Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner (Rechner läuft aber noch)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.06.2013, 16:05   #1
Bonner
 
GVU Trojaner (Rechner läuft aber noch) - Standard

GVU Trojaner (Rechner läuft aber noch)



Hallo,
ich habe mir den GVU-Trojaner eingefangen. Antivir hat gemeldet, dass irgendetwas auf meine registry zugreift und daher geblockt wird (den genauen Wortlaut habe ich nicht mehr im Kopf). Ich habe das mit OK bestätigt und sofort erschien der GVU-Bildschirm, aus dem man nicht mehr rauskommt.
Ich habe dann mit Strg-Alt-Entf den Taskmanager aufgerufen, den IE beendet und den Rechner neu gestartet. Ohne Probleme, im ganz normalen Modus.
Dann hat ein kompletter Scan mit Antivir noch folgende Dateien in Quarantäne geschickt:
- TR/Dldr.Nymaim.B.69
- TR/Drop.Xpaj.A
- EXP/CVE-2013-0431.EB
Malwarebytes, AdwCleaner und Spyware Terminator brachten auch keine neuen Ergebnisse mehr.
Dann bin ich auf dieses Board gestoßen und nachdem was ich gelesen habe, bin ich mir nicht sicher, dass mein Rechner clean ist. Der Scan mit Antivir kann ja wohl kaum die Lösung gewesen sein. Auf der anderen Seite funktioniert mein Rechner ohne Probleme.
Es handelt sich übrigens um einen Dell XPS mit Windows 7/64bit.
Wie soll ich nun weiter vorgehen?
Viele Grüße und vielen Dank Vorab
Ralf

Alt 14.06.2013, 16:09   #2
markusg
/// Malware-holic
 
GVU Trojaner (Rechner läuft aber noch) - Standard

GVU Trojaner (Rechner läuft aber noch)



hi
1. avira fundmeldungen mit pfadangabe posten
http://www.trojaner-board.de/125889-...en-posten.html
2.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 14.06.2013, 16:19   #3
Bonner
 
GVU Trojaner (Rechner läuft aber noch) - Standard

GVU Trojaner (Rechner läuft aber noch)



Hier kommt schon mal die Fundmeldung von avira:


Typ: Datei
Quelle: C:\Users\Keffi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\53d90297-7f016309
Status: Infiziert
Quarantäne-Objekt: 1f0d2a59.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.60
Virendefinitionsdatei: 7.11.84.172
Meldung: EXP/CVE-2013-0431.EB
Datum/Uhrzeit: 14.06.2013, 13:31


Typ: Datei
Quelle: C:\Users\Keffi\Desktop\gemc.tmp
Status: Infiziert
Quarantäne-Objekt: 55fc5f45.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.60
Virendefinitionsdatei: 7.11.84.172
Meldung: TR/Dldr.Nymaim.B.69
Datum/Uhrzeit: 14.06.2013, 13:31


Typ: Datei
Quelle: C:\Users\Keffi\AppData\Roaming\dbu32.ocx
Status: Infiziert
Quarantäne-Objekt: 4d6370df.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.60
Virendefinitionsdatei: 7.11.84.172
Meldung: TR/Drop.Xpaj.A
Datum/Uhrzeit: 14.06.2013, 13:31
__________________

Alt 14.06.2013, 18:02   #4
markusg
/// Malware-holic
 
GVU Trojaner (Rechner läuft aber noch) - Standard

GVU Trojaner (Rechner läuft aber noch)



otl logs fehlen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.06.2013, 19:33   #5
Bonner
 
GVU Trojaner (Rechner läuft aber noch) - Standard

GVU Trojaner (Rechner läuft aber noch)



Hier kommt der OTL.Txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.06.2013 17:43:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 52,62% Memory free
7,79 Gb Paging File | 5,81 Gb Available in Paging File | 74,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,01 Gb Total Space | 257,66 Gb Free Space | 57,13% Space Free | Partition Type: NTFS
Drive D: | 528,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\XSManager\WTGService.exe ()
PRC - C:\Program Files (x86)\XSManager\XSManager.exe (WebToGo Mobiles Internet GmbH)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Ericsson AB)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\XSManager\WTGXMLUtil.dll ()
MOD - C:\Program Files (x86)\XSManager\WtgUtil.dll ()
MOD - C:\Program Files (x86)\XSManager\WTGSMSPCClient.Dll ()
MOD - C:\Program Files (x86)\XSManager\WtgPorts.dll ()
MOD - C:\Program Files (x86)\XSManager\WtgDriverInstall.dll ()
MOD - C:\Program Files (x86)\XSManager\WTGDriverInstallX.Dll ()
MOD - C:\Program Files (x86)\XSManager\WtgDetection.dll ()
MOD - C:\Program Files (x86)\XSManager\WtgDialup.dll ()
MOD - C:\Program Files (x86)\XSManager\WTGDebugs.dll ()
MOD - C:\Program Files (x86)\XSManager\WtgCore.dll ()
MOD - C:\Program Files (x86)\XSManager\WtgBluetooth.dll ()
MOD - C:\Program Files (x86)\XSManager\WtgDatabase.dll ()
MOD - C:\Program Files (x86)\XSManager\sqlite3.dll ()
MOD - C:\Program Files (x86)\XSManager\ToolKit.dll ()
MOD - C:\Program Files (x86)\XSManager\tinyxml.dll ()
MOD - C:\Program Files (x86)\XSManager\NDISDirectDial.dll ()
MOD - C:\Program Files (x86)\XSManager\LogModule.dll ()
MOD - C:\Program Files (x86)\XSManager\4GSystems_WTGSMSPCClientGer.dll ()
MOD - C:\Program Files (x86)\XSManager\4GSystems_OneClickAssistantGer.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ST2012_Svc) -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Crawler.com)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (ZeroConfigService) -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe ()
SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (WMCoreService) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Ericsson AB)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (DMAgent) -- C:\Programme\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV - (WiMAXAppSrv) -- C:\Programme\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation)
SRV - (AdobeActiveFileMonitor9.0) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (cmnuusbser) -- C:\Windows\SysNative\drivers\cmnuusbser.sys (Wireless Device)
DRV:64bit: - (cmntnet) -- C:\Windows\SysNative\drivers\cmntnet.sys (Wireless Data Device)
DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)
DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (Mbm3Mdm) -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys (MCCI Corporation)
DRV:64bit: - (Mbm3DevMt) -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys (MCCI Corporation)
DRV:64bit: - (Mbm3mdfl) -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys (MCCI Corporation)
DRV:64bit: - (Mbm3CBus) -- C:\Windows\SysNative\drivers\Mbm3CBus.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys ()
DRV:64bit: - (d554gps) -- C:\Windows\SysNative\drivers\d554gps64.sys (Ericsson AB)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (d554scard) -- C:\Windows\SysNative\drivers\d554scard.sys (Ericsson AB)
DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ecnssndisfltr) -- C:\Windows\SysNative\drivers\wwussf64.sys (Ericsson AB)
DRV:64bit: - (ecnssndis) -- C:\Windows\SysNative\drivers\wwuss64.sys (Ericsson AB)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{C7A9FA1A-647B-465A-AB18-22CABDF822E9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{00E96D5B-F401-46A8-9E2A-8AAC70D74E13}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1076415451-527864440-302771368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
IE - HKU\S-1-5-21-1076415451-527864440-302771368-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-1076415451-527864440-302771368-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1076415451-527864440-302771368-1000\..\SearchScopes\{00E96D5B-F401-46A8-9E2A-8AAC70D74E13}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=784
IE - HKU\S-1-5-21-1076415451-527864440-302771368-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1076415451-527864440-302771368-1000\..\SearchScopes\{0E57A08F-892D-4C7A-B2FB-2781E80F4857}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\..\SearchScopes,DefaultScope = {00E96D5B-F401-46A8-9E2A-8AAC70D74E13}
IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\..\SearchScopes\{00E96D5B-F401-46A8-9E2A-8AAC70D74E13}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=784
IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\..\SearchScopes\{0E57A08F-892D-4C7A-B2FB-2781E80F4857}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\..\SearchScopes\{4D5E70C8-52C6-433A-AD89-4067A2B4F01E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=c1207fde-90d1-4a55-a1ed-38d8a9c5e0ea&apn_sauid=C8E5CBB4-05A4-4F88-A3E2-84A30A3FA07C
IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0a1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 19.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2012.10.16 17:23:29 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 19.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS
 
