013 12:03:51
VBASE026.VDF : 7.11.58.11 2048 Bytes 21.01.2013 12:03:51
VBASE027.VDF : 7.11.58.12 2048 Bytes 21.01.2013 12:03:51
VBASE028.VDF : 7.11.58.13 2048 Bytes 21.01.2013 12:03:51
VBASE029.VDF : 7.11.58.14 2048 Bytes 21.01.2013 12:03:51
VBASE030.VDF : 7.11.58.15 2048 Bytes 21.01.2013 12:03:51
VBASE031.VDF : 7.11.58.44 128512 Bytes 22.01.2013 12:03:50
Engineversion : 8.2.10.236
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 19:44:28
AESCRIPT.DLL : 8.1.4.82 467323 Bytes 21.01.2013 12:03:53
AESCN.DLL : 8.1.10.0 131445 Bytes 16.12.2012 20:02:42
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 12:55:50
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 21:41:43
AEPACK.DLL : 8.3.1.2 819574 Bytes 20.12.2012 23:11:59
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 21:10:37
AEHEUR.DLL : 8.1.4.180 5665144 Bytes 21.01.2013 12:03:53
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 08:26:24
AEGEN.DLL : 8.1.6.14 434548 Bytes 10.01.2013 21:41:40
AEEXP.DLL : 8.3.0.12 188789 Bytes 21.01.2013 12:03:54
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 19:44:28
AECORE.DLL : 8.1.30.0 201079 Bytes 16.12.2012 20:02:40
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 21:10:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 09:13:42
AVPREF.DLL : 12.3.0.32 50720 Bytes 14.11.2012 21:29:06
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 12:34:36
AVARKT.DLL : 12.3.0.33 209696 Bytes 14.11.2012 21:29:05
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 09:13:42
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 12:34:34
AVSMTP.DLL : 12.3.0.32 63480 Bytes 08.08.2012 11:15:27
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 12:34:32
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 08.08.2012 11:15:23
RCTEXT.DLL : 12.3.0.32 98848 Bytes 14.11.2012 21:29:05

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50fecdc7\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Beginn des Suchlaufs: Dienstag, 22. Januar 2013 19:05

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamscheduler.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_146.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_146.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HydraDM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdf24.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winampa.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smax4pnp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'UMVPFSrv.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-3c0911d8'
C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-3c0911d8
[FUND] Ist das Trojanische Pferd TR/Kazy.127225

Beginne mit der Desinfektion:
C:\Users\bumblebee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-3c0911d8
[FUND] Ist das Trojanische Pferd TR/Kazy.127225
[WARNUNG] Die Datei wurde ignoriert.


Ende des Suchlaufs: Dienstag, 22. Januar 2013 19:06
Benötigte Zeit: 00:00 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
22 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
21 Dateien ohne Befall
0 Archive wurden durchsucht
1 Warnungen
0 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.

Alt 22.01.2013, 18:59   #10
markusg
/// Malware-holic
 
C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen - Standard

C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen



ok den cache von Java leeren wir noch:
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.01.2013, 19:20   #11
Clifford
 
C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen - Standard

C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen



3D-Viewer-innoplus INNOVA-engineering GmbH 11.01.2012 2,73MB 13.01.16 unnötig
7-Zip 9.20 (x64 edition) Igor Pavlov 04.12.2011 4,53MB 9.20.00.0 nötig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 nötig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 09.01.2013 6,00MB 11.5.502.146 nötig
Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 09.01.2013 122MB 10.1.5 nötig
Amazon MP3-Downloader 1.0.17 Amazon Services LLC 31.10.2012 1.0.17 nötig
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 23.10.2012 26,3MB 8.0.891.0 nötig
Apple Application Support Apple Inc. 11.11.2012 65,0MB 2.3 nötig
Apple Software Update Apple Inc. 17.11.2011 2,38MB 2.1.3.127 nötig
Applian FLV and Media Player 3.1.1.12 Applian Technologies 02.04.2012 3.1.1.12 nötig
Avira Free Antivirus Avira 14.11.2012 105MB 12.1.9.1236 nötig
Babylon toolbar on IE 09.01.2012 unnötig
Battlefield 1942™ Electronic Arts 21.11.2012 1,21GB 1.6.20.0 nötig
Battlefield 3™ Electronic Arts 04.09.2012 1.4.0.0 nötig
Battlefield Heroes EA Digital illusions 11.06.2012 nötig
Battlefield Play4Free EA Digital illusions 14.06.2012 nötig
Battlelog Web Plugins EA Digital Illusions CE AB 20.11.2012 2.1.2 nötig
CCleaner Piriform 19.12.2012 3.26 nötig
Crysis® 2 Electronic Arts 30.04.2012 7,57GB 1.0.0.0 nötig
DEUTSCHLAND SPIELT GAME CENTER INTENIUM GmbH 20.04.2012 1.2009.10.29 unnötig
DivX-Setup DivX, LLC 22.11.2012 2.6.1.22 nötig
ESN Sonar ESN Social Software AB 20.11.2012 0.70.4 unbekannt
F1 2012 Demo 12.09.2012 nötig
FLV Player 2.0 (build 25) Martijn de Visser 09.01.2012 2.0 (build 25) nötig
Free Fire Screensaver Laconic Software 05.01.2012 nötig
GlobFX Space Travel GlobFX Technologies 05.01.2012 1.0 unbekannt
Google Earth Plug-in Google 30.04.2012 48,7MB 6.2.2.6613 nötig
Host OpenAL (ADI) 15.03.2012 unbekannt
INCEPTION SCREENSAVER 05.01.2012 nötig
IrfanView (remove only) Irfan Skiljan 17.11.2011 1,50MB 4.30 nötig
Java 7 Update 11 Oracle 31.08.2012 130MB 7.0.110 nötig
Java 7 Update 7 (64-bit) Oracle 31.08.2012 127MB 7.0.70 nötig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 22.01.2013 18,4MB 1.70.0.1100 nötig
martin_1009 Screen Saver 05.01.2012 unbekannt
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 19.11.2011 38,8MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 19.11.2011 2,93MB 4.0.30319
Microsoft Silverlight Microsoft Corporation 11.05.2012 60,4MB 4.1.10329.0
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 03.07.2012 252KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 15.12.2011 788KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.12.2011 788KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Corporation 08.08.2012 1,46MB 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 30.04.2012 234KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 17.11.2011 596KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 15.12.2011 232KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 12.12.2011 600KB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 12.12.2011 13,8MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 12.12.2011 12,2MB 10.0.40219
Mozilla Firefox 18.0.1 (x86 de) Mozilla 21.01.2013 44,5MB 18.0.1 nötig
Mozilla Maintenance Service Mozilla 21.01.2013 330KB 18.0.1 nötig
Mozilla Thunderbird 17.0.2 (x86 de) Mozilla 14.01.2013 42,1MB 17.0.2 nötig
Need For Speed™ World Electronic Arts 16.04.2012 12,4MB 1.0.0.857 nötig
OpenOffice.org 3.4.1 Apache Software Foundation 23.10.2012 331MB 3.41.9593 nötig
Origin Electronic Arts, Inc. 01.03.2012 8.5.0.4550 nötig
Paint.NET v3.5.10 dotPDN LLC 18.05.2012 10,6MB 3.60.0 nötig
Pando Media Booster Pando Networks Inc. 17.01.2012 5,46MB 2.6.0.1 unbekannt
PDF24 Creator 5.2.0 PDF24.org 08.01.2013 41,4MB nötig
PDFCreator Frank Heindörfer, Philip Chinery 31.01.2012 1.2.3 nötig
Pflanzen gegen Zombies INTENIUM GmbH 20.04.2012 0.0.0.0 nötig
PriceGong 2.6.4 PriceGong 02.04.2012 2.6.4 unbekannt
PunkBuster Services Even Balance, Inc. 14.06.2012 0.990 nötig
QuickTime Apple Inc. 11.11.2012 73,1MB 7.73.80.64 nötig
Risen 2 Demo 26.06.2012 unnötig
Rundum-Betrachter-innoPlus INNOVA-engineering GmbH Dresden 04.01.2012 2,25MB 12.00.0203 unnötig
Skype™ 6.0 Skype Technologies S.A. 13.11.2012 20,3MB 6.0.120 nötig
Sony Ericsson Update Engine Sony Ericsson Communications AB 21.09.2012 2.12.11.22 nötig
Sony PC Companion 2.10.108 Sony 27.11.2012 19,2MB 2.10.108 nötig
SoundMAX Analog Devices 15.03.2012 6.10.2.6585 nötig
Star Trek Online Cryptic Studios 17.01.2012 unnötig
Steam Valve Corporation 15.02.2012 35,4MB 1.0.0.0 nötig
Sun Clock 6.5 Map Maker Ltd 05.01.2012 6.5 unnötig
TeamSpeak 3 Client TeamSpeak Systems GmbH 25.11.2012 3.0.9.2 nötig
Veetle TV Veetle, Inc 19.01.2012 0.9.19 nötig
VLC media player 2.0.0 VideoLAN 20.02.2012 2.0.0 nötig
Winamp Nullsoft, Inc 14.11.2012 5.63 nötig
Winamp Erkennungs-Plug-in Nullsoft, Inc 14.11.2012 75,0KB 1.0.0.1 nötig
WinRAR 4.11 (64-Bit) win.rar GmbH 28.05.2012 4.11.0 nötig
YoWindow 05.01.2012 unbekannt