[2011.03.27 16:05:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.03.27 16:05:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.03.21 20:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2013.05.01 22:38:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\aumr8uax.default\extensions
[2011.03.18 23:20:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\foz4gsfv.default\extensions
[2013.04.08 19:11:52 | 000,199,379 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\aumr8uax.default\extensions\m2k@m2kdownloader.com.xpi
[2011.03.18 23:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.03.19 20:01:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.03 20:06:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.03 20:06:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.03 20:06:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.03 20:06:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.03 20:06:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\mcafee\systemcore\ScriptSn.20110315180916.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110315180916.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NSU_agent] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1076415451-527864440-302771368-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-1076415451-527864440-302771368-1000..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-1076415451-527864440-302771368-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1076415451-527864440-302771368-1000..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent File not found
O4 - HKU\S-1-5-21-1076415451-527864440-302771368-1000..\Run: [WirelessManager] C:\Program Files (x86)\Dell\Dell Mobile Broadband Manager\WirelessManager.exe (Ericsson AB)
O4 - HKU\S-1-5-21-1076415451-527864440-302771368-1002..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1076415451-527864440-302771368-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1076415451-527864440-302771368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE23362A-FE7B-462D-B778-E68A8955D32B}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E94A5AC7-BB78-4D58-B170-23C310ADAA07}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1998.11.26 17:49:16 | 000,420,864 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [1998.10.22 16:16:54 | 000,000,766 | R--- | M] () - D:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [1997.10.24 12:08:06 | 000,000,049 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3f59daa2-2fdc-11e2-a236-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{3f59daa2-2fdc-11e2-a236-028037ec0200}\Shell\AutoRun\command - "" = E:\XSManagerinstallation.exe
O33 - MountPoints2\{f6cbbf4d-5734-11e2-a147-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f6cbbf4d-5734-11e2-a147-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [1998.11.26 17:49:16 | 000,420,864 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\PROGRA~2\DIGITA~1\DLG.exe - (Avanquest Software )
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Dell DataSafe Online - hkey= - key= - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
MsConfig:64bit - StartUpReg: Dell Registration - hkey= - key= - C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DellStage - hkey= - key= - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
MsConfig:64bit - StartUpReg: Desktop Disc Tool - hkey= - key= - C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe ()
MsConfig:64bit - StartUpReg: DriverMax - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DriverMax_RESTART - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: emsisoft anti-malware - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
MsConfig:64bit - StartUpReg: MyTomTomSA.exe - hkey= - key= - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
MsConfig:64bit - StartUpReg: Nikon Message Center 2 - hkey= - key= - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: NokiaSuite.exe - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
MsConfig:64bit - StartUpReg: NUSB3MON - hkey= - key= - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
MsConfig:64bit - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig:64bit - StartUpReg: QuickSet - hkey= - key= - c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
MsConfig:64bit - StartUpReg: RtHDVBg - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: RTHDVCPL - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.14 17:21:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.06.14 13:55:03 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.06.14 13:55:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Spyware Terminator
[2013.06.14 13:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2013.06.14 13:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2013.06.14 13:55:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2013.06.12 00:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.06.11 23:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\imkn
[2013.06.11 22:54:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Nikon
[2013.06.01 22:03:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.06.01 21:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013.05.25 19:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.05.25 19:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.05.24 23:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2013.05.23 21:55:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2013.05.23 21:55:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2013.05.21 21:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.05.21 21:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.05.21 21:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.05.21 21:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.05.21 21:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.05.20 14:10:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaserSoft Imaging
[2013.05.20 14:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SilverFast Application
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.14 17:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.14 17:21:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.06.14 17:20:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.14 13:55:03 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2013.06.14 13:55:01 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013.06.14 13:50:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.14 13:50:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.14 13:42:49 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.14 13:42:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.14 13:41:48 | 3137,994,752 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.14 11:21:55 | 001,622,076 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.14 11:21:55 | 000,700,608 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.14 11:21:55 | 000,655,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.14 11:21:55 | 000,149,372 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.14 11:21:55 | 000,122,152 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.11 21:37:46 | 001,599,970 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.10 19:35:48 | 000,001,324 | ---- | M] () -- C:\Users\***\Desktop\SilverFast (32bit).lnk
[2013.06.05 21:13:26 | 507,233,348 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.02 14:49:51 | 000,541,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.01 22:26:48 | 000,001,080 | ---- | M] () -- C:\Users\***\Desktop\Kyodai Mahjongg 2006.lnk
[2013.05.23 22:08:44 | 000,000,608 | ---- | M] () -- C:\Windows\wiso.ini
[2013.05.21 21:16:09 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.05.20 14:32:55 | 000,000,128 | -H-- | M] () -- C:\ProgramData\V93GE
[2013.05.20 14:30:48 | 000,000,001 | -H-- | M] () -- C:\ProgramData\T23J7
[2013.05.15 19:15:36 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\XSManager.lnk
[2013.05.15 19:15:32 | 000,123,904 | ---- | M] (Wireless Device) -- C:\Windows\SysNative\drivers\cmnuusbser.sys
[2013.05.15 19:15:32 | 000,117,888 | ---- | M] (Mobile Connector) -- C:\Windows\SysNative\drivers\cmnsusbser.sys
[2013.05.15 19:15:31 | 000,141,824 | ---- | M] (Wireless Data Device) -- C:\Windows\SysNative\drivers\cmntnet.sys
[2013.05.15 19:15:31 | 000,133,120 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_netamd.sys
[2013.05.15 19:15:31 | 000,118,272 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_seramd.sys
[2013.05.15 19:15:31 | 000,112,640 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_net32.sys
[2013.05.15 19:15:31 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\SysNative\drivers\cm_ser32.sys
[2013.05.15 19:15:31 | 000,101,056 | ---- | M] () -- C:\Windows\SysNative\drivers\dvb_nova_12mhz_b0.inp
[2013.05.15 19:15:31 | 000,092,456 | ---- | M] () -- C:\Windows\SysNative\drivers\isdbt_nova_12mhz_b0.inp
[2013.05.15 19:15:31 | 000,079,036 | ---- | M] () -- C:\Windows\SysNative\drivers\tdmb_nova_12mhz_b0.inp
[2013.05.15 19:15:31 | 000,063,648 | ---- | M] (Siano) -- C:\Windows\SysNative\drivers\smsbda.sys
[2013.05.15 19:15:31 | 000,000,040 | ---- | M] () -- C:\Windows\SysNative\drivers\smsbda.cfg
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.14 13:55:01 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2013.06.05 21:13:26 | 507,233,348 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.06.01 22:26:48 | 000,001,080 | ---- | C] () -- C:\Users\***\Desktop\Kyodai Mahjongg 2006.lnk
[2013.06.01 21:49:55 | 000,001,521 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2013.06.01 21:49:45 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2013.06.01 21:46:11 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 9.lnk
[2013.05.20 14:30:48 | 000,000,001 | -H-- | C] () -- C:\ProgramData\T23J7
[2013.05.20 14:10:41 | 000,001,324 | ---- | C] () -- C:\Users\***\Desktop\SilverFast (32bit).lnk
[2013.05.12 00:00:27 | 000,000,128 | -H-- | C] () -- C:\ProgramData\V93GE
[2012.12.23 16:59:06 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.12.23 16:58:50 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.05.28 09:47:30 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2012.03.19 23:23:09 | 000,000,673 | ---- | C] () -- C:\Windows\wininit.ini
[2012.03.19 23:01:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Echo
[2012.03.19 23:01:45 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Filters
[2012.03.19 23:01:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Effects
[2012.03.19 23:01:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Flange Saw
[2012.03.19 23:01:10 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dynamic Library
[2012.03.19 23:01:10 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Filesystems
[2012.03.19 22:59:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\Distortion
[2012.03.19 22:59:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\Dance Kit
[2012.03.19 22:47:31 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2012.02.09 22:54:03 | 000,001,453 | ---- | C] () -- C:\Windows\eReg.dat
[2012.01.21 12:30:37 | 000,000,608 | ---- | C] () -- C:\Windows\wiso.ini
[2011.06.25 19:43:53 | 000,030,028 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat
[2011.06.25 14:43:52 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.06.25 14:43:52 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.17 21:17:36 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Drum Kits
[2011.05.17 21:17:36 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Documents
[2011.05.17 21:17:36 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Documentation
[2011.05.17 21:17:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011.05.17 21:17:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011.05.17 21:17:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011.03.19 22:34:23 | 000,006,656 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.05.28 09:30:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2012.01.21 12:30:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2013.06.01 22:03:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.04.20 08:33:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2011.03.21 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Haufe Mediengruppe
[2013.05.12 00:00:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LaserSoft Imaging
[2011.03.18 23:03:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.03.20 23:40:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware
[2012.06.01 00:32:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2013.04.15 22:45:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\metaspinner net GmbH
[2012.03.19 22:46:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon
[2012.01.31 22:49:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2011.04.11 21:06:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2011.11.22 23:47:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite
[2011.03.20 13:29:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2012.05.24 17:43:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr
[2012.06.02 14:33:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2012.09.02 23:16:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\proDAD
[2012.06.14 20:14:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2013.06.14 13:55:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spyware Terminator
[2012.12.20 21:52:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2013.05.03 16:51:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XSManager
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.06.14 12:34:22 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.03.16 01:24:47 | 000,000,000 | ---D | M] -- C:\apps
[2013.06.11 22:54:47 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011.06.25 14:38:09 | 000,000,000 | ---D | M] -- C:\dell
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.03.18 22:59:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.03.16 03:20:46 | 000,000,000 | ---D | M] -- C:\Drivers
[2011.03.16 00:54:20 | 000,000,000 | ---D | M] -- C:\Intel
[2011.03.19 22:58:20 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.06.13 21:47:30 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.05.24 23:28:01 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.06.14 13:55:00 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.06.14 13:55:02 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.03.18 22:59:18 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.03.18 23:05:44 | 000,000,000 | -HSD | M] -- C:\System Recovery
[2013.06.14 13:15:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.05.23 21:55:30 | 000,000,000 | ---D | M] -- C:\Temp
[2012.05.28 09:28:50 | 000,000,000 | R--D | M] -- C:\Users
[2013.06.05 21:13:26 | 000,000,000 | ---D | M] -- C:\Windows
[2011.07.08 19:09:20 | 000,000,000 | ---D | M] -- C:\{BFFABDB7-DE96-4467-9C57-1BFDA39C34AF}
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.03.20 21:04:40 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.03.20 21:04:41 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.06.10 17:53:09 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.01.12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\dell\drivers\R296901\f6flpy-x64\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Drivers\Chipset_IRST\f6flpy-x64\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
[2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys
[2011.01.12 17:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\dell\drivers\R296901\f6flpy-x86\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.06.14 18:20:15 | 004,718,592 | -HS- | M] () -- C:\Users\***\ntuser.dat
[2013.06.14 18:20:15 | 000,262,144 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG1
[2011.03.18 22:59:30 | 000,000,000 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG2
[2011.03.18 23:15:00 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.03.18 23:15:00 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.03.18 23:15:00 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.05.18 23:25:13 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{0a58fca4-818b-11e0-ae41-028037ec0200}.TM.blf
[2011.05.18 23:25:13 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{0a58fca4-818b-11e0-ae41-028037ec0200}.TMContainer00000000000000000001.regtrans-ms
[2011.05.18 23:25:13 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{0a58fca4-818b-11e0-ae41-028037ec0200}.TMContainer00000000000000000002.regtrans-ms
[2012.01.31 23:26:06 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{0f997870-49df-11e1-bdb5-028037ec0200}.TM.blf
[2012.01.31 23:26:06 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{0f997870-49df-11e1-bdb5-028037ec0200}.TMContainer00000000000000000001.regtrans-ms
[2012.01.31 23:26:06 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{0f997870-49df-11e1-bdb5-028037ec0200}.TMContainer00000000000000000002.regtrans-ms
[2011.03.19 20:53:10 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{3c666c00-524c-11e0-a7af-028037ec0200}.TM.blf
[2011.03.19 20:53:10 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{3c666c00-524c-11e0-a7af-028037ec0200}.TMContainer00000000000000000001.regtrans-ms
[2011.03.19 20:53:10 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{3c666c00-524c-11e0-a7af-028037ec0200}.TMContainer00000000000000000002.regtrans-ms
[2012.12.31 01:40:30 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{78f05a30-52d7-11e2-9152-14feb59c1197}.TM.blf
[2012.12.31 01:40:30 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{78f05a30-52d7-11e2-9152-14feb59c1197}.TMContainer00000000000000000001.regtrans-ms
[2012.12.31 01:40:30 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{78f05a30-52d7-11e2-9152-14feb59c1197}.TMContainer00000000000000000002.regtrans-ms
[2012.12.31 01:25:32 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{96757889-52d6-11e2-b749-14feb59c1197}.TM.blf
[2012.12.31 01:25:32 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{96757889-52d6-11e2-b749-14feb59c1197}.TMContainer00000000000000000001.regtrans-ms
[2012.12.31 01:25:32 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{96757889-52d6-11e2-b749-14feb59c1197}.TMContainer00000000000000000002.regtrans-ms
[2011.08.25 23:59:17 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{c1ac9e3e-cf44-11e0-ae26-028037ec0200}.TM.blf
[2011.08.25 23:59:17 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{c1ac9e3e-cf44-11e0-ae26-028037ec0200}.TMContainer00000000000000000001.regtrans-ms
[2011.08.25 23:59:17 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{c1ac9e3e-cf44-11e0-ae26-028037ec0200}.TMContainer00000000000000000002.regtrans-ms
[2013.05.04 15:36:58 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{c87f8f89-b4b4-11e2-a361-00a0c6000000}.TM.blf
[2013.05.04 15:36:58 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{c87f8f89-b4b4-11e2-a361-00a0c6000000}.TMContainer00000000000000000001.regtrans-ms
[2013.05.04 15:36:58 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{c87f8f89-b4b4-11e2-a361-00a0c6000000}.TMContainer00000000000000000002.regtrans-ms
[2012.05.24 17:46:55 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{db948c67-a4fd-11e1-ad0d-028037ec0200}.TM.blf
[2012.05.24 17:46:55 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{db948c67-a4fd-11e1-ad0d-028037ec0200}.TMContainer00000000000000000001.regtrans-ms
[2012.05.24 17:46:55 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{db948c67-a4fd-11e1-ad0d-028037ec0200}.TMContainer00000000000000000002.regtrans-ms
[2011.03.18 22:59:30 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         
--- --- ---


Alt 14.06.2013, 19:34   #6
Bonner
 
GVU Trojaner (Rechner läuft aber noch) - Standard

GVU Trojaner (Rechner läuft aber noch)



...und hier der Extras.TxtOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.06.2013 17:43:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,90 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 52,62% Memory free
7,79 Gb Paging File | 5,81 Gb Available in Paging File | 74,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,01 Gb Total Space | 257,66 Gb Free Space | 57,13% Space Free | Partition Type: NTFS
Drive D: | 528,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1076415451-527864440-302771368-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Nightly\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F538EED-6C7A-4FBE-B5B1-42A8BC86581A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1BD478E7-7FA4-47AC-9634-5693D3EB676E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1DB3269A-E4B9-4699-A4D1-44A41781C811}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{201F6BF0-1FE8-4B07-9227-F22B40C49B9E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2AD536BB-BB83-48B3-B516-97148808729F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{33A38BCB-64E7-4BC7-98F3-6CAD2ADA63B0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{3C53AFF1-F8E1-436B-A641-204789521E68}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3FB0223E-4420-4717-B235-D429739A469D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4BF0E6DB-F523-488F-8ACF-160711892D79}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{4EB56BB8-7085-4676-B478-1BE3BA826F50}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{534E2D18-E326-4748-8E1C-B3E66325964B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{59020B63-83DF-4EB3-A1E5-22E45125F9B7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{664A4E65-EA30-4144-8C7F-21584C19B0E1}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6798314F-6D39-488F-95A0-9F897A3BE144}" = lport=139 | protocol=6 | dir=in | app=system | 
"{70CBE7FC-B4F6-418E-AE8B-7A5D830A4F00}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7C6BF505-B5E7-43B0-AADB-539A3E2AF20C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8EF24AED-1193-46C3-9EDF-685092FD11D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{90670B08-CE4A-4C51-A4C8-2657103FD24B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{954415EC-FC41-4A34-9D84-3D6C3DB8CA02}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{99A27E93-5816-4FB9-AEA6-17B4F17BAA9D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A009D4C4-BF73-4243-AD00-7771AD084BA8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A16BAECB-CC78-47B0-BC9E-DBD7B51F10EB}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A4E3AD81-3449-437A-A3EF-98D17D90F493}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B20860FD-759D-4975-9390-50FE580A0745}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{C283E3CC-43F8-453E-98FC-FBA2A3212A3F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C39945D9-C2C0-457C-A6CC-DC4F90EA88DA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C53A25BE-FE2B-44C2-BFD5-36312B05F658}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CA9AD350-1F6A-4A7B-8BC9-2E57EFE1E3B8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D75BC5CE-1CFA-40AF-8997-CDA5C3AC8769}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E0AA6E6E-FCEB-425C-A7E2-D884C8373EED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E763C857-520A-45F2-B3AB-0A735093DF54}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E77C1253-C4C6-4DB0-819D-665974768733}" = rport=139 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DB25BB-26E2-432F-BC22-3BC47D6C058E}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{013BF48C-537A-417A-ACDC-D1FAFED5B905}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{04EE44EA-211C-40F6-8133-2D8021E12502}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{061ED317-7979-4B52-8B93-0EF1EBA35064}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{0AC16A85-062F-45D6-AB39-ABF3F5C2806C}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{0F7E582B-5645-4281-910B-C328B45B14C2}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{100BBA64-3AC8-4E16-8837-42BD3FAB7670}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | 
"{1089EC81-C8A7-4FAA-B8F2-FAF0AAFFCFE9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1507DA49-E0EC-4A7B-A0DD-07C73CA32E7A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{19551EC2-3213-421F-8F0A-75D7B6A5AD86}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{19E3ECB3-AE0F-4A62-BBF5-6EBF4840FF4B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1CFFDEC4-4BD6-4310-9C94-5F31C0A378D7}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{222E6526-3B48-429B-9360-0BCDC1930FFD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{232A00A0-FECF-4ED7-A530-63ABC9581780}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"{2696D085-5234-4644-A33A-0AAD83C44F34}" = protocol=6 | dir=out | app=system | 
"{27674F58-FED1-4001-8239-2D0C9409664F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2ADC9882-BA8E-4203-90BE-6C64D38B2495}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2B893C89-D6DA-4E4C-9C79-95CE7973793E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{2E944EAD-4F6E-4521-B7EA-AA81BB2E71AE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{30F6A501-6781-46E8-AEC7-9FBA89F1A031}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{415DC2E7-D64A-443D-8E00-DDE8AB6EB3E9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4337667E-5141-420F-A901-7F23B027BFDE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{499382D7-7BCD-49CD-8E13-1F4DE8EA9FEC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4DAA793E-7C18-4781-81A4-1C609EFBE784}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{4DFCE73E-089F-4BA8-A4EE-1A18AAE6ABD2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{4E06582E-37A2-4339-950C-2B15C7F37BA8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{5157130C-595C-4CEE-B2A2-EF69C1D85752}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{5A4D5F73-AB1C-4EE7-A84A-6B977E6989FC}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{5CE49E59-A7DF-4247-8781-BF9665FF3E39}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{5D39E58A-F31E-411B-875B-7DCCA4CCC91A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5EFA155D-910C-4D29-90BA-60009EB120AB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{609DA841-BFBF-46AB-9FBB-4FB5A0AC520D}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{61A4F72A-A5A6-4275-BFAC-FD4262EB1DAE}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | 
"{666DAE86-517D-49F4-8096-CD2B9E5B0453}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | 
"{68040292-2917-44CB-8451-FB326BA53C57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F2F18C9-84CA-471B-B6D5-862C85B2D421}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E957BC7-0A5A-4996-95CF-A2ECA76EDCB0}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | 
"{852D0124-2AEF-4EDD-B9C1-9C055886DADB}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{857D8819-0CAF-4C4A-8DC0-E4FC55B0DD3E}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{8629A484-03E4-427C-B85A-82CA5EC9305D}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{8D032D28-EE49-42F1-9E90-A698B8DCA5A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{964E364D-6D49-4601-A991-2EFEAA57A378}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{9947B5E9-0925-424A-AD90-081D0D4C9636}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{99934960-2039-4DC1-9F02-8AC02A045830}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{9CA9821A-0FF2-44AB-9007-4044E8C5FA85}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9DFB0822-C383-4733-9A73-D13A7B23F7AC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{A2EAF6B9-13E1-4DE9-9470-89656CD20226}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{A40E04AB-F58D-440B-828C-FD9F5E739581}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A61D5585-EE4F-4E62-832B-6228FCD2E5E4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A7B80CD5-425B-4A29-B223-FFFB9F17A8C3}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | 
"{A8FAF3F7-2D71-4124-AF16-689F83C1CA59}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AC130BFF-55A2-4CDE-8843-883E3CFF263F}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{AE666F26-17DB-4B63-9DC8-F9CE90533E39}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AF3B06EF-C932-4F6B-8A9A-E2A8CDBF35CC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B0B657FF-B22F-4D4D-BBD9-47D277EEF475}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B4CF9E8E-C5AB-4347-A931-96D2303A6A33}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{BCA5B340-DF40-4437-9429-347F69B0B57F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C4036843-0DA7-4048-B835-DDE323465483}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | 
"{C7CCFAC0-6281-4810-A734-129110625BD2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CCC977BD-AF76-4FD4-A972-73F996F942BC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{CCD24DFA-FE03-4850-9C37-72F66A37A791}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{CE00B811-7A0F-4CC9-98A1-9A7BF3DF004D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DAFCDE03-3E57-438D-9032-0D511B859327}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{DBE0F57C-6BD6-4656-93DC-C62BD685BEE1}" = dir=in | app=c:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe | 