Alt 22.01.2013, 19:22   #12
markusg
/// Malware-holic
 
C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen - Standard

C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen



deinstaliere:
3D
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Babylon
DEUTSCHLAND
Java 7 Update 7
martin_1009
PriceGong
Risen
Rundum
Star
Sun
YoWindow

öffne CCleaner, analysieren starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.01.2013, 19:53   #13
Clifford
 
C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen - Standard

C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen



# AdwCleaner v2.107 - Datei am 22/01/2013 um 20:52:14 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : bumblebee - TRANSISTOR
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\bumblebee\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Gefunden : C:\user.js
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\Users\bumblebee\AppData\Local\Babylon
Ordner Gefunden : C:\Users\bumblebee\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\bumblebee\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\bumblebee\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKU\S-1-5-21-883727545-1864389886-1727134032-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gefunden : HKU\S-1-5-21-883727545-1864389886-1727134032-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\bumblebee\AppData\Roaming\Mozilla\Firefox\Profiles\di0dag23.default\prefs.js

Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gefunden : user_pref("browser.search.order.2", "Search the web (Babylon)");
Gefunden : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100482");
Gefunden : user_pref("extensions.BabylonToolbar_i.hardId", "b829ebd10000000000000015af28c496");
Gefunden : user_pref("extensions.BabylonToolbar_i.id", "b829ebd10000000000000015af28c496");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlDay", "15347");
Gefunden : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100482&babsrc=NT_s[...]
Gefunden : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:17:08");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

*************************

AdwCleaner[R1].txt - [5550 octets] - [22/01/2013 20:52:14]

########## EOF - C:\AdwCleaner[R1].txt - [5610 octets] ##########

Alt 22.01.2013, 19:54   #14
markusg
/// Malware-holic
 
C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen - Standard

C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen



hi,


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)
starte bitte neu, teste, wie der PC läuft + Programme wie browser
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.01.2013, 20:17   #15
Clifford
 
C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen - Standard

C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen



# AdwCleaner v2.107 - Datei am 22/01/2013 um 21:14:11 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : bumblebee - TRANSISTOR
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\bumblebee\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\bumblebee\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\bumblebee\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\bumblebee\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\bumblebee\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\bumblebee\AppData\Roaming\Mozilla\Firefox\Profiles\di0dag23.default\prefs.js

C:\Users\bumblebee\AppData\Roaming\Mozilla\Firefox\Profiles\di0dag23.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.search.order.2", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100482");
Gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "b829ebd10000000000000015af28c496");
Gelöscht : user_pref("extensions.BabylonToolbar_i.id", "b829ebd10000000000000015af28c496");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15347");
Gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100482&babsrc=NT_s[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.170:17:08");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

*************************

AdwCleaner[R1].txt - [5671 octets] - [22/01/2013 20:52:14]
AdwCleaner[S1].txt - [5429 octets] - [22/01/2013 21:14:11]

########## EOF - C:\AdwCleaner[S1].txt - [5489 octets] ##########

Antwort

Themen zu C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen
antivir, appdata, automatisch, avira, bericht, cache, content, dateien, dokumente, einstellung, einstellungen, firefox, gelöscht, gen, günstiger, java, meldung, mozilla, nicht mehr, posten, punkbuster, quarantäne, temp, thema, works



Ähnliche Themen: C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen


  1. TR/Crypt.ZPACK.Gen8 in C:\Users\quattro\wgsdgsdgdsgsd.exe gefunden. PC war gesperrt.
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (9)
  2. Problem bei starten von C:\Users\XYZ\ wgsdgsdgdsgsd.dll
    Plagegeister aller Art und deren Bekämpfung - 12.04.2013 (13)
  3. GVU-Trojaner mit Webcam, TR/Meredrop.A.12609, C:\Users\DW\wgsdgsdgdsgsd.dll
    Log-Analyse und Auswertung - 19.01.2013 (9)
  4. C:\Users\User\wgsdgsdgdsgsd.dll (Das angegebene Modul wurde nicht gefunden)
    Plagegeister aller Art und deren Bekämpfung - 17.01.2013 (9)
  5. BDS/Delf.MN.19 in C:\Users\admin\AppData\Roaming\Microsoft\Windows\unicode2.nls und weitere...
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (2)
  6. C:\Users\XXp\wgsdgsdgdsgsd.exe - Trojaner entfernen
    Log-Analyse und Auswertung - 09.01.2013 (16)
  7. RunDLL: Problem beim Starten von C\Users\user\AppData\Local\Temp\wgsdgsdgdsgsd.exe - das angegebenen Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (1)
  8. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Log-Analyse und Auswertung - 19.12.2012 (2)
  9. RunDLL: Problem beim Starten von C\Users\user\AppData\Local\Temp\wgsdgsdgdsgsd.exe - das angegebenen Modul wurde nicht gefunden
    Log-Analyse und Auswertung - 17.12.2012 (9)
  10. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (11)
  11. C:\Users\AS8\AppData\Local\Temp\wgsdgsdgdsgsd.exe - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (12)
  12. C:\Users\***\AppData\Local\Temp\wgsdgsdgdsgsd.exe - Das Modul kann nicht gefunden werden.
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (13)
  13. Fehlermeldung beim Neustart C:\ Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe
    Log-Analyse und Auswertung - 22.10.2012 (48)
  14. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden - GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (16)
  15. TR/Sirefef.A.31 in C:\Users\***\AppData\Local\Temp\06263bf.cpl und weitere Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.06.2011 (13)
  16. TR/Crypt.ZPACK.Gen und TR/Spy.244736.13 in "TEMP" (und weitere Meldungen bei Systemstart)
    Plagegeister aller Art und deren Bekämpfung - 24.07.2010 (4)
  17. nach secure alert meldungen vermutlich weitere probleme!
    Plagegeister aller Art und deren Bekämpfung - 06.01.2010 (59)

Zum Thema C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen - Hallo Community, ich habe letztens einen vollständigen System-Scan mit AntiVir durchgeführt. Es gab während dessen meherer Funde. Ich hab die betroffenen Dateien anschließend In Quarantäne schieben lassen. Seitdem taucht die - C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen...
Archiv
Du betrachtest: C:\Users\BUMBLE~1\wgsdgsdgdsgsd.dll und weitere AntiVir-Meldungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.