"{DFA7BB1F-E2FF-4E4E-8561-8BFDFB2F93DA}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"{E02EEEC6-3EA1-40D0-A5AD-BE665FAFDE3B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E1EC6F7B-CDF1-48ED-B9D0-8B681DDF2EFB}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{F0939ADC-015F-4BB0-AE66-A13995A82699}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{F936C6B3-67B8-4AE9-970E-3FCE58707BAA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{FCD1442F-802B-4BB4-9E40-F885E215C5BE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{FD0A9FBB-6665-45D5-9488-58AD0D0E3BAA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{FF17BC37-AC3C-4B78-983B-6DD9AE3C59CB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{CE634875-496E-4FC6-93E7-DBAABCC46A4C}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{717C60E2-3FAA-46B3-B816-E7AA3861B0AB}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11953C65-BB4E-4CA4-B0F0-2600A4B20040}" = Picture Control Utility x64
"{171C55A9-DE88-4A60-A26D-C13CA38AA771}" = System Requirements Lab for Intel (64-bit)
"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi-Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{635BE602-BB9C-4C59-8CC5-93F9366E8A21}" = ViewNX 2
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6D8CD48B-FFDC-44ED-B474-644E4A723DC8}" = Fotos auf DVD MX Deluxe Sonderedition Update
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D722B485-CE5B-44A2-9522-CD113608A2F6}" = Fotos auf DVD MX Deluxe SE Update
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}" = Intel® PROSet/Wireless WiMAX Software
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9)
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7)
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Nightly 19.0a1 (x64 en-US)" = Nightly 19.0a1 (x64 en-US)
"PC-Doctor for Windows" = My Dell
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{01159E8A-44F7-4885-A7F9-872CE4D74063}" = Steuer 2012
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D98F04D-11A1-4B64-A406-43292B9EEE90}" = Dell PhotoStage
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{0FF5E588-C1BC-477A-A827-FB1693C73567}" = Fotos auf DVD MX Deluxe Sonderedition Update
"{10C854E0-55B2-4DBB-78F6-55CF500A4F41}" = MAGIX Online Druck Service
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{17407164-F2AD-4E04-886B-8060D503F21C}" = Dell MusicStage
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration
"{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{4967EACC-76E9-4E8A-B7D2-5C7105F0A79D}" = MAGIX Fotos auf DVD MX Deluxe Sonderedition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6139D295-3B53-4137-A71E-C084C189A5AE}" = MAGIX Foto Manager 10
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7130468A-F53F-4698-8C09-A339EA3B05E6}" = Nokia Software Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{76651FD7-2B71-4B61-9F3A-E82F52F08D92}" = Konz 2013
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB1723E2-05BC-49C1-86AB-409764C0E608}" = Dell Stage
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B08B4896-886C-4644-8664-BBA4CE99D318}" = Distortion Control Data
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8AEEF04-373D-48F8-8457-924EBB924F75}" = MAGIX Speed burnR (MSI)
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0C8B6BB-4B08-4062-B5A7-DE1962B18382}" = MAGIX Screenshare
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Civilization V" = Sid Meier's Civilization V
"de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{76651FD7-2B71-4B61-9F3A-E82F52F08D92}" = Konz 2013
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42
"MAGIX_{4967EACC-76E9-4E8A-B7D2-5C7105F0A79D}" = MAGIX Fotos auf DVD MX Deluxe Sonderedition
"MAGIX_{6139D295-3B53-4137-A71E-C084C189A5AE}" = MAGIX Foto Manager 10
"MAGIX_{D8AEEF04-373D-48F8-8457-924EBB924F75}" = MAGIX Speed burnR (MSI)
"MAGIX_{E0C8B6BB-4B08-4062-B5A7-DE1962B18382}" = MAGIX Screenshare
"MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7
"MyTomTom" = MyTomTom 3.2.0.1116
"NewBlue Art Effects for Magix" = Art Effects for Magix
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"ShapeCollage" = Shape Collage
"SilverFast 8 x86" = SilverFast 8.0.1r24 (32bit)
"Tomb Raider III" = Tomb Raider III
"WinLiveSuite" = Windows Live Essentials
"XSManager" = XSManager
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1076415451-527864440-302771368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"f031ef6ac137efc5" = Dell Driver Download Manager
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1076415451-527864440-302771368-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.02.2013 14:34:26 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 01.03.2013 16:04:15 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 02.03.2013 08:58:14 | Computer Name = ***-PC | Source = IAStorDataMgrSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine
 Verbindung mit dem Dienstcontroller herstellen
 
Error - 03.03.2013 14:10:57 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 04.03.2013 16:38:04 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 09.03.2013 11:04:43 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 09.03.2013 11:38:34 | Computer Name = ***-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 09.03.2013 11:39:08 | Computer Name = ***-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 09.03.2013 15:33:30 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mini_WMCore.exe, Version: 6.3.3.4,
 Zeitstempel: 0x4d64fd88  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7b96f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00039342  ID des fehlerhaften
 Prozesses: 0x920  Startzeit der fehlerhaften Anwendung: 0x01ce1cde0c1b9420  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: 38a7cf4c-88f0-11e2-bc42-028037ec0200
 
Error - 10.03.2013 10:48:19 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 10.03.2013 17:08:27 | Computer Name = ***-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ Dell Events ]
Error - 20.03.2011 15:11:25 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 26.03.2011 16:13:23 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 26.03.2011 16:13:23 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 17.05.2011 14:31:30 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 17.05.2011 14:31:30 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 22.05.2011 06:03:53 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 22.05.2011 06:03:53 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 22.05.2011 06:27:29 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 22.05.2011 06:27:29 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 26.07.2011 09:15:17 | Computer Name = ***-PC | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ Media Center Events ]
Error - 10.06.2011 03:52:25 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 09:52:25 - Fehler beim Herstellen der Internetverbindung.  09:52:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10.06.2011 03:52:32 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 09:52:31 - Fehler beim Herstellen der Internetverbindung.  09:52:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10.06.2011 04:52:37 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 10:52:37 - Fehler beim Herstellen der Internetverbindung.  10:52:37 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10.06.2011 04:52:42 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 10:52:42 - Fehler beim Herstellen der Internetverbindung.  10:52:42 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.06.2011 02:56:42 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 08:56:38 - Fehler beim Herstellen der Internetverbindung.  08:56:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.06.2011 03:57:07 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 09:57:03 - Fehler beim Herstellen der Internetverbindung.  09:57:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.06.2011 04:57:13 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 10:57:12 - Fehler beim Herstellen der Internetverbindung.  10:57:12 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.06.2011 05:57:18 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 11:57:18 - Fehler beim Herstellen der Internetverbindung.  11:57:18 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.08.2011 15:27:52 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 21:27:52 - Fehler beim Herstellen der Internetverbindung.  21:27:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.08.2011 15:28:16 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 21:27:57 - Fehler beim Herstellen der Internetverbindung.  21:27:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 11.06.2013 15:29:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 11.06.2013 15:30:04 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 11.06.2013 17:12:47 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11.06.2013 17:12:52 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 11.06.2013 17:13:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 11.06.2013 17:44:26 | Computer Name = ***-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 11.06.2013 17:44:26 | Computer Name = ***-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 11.06.2013 17:44:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 14.06.2013 05:06:00 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
Error - 14.06.2013 07:43:19 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SftService erreicht.
 
 
< End of report >
         
--- --- ---

Alt 14.06.2013, 20:04   #7
markusg
/// Malware-holic
 
GVU Trojaner (Rechner läuft aber noch) - Standard

GVU Trojaner (Rechner läuft aber noch)



poste bitte die hitmanpro ergebnisse die bisher erstellt wurden
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.06.2013, 20:12   #8
Bonner
 
GVU Trojaner (Rechner läuft aber noch) - Standard

GVU Trojaner (Rechner läuft aber noch)



Stimmt, den Scan hab ich ja auch noch gemacht. Da bin über das BSI dran gekommen. Hier ist das Ergebnis:

Code:
ATTFilter
HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : ***-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : ***-PC\***
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-06-12 00:02:49
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 39s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 1105

   Objects scanned . . . : 2.034.210
   Files scanned . . . . : 58.189
   Remnants scanned  . . : 593.920 files / 1.382.101 keys

Potential Unwanted Programs _________________________________________________

   C:\Program Files (x86)\Ask.com\ (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\ (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\b.png (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\bl.png (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\br.png (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\l.png (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\pointer.png (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\r.png (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\t.png (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\tl.png (AskBar)
   C:\Program Files (x86)\Ask.com\assets\oobe\tr.png (AskBar)
   C:\Program Files (x86)\Ask.com\AviraBrowserSecurity.exe (AskBar)
      Size . . . . . . . : 233.640 bytes
      Age  . . . . . . . : 380.1 days (2012-05-27 22:06:49)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : BD4CFE00ADE28FE3E2D0BF9AE330DC6E8EA75EA928BF08A45FBA6CBB50499799
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -9.0

   C:\Program Files (x86)\Ask.com\cb_1559.ico (AskBar)
   C:\Program Files (x86)\Ask.com\cobrand.ico (AskBar)
   C:\Program Files (x86)\Ask.com\config.xml (AskBar)
   C:\Program Files (x86)\Ask.com\favicon.ico (AskBar)
   C:\Program Files (x86)\Ask.com\fv_1049.ico (AskBar)
   C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (AskBar)
      Size . . . . . . . : 1.519.272 bytes
      Age  . . . . . . . : 380.1 days (2012-05-27 22:06:49)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : 9141CD19AA620C6B0F93D3FDAFAC4C7CEBCFAC3944D2F849C1B66F90CF4B7B7C
      Product  . . . . . : Toolbar
      Publisher  . . . . : Ask
      Description  . . . : Avira SearchFree Toolbar
      Version  . . . . . : 5.15.1.22229
      Copyright  . . . . : (c) Ask.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -17.0
      Startup
         HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\
         HKU\S-1-5-21-1076415451-527864440-302771368-1000\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}
         HKU\S-1-5-21-1076415451-527864440-302771368-1002\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440}
         HKU\S-1-5-21-1076415451-527864440-302771368-1002\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}
         HKU\S-1-5-21-1076415451-527864440-302771368-500\SOFTWARE\Microsoft\Internet Explorer\UrlSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC}
      References
         HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\
         HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\
         HKLM\SOFTWARE\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd.1\
         HKLM\SOFTWARE\Wow6432Node\Classes\GenericAskToolbar.ToolbarWnd\
         HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}\
         HKU\S-1-5-21-1076415451-527864440-302771368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}\
         HKU\S-1-5-21-1076415451-527864440-302771368-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}\
         HKU\S-1-5-21-1076415451-527864440-302771368-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}\

   C:\Program Files (x86)\Ask.com\mupcfg.xml (AskBar)
   C:\Program Files (x86)\Ask.com\precache.exe (AskBar)
      Size . . . . . . . : 70.824 bytes
      Age  . . . . . . . : 380.1 days (2012-05-27 22:06:49)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 86135AC920B83645547294BD3D4DD4D4D3255AD7547D379D000CDBF7B055E0B1
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -9.0

   C:\Program Files (x86)\Ask.com\SaUpdate.exe (AskBar)
      Size . . . . . . . : 196.776 bytes
      Age  . . . . . . . : 380.1 days (2012-05-27 22:06:49)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : E7B9AB3D7FC49542CC86391867B84F842B5E5848ECFE60B2A0E72B1743111AC8
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -9.0

   C:\Program Files (x86)\Ask.com\Updater\ (AskBar)
   C:\Program Files (x86)\Ask.com\Updater\config.xml (AskBar)
   C:\Program Files (x86)\Ask.com\Updater\Updater.exe (AskBar)
      Size . . . . . . . : 1.557.160 bytes
      Age  . . . . . . . : 380.1 days (2012-05-27 22:06:49)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : C61D77D353CE0A520A3430C69CBC939C226FF806CF467AF086A94E6B0E15920F
      Product  . . . . . : Updater
      Publisher  . . . . : Ask
      Description  . . . : Ask Updater
      Version  . . . . . : 5.15.1.22229
      Copyright  . . . . : (c) Ask.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -19.0

   C:\Program Files (x86)\Ask.com\UpdateTask.exe (AskBar)
      Size . . . . . . . : 135.336 bytes
      Age  . . . . . . . : 380.1 days (2012-05-27 22:06:49)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 553228BB8350CFD51679F43E631B8E7F581FA8263B3DEA8CFEE8B8F62CEF72F0
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -13.0

   C:\Program Files (x86)\Delta\delta\ (Delta Search)
   C:\Program Files (x86)\Delta\delta\1.8.16.16\ (Delta Search)
   C:\Program Files (x86)\Delta\delta\1.8.16.16\deltasrv.exe (Delta Search)
      Size . . . . . . . : 381.336 bytes
      Age  . . . . . . . : 90.5 days (2013-03-13 13:00:16)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 98FAB08E1E99BA4F491ACDA14ADB042417A0F37F30CA80B8F8354D64D6F1EB91
      Product  . . . . . : Delta Toolbar
      Publisher  . . . . : Delta-search.com
      Description
      Version  . . . . . : 1.8.16.0
      Copyright  . . . . :  (c) Delta-search.com All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -7.0

   C:\Program Files (x86)\Delta\delta\1.8.16.16\GUninstaller.exe (Delta Search)
      Size . . . . . . . : 394.320 bytes
      Age  . . . . . . . : 44.0 days (2013-04-28 23:13:19)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : E21B939CA056FEA3E053059D70BDA0857EAA15C5177610DDB81C3FEF4B619A66
      Product  . . . . . : Uninstaller
      Publisher  . . . . : Babylon Ltd.
      Description  . . . : Uninstaller Application
      Version  . . . . . : 9.1.1.1
      Copyright  . . . . : Copyright © Babylon Ltd. 1997-2013
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -7.0

   C:\Program Files (x86)\Delta\delta\1.8.16.16\uninstall.exe (Delta Search)
      Size . . . . . . . : 198.808 bytes
      Age  . . . . . . . : 44.0 days (2013-04-28 23:13:06)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 904E833BA68DCD2F72C24B7783D6B38CE4405275BAE8659915AFB6A63BCC6578
      Product  . . . . . : ${PRDCT_DSP}
      Publisher  . . . . : Delta
      Version  . . . . . : 1.8.16.16
      Fuzzy  . . . . . . : 8.0

   C:\ProgramData\Babylon\ (Babylon)
   C:\ProgramData\BrowserProtect\ (Claro)
   C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\ (Claro)
   C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (Claro)
      Size . . . . . . . : 2.520.016 bytes
      Age  . . . . . . . : 44.0 days (2013-04-28 23:13:16)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : BCA2B76339A9331A089EA7A3297764767D7ED4E0CAC18935B85D462B08A67F6F
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -9.0

   C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (Claro)
      Size . . . . . . . : 2.787.280 bytes
      Age  . . . . . . . : 44.0 days (2013-04-28 23:13:16)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 67941CDDBC7FE0A6F913541ED9EDA6DCD73BED38281C498764077491501D62D4
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -9.0

   C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\ (Claro)
   C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js (Claro)
   C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (Claro)
      Size . . . . . . . : 2.787.280 bytes
      Age  . . . . . . . : 44.0 days (2013-04-28 23:13:18)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 67941CDDBC7FE0A6F913541ED9EDA6DCD73BED38281C498764077491501D62D4
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -9.0

   C:\Users\Administrator\AppData\LocalLow\AskToolbar\ (AskBar)
   C:\Users\Administrator\AppData\LocalLow\AskToolbar\APNU\ (AskBar)
   C:\Users\Administrator\AppData\LocalLow\AskToolbar\APNU\config.xml (AskBar)
   C:\Users\***\AppData\Local\AskToolbar\ (AskBar)
   C:\Users\***\AppData\Local\AskToolbar\Downloaded Program Files\ (AskBar)
   C:\Users\***\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll (AskBar)
      Size . . . . . . . : 986.064 bytes
      Age  . . . . . . . : 411.3 days (2012-04-26 17:12:34)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 7699132B6EBAD2A9A8563A602173D499E008B9FB1C9359E5FB07B3DCAB033CEF
      Product  . . . . . : Avira Addon
      Publisher  . . . . : Ask.com
      Description  . . . : Avira Addon
      Version  . . . . . : 3.0.0.1000
      Copyright  . . . . : Copyright © 2009 Ask.com, All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -7.0

   C:\Users\***\AppData\Local\AskToolbar\Downloaded Program Files\avr-3.inf (AskBar)
   C:\Users\***\AppData\LocalLow\AskToolbar\ (AskBar)
   C:\Users\***\AppData\LocalLow\AskToolbar\accl.xml (AskBar)
   C:\Users\***\AppData\LocalLow\AskToolbar\Avira.install-bubble.config (AskBar)
   C:\Users\***\AppData\LocalLow\AskToolbar\Avira.status.config (AskBar)
   C:\Users\***\AppData\LocalLow\AskToolbar\cache.dat (AskBar)
   C:\Users\***\AppData\LocalLow\AskToolbar\config.xml (AskBar)
   C:\Users\***\AppData\LocalLow\AskToolbar\osearch.xml (AskBar)
   C:\Users\***\AppData\Roaming\BabSolution\ (Delta Search)
   C:\Users\***\AppData\Roaming\BabSolution\Shared\ (Delta Search)
   C:\Users\***\AppData\Roaming\BabSolution\Shared\BUSUninstall.exe (Delta Search)
      Size . . . . . . . : 12.880 bytes
      Age  . . . . . . . : 44.0 days (2013-04-28 23:13:10)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 40A4B8C4BBDF41956D3EB220E926CF32F49B92914DDF1B244BEF8770115761AF
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -1.0

   C:\Users\***\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (Delta Search)
      Size . . . . . . . : 394.320 bytes
      Age  . . . . . . . : 44.0 days (2013-04-28 23:13:10)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : E21B939CA056FEA3E053059D70BDA0857EAA15C5177610DDB81C3FEF4B619A66
      Product  . . . . . : Uninstaller
      Publisher  . . . . : Babylon Ltd.
      Description  . . . : Uninstaller Application
      Version  . . . . . : 9.1.1.1
      Copyright  . . . . : Copyright © Babylon Ltd. 1997-2013
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -7.0

   C:\Users\***\AppData\Roaming\Babylon\ (Babylon)
   C:\Users\***\AppData\Roaming\Babylon\log_file.txt (Babylon)
   C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
   C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\1031.MST (AskBar)
   C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe (AskBar)
      Size . . . . . . . : 102.400 bytes
      Age  . . . . . . . : 380.1 days (2012-05-27 22:06:50)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 092D64E5DB4FA21D6719B3A6A30AD06A2CB0E1F897357CD4935BECA52E921274
      Product  . . . . . : InstallShield
      Publisher  . . . . : Acresso Software Inc.
      Description  . . . : InstallShield
      Version  . . . . . : 16.0.328
      Copyright  . . . . : Copyright (C) 2009 Acresso Software Inc. and/or InstallShield Co. Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 0.0

   HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}\ (Delta Search)
   HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1\ (AskBar)
   HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd\ (AskBar)
   HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9\ (AskBar)
   HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}\ (Delta Search)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF\ (AskBar)
   HKLM\SOFTWARE\Wow6432Node\Babylon\ (Babylon)
   HKLM\SOFTWARE\Wow6432Node\DataMngr\ (SearchQU)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} (AskBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ (AskBar)
   HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
   HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
   HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}\ (Delta Search)
   HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}\ (Delta Search)
   HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\Ask.com\ (AskBar)
   HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\AskToolbar\ (AskBar)
   HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\BabylonToolbar\ (Babylon)
   HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\DataMngr\ (SearchQU)
   HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\DataMngr_Toolbar\ (SearchQU)
   HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
   HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
   HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\Softonic\ (Softonic)

Cookies _____________________________________________________________________

   C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:apmebf.com
   C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:atdmt.com
   C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:content.yieldmanager.com
   C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:doubleclick.net
   C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:fastclick.net
   C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:invitemedia.com
   C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:mediaplex.com
   C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:microsoftwllivemkt.112.2o7.net
   C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:revsci.net
   C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:serving-sys.com
   C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:smartadserver.com
   C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:tradedoubler.com
   C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\foz4gsfv.default\cookies.sqlite:ww251.smartadserver.com
         

Alt 14.06.2013, 20:15   #9
markusg
/// Malware-holic
 
GVU Trojaner (Rechner läuft aber noch) - Standard

GVU Trojaner (Rechner läuft aber noch)



Hi,Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.06.2013, 20:22   #10
Bonner
 
GVU Trojaner (Rechner läuft aber noch) - Standard

GVU Trojaner (Rechner läuft aber noch)



Hier ist das Ergebnis:

21:17:59.0796 8688 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:18:00.0036 8688 ============================================================
21:18:00.0036 8688 Current date / time: 2013/06/14 21:18:00.0036
21:18:00.0036 8688 SystemInfo:
21:18:00.0036 8688
21:18:00.0036 8688 OS Version: 6.1.7601 ServicePack: 1.0
21:18:00.0036 8688 Product type: Workstation
21:18:00.0036 8688 ComputerName: ***-PC
21:18:00.0036 8688 UserName: ***
21:18:00.0036 8688 Windows directory: C:\Windows
21:18:00.0036 8688 System windows directory: C:\Windows
21:18:00.0036 8688 Running under WOW64
21:18:00.0036 8688 Processor architecture: Intel x64
21:18:00.0036 8688 Number of processors: 8
21:18:00.0036 8688 Page size: 0x1000
21:18:00.0036 8688 Boot type: Normal boot
21:18:00.0036 8688 ============================================================
21:18:01.0016 8688 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:18:01.0026 8688 ============================================================
21:18:01.0026 8688 \Device\Harddisk0\DR0:
21:18:01.0026 8688 MBR partitions:
21:18:01.0026 8688 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x1D4C000
21:18:01.0026 8688 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7F000, BlocksNum 0x38606830
21:18:01.0026 8688 ============================================================
21:18:01.0086 8688 C: <-> \Device\Harddisk0\DR0\Partition2
21:18:01.0086 8688 ============================================================
21:18:01.0086 8688 Initialize success
21:18:01.0086 8688 ============================================================
21:19:27.0320 9264 ============================================================
21:19:27.0320 9264 Scan started
21:19:27.0320 9264 Mode: Manual; SigCheck; TDLFS;
21:19:27.0320 9264 ============================================================
21:19:27.0890 9264 ================ Scan system memory ========================
21:19:27.0890 9264 System memory - ok
21:19:27.0890 9264 ================ Scan services =============================
21:19:28.0030 9264 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:19:28.0120 9264 1394ohci - ok
21:19:28.0130 9264 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:19:28.0150 9264 ACPI - ok
21:19:28.0180 9264 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:19:28.0260 9264 AcpiPmi - ok
21:19:28.0490 9264 [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
21:19:28.0500 9264 AdobeActiveFileMonitor9.0 - ok
21:19:28.0580 9264 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:19:28.0590 9264 AdobeARMservice - ok
21:19:28.0710 9264 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:19:28.0720 9264 AdobeFlashPlayerUpdateSvc - ok
21:19:28.0770 9264 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:19:28.0790 9264 adp94xx - ok
21:19:28.0820 9264 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:19:28.0850 9264 adpahci - ok
21:19:28.0870 9264 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:19:28.0880 9264 adpu320 - ok
21:19:28.0910 9264 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:19:29.0030 9264 AeLookupSvc - ok
21:19:29.0100 9264 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
21:19:29.0110 9264 AERTFilters - ok
21:19:29.0150 9264 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:19:29.0220 9264 AFD - ok
21:19:29.0240 9264 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:19:29.0260 9264 agp440 - ok
21:19:29.0290 9264 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:19:29.0320 9264 ALG - ok
21:19:29.0370 9264 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:19:29.0390 9264 aliide - ok
21:19:29.0420 9264 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:19:29.0450 9264 amdide - ok
21:19:29.0470 9264 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:19:29.0510 9264 AmdK8 - ok
21:19:29.0510 9264 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:19:29.0540 9264 AmdPPM - ok
21:19:29.0580 9264 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:19:29.0600 9264 amdsata - ok
21:19:29.0610 9264 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:19:29.0630 9264 amdsbs - ok
21:19:29.0640 9264 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:19:29.0650 9264 amdxata - ok
21:19:29.0700 9264 [ D46391F209DE0A98A97D1D1765F53438 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
21:19:29.0750 9264 AMPPAL - ok
21:19:29.0750 9264 [ D46391F209DE0A98A97D1D1765F53438 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
21:19:29.0760 9264 AMPPALP - ok
21:19:29.0820 9264 [ EDFB061F7D553B84731B8263077FD520 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
21:19:29.0900 9264 AMPPALR3 - ok
21:19:29.0990 9264 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:19:30.0000 9264 AntiVirSchedulerService - ok
21:19:30.0060 9264 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:19:30.0080 9264 AntiVirService - ok
21:19:30.0110 9264 [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:19:30.0130 9264 AntiVirWebService - ok
21:19:30.0170 9264 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:19:30.0330 9264 AppID - ok
21:19:30.0350 9264 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:19:30.0390 9264 AppIDSvc - ok
21:19:30.0440 9264 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
21:19:30.0490 9264 Appinfo - ok
21:19:30.0570 9264 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:19:30.0580 9264 Apple Mobile Device - ok
21:19:30.0610 9264 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:19:30.0620 9264 arc - ok
21:19:30.0630 9264 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:19:30.0640 9264 arcsas - ok
21:19:30.0750 9264 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:19:30.0760 9264 aspnet_state - ok
21:19:30.0780 9264 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:19:30.0840 9264 AsyncMac - ok
21:19:30.0870 9264 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
21:19:30.0880 9264 atapi - ok
21:19:30.0920 9264 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:19:30.0980 9264 AudioEndpointBuilder - ok
21:19:30.0990 9264 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:19:31.0030 9264 AudioSrv - ok
21:19:31.0100 9264 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:19:31.0110 9264 avgntflt - ok
21:19:31.0150 9264 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:19:31.0160 9264 avipbb - ok
21:19:31.0220 9264 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:19:31.0230 9264 avkmgr - ok
21:19:31.0270 9264 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:19:31.0350 9264 AxInstSV - ok
21:19:31.0390 9264 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:19:31.0440 9264 b06bdrv - ok
21:19:31.0470 9264 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:19:31.0480 9264 b57nd60a - ok
21:19:31.0520 9264 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:19:31.0570 9264 BDESVC - ok
21:19:31.0580 9264 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:19:31.0630 9264 Beep - ok
21:19:31.0680 9264 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:19:31.0730 9264 BFE - ok
21:19:31.0750 9264 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:19:31.0820 9264 BITS - ok
21:19:31.0830 9264 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:19:31.0850 9264 blbdrive - ok
21:19:31.0910 9264 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:19:31.0920 9264 Bonjour Service - ok
21:19:31.0950 9264 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:19:31.0990 9264 bowser - ok
21:19:32.0040 9264 [ 597FFFAC47605337B1C719B4975238F0 ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
21:19:32.0090 9264 bpenum - ok
21:19:32.0130 9264 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:19:32.0160 9264 BrFiltLo - ok
21:19:32.0160 9264 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:19:32.0190 9264 BrFiltUp - ok
21:19:32.0230 9264 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:19:32.0270 9264 Browser - ok
21:19:32.0290 9264 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:19:32.0320 9264 Brserid - ok
21:19:32.0330 9264 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:19:32.0370 9264 BrSerWdm - ok
21:19:32.0390 9264 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:19:32.0420 9264 BrUsbMdm - ok
21:19:32.0420 9264 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:19:32.0440 9264 BrUsbSer - ok
21:19:32.0460 9264 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:19:32.0490 9264 BTHMODEM - ok
21:19:32.0540 9264 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:19:32.0590 9264 bthserv - ok
21:19:32.0630 9264 [ A3BC030FC526643DFDCA27299F75544B ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
21:19:32.0640 9264 BTHSSecurityMgr - ok
21:19:32.0650 9264 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:19:32.0690 9264 cdfs - ok
21:19:32.0710 9264 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:19:32.0740 9264 cdrom - ok
21:19:32.0780 9264 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:19:32.0830 9264 CertPropSvc - ok
21:19:32.0860 9264 [ E02C9CDB15F13DE4EB2FF67660E62317 ] cfwids C:\Windows\system32\drivers\cfwids.sys
21:19:32.0870 9264 cfwids - ok
21:19:32.0900 9264 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:19:32.0910 9264 circlass - ok
21:19:32.0940 9264 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:19:32.0960 9264 CLFS - ok
21:19:33.0010 9264 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:19:33.0020 9264 clr_optimization_v2.0.50727_32 - ok
21:19:33.0050 9264 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:19:33.0060 9264 clr_optimization_v2.0.50727_64 - ok
21:19:33.0130 9264 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:19:33.0140 9264 clr_optimization_v4.0.30319_32 - ok
21:19:33.0180 9264 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:19:33.0190 9264 clr_optimization_v4.0.30319_64 - ok
21:19:33.0220 9264 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:19:33.0300 9264 CmBatt - ok
21:19:33.0320 9264 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:19:33.0330 9264 cmdide - ok
21:19:33.0370 9264 [ 784CE219B4A02C20BCBC7A9A16F3E141 ] cmntnet C:\Windows\system32\DRIVERS\cmntnet.sys
21:19:33.0430 9264 cmntnet - ok
21:19:33.0460 9264 [ C0B41B0A669F1E06E85050A86320E0AF ] cmnuusbser C:\Windows\system32\DRIVERS\cmnuusbser.sys
21:19:33.0510 9264 cmnuusbser - ok
21:19:33.0560 9264 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
21:19:33.0600 9264 CNG - ok
21:19:33.0650 9264 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:19:33.0660 9264 Compbatt - ok
21:19:33.0690 9264 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:19:33.0730 9264 CompositeBus - ok
21:19:33.0750 9264 COMSysApp - ok
21:19:33.0840 9264 [ 815F3180B5117E42E422188E9CCC89C6 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:19:33.0850 9264 cphs - ok
21:19:33.0870 9264 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:19:33.0880 9264 crcdisk - ok
21:19:33.0940 9264 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:19:33.0990 9264 CryptSvc - ok
21:19:34.0030 9264 CtClsFlt - ok
21:19:34.0070 9264 [ 0FEF994D890C92D8F23442BC52D4FEA9 ] d554gps C:\Windows\system32\DRIVERS\d554gps64.sys
21:19:34.0080 9264 d554gps - ok
21:19:34.0100 9264 [ 95DA07E4859396912D8E5630DA5A9324 ] d554scard C:\Windows\system32\DRIVERS\d554scard.sys
21:19:34.0110 9264 d554scard - ok
21:19:34.0140 9264 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:19:34.0190 9264 DcomLaunch - ok
21:19:34.0220 9264 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:19:34.0270 9264 defragsvc - ok
21:19:34.0290 9264 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:19:34.0340 9264 DfsC - ok
21:19:34.0380 9264 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:19:34.0430 9264 Dhcp - ok
21:19:34.0450 9264 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:19:34.0480 9264 discache - ok
21:19:34.0510 9264 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:19:34.0520 9264 Disk - ok
21:19:34.0600 9264 [ FD6780D8E79A4A0037DBCB339582F091 ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
21:19:34.0630 9264 DMAgent ( UnsignedFile.Multi.Generic ) - warning
21:19:34.0630 9264 DMAgent - detected UnsignedFile.Multi.Generic (1)
21:19:34.0670 9264 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:19:34.0720 9264 Dnscache - ok
21:19:34.0750 9264 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:19:34.0800 9264 dot3svc - ok
21:19:34.0830 9264 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:19:34.0890 9264 DPS - ok
21:19:34.0930 9264 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:19:34.0960 9264 drmkaud - ok
21:19:35.0000 9264 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:19:35.0040 9264 DXGKrnl - ok
21:19:35.0070 9264 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:19:35.0120 9264 EapHost - ok
21:19:35.0200 9264 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:19:35.0290 9264 ebdrv - ok
21:19:35.0330 9264 [ F88F2E5806FC405B0FA94B7947A5875E ] ecnssndis C:\Windows\system32\Drivers\wwuss64.sys
21:19:35.0340 9264 ecnssndis - ok
21:19:35.0350 9264 [ C8CD88218EFC28F7E44A9892B3E97F4D ] ecnssndisfltr C:\Windows\system32\Drivers\wwussf64.sys
21:19:35.0360 9264 ecnssndisfltr - ok
21:19:35.0380 9264 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:19:35.0430 9264 EFS - ok
21:19:35.0480 9264 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:19:35.0520 9264 ehRecvr - ok
21:19:35.0550 9264 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:19:35.0590 9264 ehSched - ok
21:19:35.0640 9264 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:19:35.0660 9264 elxstor - ok
21:19:35.0690 9264 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:19:35.0720 9264 ErrDev - ok
21:19:35.0780 9264 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:19:35.0830 9264 EventSystem - ok
21:19:36.0060 9264 [ 6EB16C7286FBCD3AB206743BA813EC48 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:19:36.0080 9264 EvtEng - ok
21:19:36.0100 9264 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:19:36.0130 9264 exfat - ok
21:19:36.0220 9264 Fabs - ok
21:19:36.0240 9264 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:19:36.0290 9264 fastfat - ok
21:19:36.0340 9264 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:19:36.0410 9264 Fax - ok
21:19:36.0430 9264 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:19:36.0450 9264 fdc - ok
21:19:36.0480 9264 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:19:36.0540 9264 fdPHost - ok
21:19:36.0540 9264 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:19:36.0580 9264 FDResPub - ok
21:19:36.0610 9264 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:19:36.0620 9264 FileInfo - ok
21:19:36.0630 9264 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:19:36.0660 9264 Filetrace - ok
21:19:36.0750 9264 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
21:19:36.0820 9264 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
21:19:36.0820 9264 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
21:19:36.0840 9264 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:19:36.0860 9264 flpydisk - ok
21:19:36.0880 9264 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:19:36.0900 9264 FltMgr - ok
21:19:36.0950 9264 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
21:19:37.0010 9264 FontCache - ok
21:19:37.0090 9264 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:19:37.0100 9264 FontCache3.0.0.0 - ok
21:19:37.0120 9264 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:19:37.0140 9264 FsDepends - ok
21:19:37.0160 9264 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:19:37.0170 9264 Fs_Rec - ok
21:19:37.0220 9264 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:19:37.0230 9264 fvevol - ok
21:19:37.0270 9264 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:19:37.0280 9264 gagp30kx - ok
21:19:37.0300 9264 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:19:37.0310 9264 GEARAspiWDM - ok
21:19:37.0370 9264 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:19:37.0440 9264 gpsvc - ok
21:19:37.0520 9264 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:19:37.0530 9264 gupdate - ok
21:19:37.0560 9264 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:19:37.0570 9264 gupdatem - ok
21:19:37.0580 9264 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:19:37.0630 9264 hcw85cir - ok
21:19:37.0680 9264 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:19:37.0691 9264 HdAudAddService - ok
21:19:37.0741 9264 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:19:37.0781 9264 HDAudBus - ok
21:19:37.0811 9264 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:19:37.0831 9264 HidBatt - ok
21:19:37.0861 9264 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:19:37.0891 9264 HidBth - ok
21:19:37.0931 9264 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:19:37.0961 9264 HidIr - ok
21:19:37.0991 9264 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:19:38.0051 9264 hidserv - ok
21:19:38.0081 9264 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:19:38.0091 9264 HidUsb - ok
21:19:38.0111 9264 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:19:38.0161 9264 hkmsvc - ok
21:19:38.0201 9264 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:19:38.0241 9264 HomeGroupListener - ok
21:19:38.0271 9264 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:19:38.0281 9264 HomeGroupProvider - ok
21:19:38.0301 9264 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:19:38.0311 9264 HpSAMD - ok
21:19:38.0361 9264 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:19:38.0461 9264 HTTP - ok
21:19:38.0511 9264 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:19:38.0541 9264 hwpolicy - ok
21:19:38.0551 9264 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:19:38.0561 9264 i8042prt - ok
21:19:38.0611 9264 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:19:38.0641 9264 iaStor - ok
21:19:38.0771 9264 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:19:38.0781 9264 IAStorDataMgrSvc - ok
21:19:38.0821 9264 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:19:38.0841 9264 iaStorV - ok
21:19:38.0901 9264 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:19:38.0921 9264 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:19:38.0921 9264 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:19:38.0961 9264 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:19:38.0991 9264 idsvc - ok
21:19:39.0151 9264 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:19:39.0311 9264 igfx - ok
21:19:39.0341 9264 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:19:39.0351 9264 iirsp - ok
21:19:39.0391 9264 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:19:39.0461 9264 IKEEXT - ok
21:19:39.0511 9264 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
21:19:39.0551 9264 Impcd - ok
21:19:39.0611 9264 [ 8FED6428FDE53D7F4C105095F22524BE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:19:39.0681 9264 IntcAzAudAddService - ok
21:19:39.0711 9264 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:19:39.0771 9264 IntcDAud - ok
21:19:39.0791 9264 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:19:39.0801 9264 intelide - ok
21:19:39.0831 9264 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:19:39.0861 9264 intelppm - ok
21:19:39.0891 9264 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:19:39.0941 9264 IPBusEnum - ok
21:19:39.0971 9264 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:19:40.0001 9264 IpFilterDriver - ok
21:19:40.0061 9264 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:19:40.0101 9264 iphlpsvc - ok
21:19:40.0111 9264 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:19:40.0141 9264 IPMIDRV - ok
21:19:40.0161 9264 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:19:40.0211 9264 IPNAT - ok
21:19:40.0301 9264 [ 2872B90D57C8310194A78A9787406467 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:19:40.0321 9264 iPod Service - ok
21:19:40.0341 9264 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:19:40.0371 9264 IRENUM - ok
21:19:40.0401 9264 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:19:40.0411 9264 isapnp - ok
21:19:40.0431 9264 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:19:40.0441 9264 iScsiPrt - ok
21:19:40.0481 9264 [ E56417C56B6A7316B6F527C890A1860D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
21:19:40.0491 9264 JMCR - ok
21:19:40.0521 9264 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:19:40.0531 9264 kbdclass - ok
21:19:40.0541 9264 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:19:40.0571 9264 kbdhid - ok
21:19:40.0591 9264 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:19:40.0611 9264 KeyIso - ok
21:19:40.0631 9264 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:19:40.0651 9264 KSecDD - ok
21:19:40.0681 9264 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:19:40.0701 9264 KSecPkg - ok
21:19:40.0702 9264 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:19:40.0762 9264 ksthunk - ok
21:19:40.0792 9264 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:19:40.0842 9264 KtmRm - ok
21:19:40.0872 9264 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:19:40.0932 9264 LanmanServer - ok
21:19:40.0962 9264 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:19:41.0012 9264 LanmanWorkstation - ok
21:19:41.0042 9264 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:19:41.0092 9264 lltdio - ok
21:19:41.0142 9264 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:19:41.0192 9264 lltdsvc - ok
21:19:41.0222 9264 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:19:41.0252 9264 lmhosts - ok
21:19:41.0282 9264 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:19:41.0292 9264 LMS - ok
21:19:41.0322 9264 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:19:41.0342 9264 LSI_FC - ok
21:19:41.0352 9264 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:19:41.0362 9264 LSI_SAS - ok
21:19:41.0372 9264 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:19:41.0382 9264 LSI_SAS2 - ok
21:19:41.0392 9264 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:19:41.0402 9264 LSI_SCSI - ok
21:19:41.0422 9264 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:19:41.0472 9264 luafv - ok
21:19:41.0512 9264 [ 62732AF9512B911C330ACBBDBCC2F284 ] Mbm3CBus C:\Windows\system32\DRIVERS\Mbm3CBus.sys
21:19:41.0532 9264 Mbm3CBus - ok
21:19:41.0562 9264 [ BDC2D259CA9CFCED092B3B0B8557322D ] Mbm3DevMt C:\Windows\system32\DRIVERS\Mbm3DevMt.sys
21:19:41.0592 9264 Mbm3DevMt - ok
21:19:41.0622 9264 [ E55689A5E9349182C24312EFC9DF09FB ] Mbm3mdfl C:\Windows\system32\DRIVERS\Mbm3mdfl.sys
21:19:41.0632 9264 Mbm3mdfl - ok
21:19:41.0662 9264 [ FC1059C857D7B1083086BE04DB5EE09C ] Mbm3Mdm C:\Windows\system32\DRIVERS\Mbm3Mdm.sys
21:19:41.0682 9264 Mbm3Mdm - ok
21:19:41.0762 9264 [ 461EABB62F1827B965F508092160EDDC ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
21:19:41.0782 9264 McShield - ok
21:19:41.0812 9264 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:19:41.0842 9264 Mcx2Svc - ok
21:19:41.0872 9264 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:19:41.0882 9264 megasas - ok
21:19:41.0892 9264 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:19:41.0912 9264 MegaSR - ok
21:19:41.0942 9264 [ D71FD7A4FDB01C554AE144037B688DF1 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:19:41.0952 9264 MEIx64 - ok
21:19:41.0982 9264 [ C1556CA9695FCD6BBD23D75D402FD43D ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
21:19:41.0992 9264 mfeapfk - ok
21:19:42.0012 9264 [ 8857EE8B49F3338FC1FAD476BFCCA146 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
21:19:42.0022 9264 mfeavfk - ok
21:19:42.0042 9264 [ DD92E94E265864306377F091B100D0D0 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
21:19:42.0052 9264 mfefire - ok
21:19:42.0082 9264 [ 19C44295F6BF085C83352D48397F7870 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
21:19:42.0102 9264 mfefirek - ok
21:19:42.0122 9264 [ 5F915E20AB56121C41C6BF9A91A83BDA ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
21:19:42.0142 9264 mfehidk - ok
21:19:42.0152 9264 [ 23AE332E32FF615CA5E5224C8D91AF11 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
21:19:42.0172 9264 mfenlfk - ok
21:19:42.0192 9264 [ 9C7A9273E345F8D653394B5C542BF86A ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
21:19:42.0202 9264 mferkdet - ok
21:19:42.0232 9264 [ AECD0C9ABDFDC61BE31163B624C4170F ] mfevtp C:\Windows\system32\mfevtps.exe
21:19:42.0252 9264 mfevtp - ok
21:19:42.0262 9264 [ 3140B2C56D7119BA314F68FC785683F0 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
21:19:42.0272 9264 mfewfpk - ok
21:19:42.0342 9264 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:19:42.0352 9264 Microsoft Office Groove Audit Service - ok
21:19:42.0372 9264 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:19:42.0412 9264 MMCSS - ok
21:19:42.0442 9264 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:19:42.0492 9264 Modem - ok
21:19:42.0522 9264 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:19:42.0552 9264 monitor - ok
21:19:42.0582 9264 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:19:42.0592 9264 mouclass - ok
21:19:42.0612 9264 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:19:42.0622 9264 mouhid - ok
21:19:42.0652 9264 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:19:42.0662 9264 mountmgr - ok
21:19:42.0692 9264 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:19:42.0702 9264 mpio - ok
21:19:42.0722 9264 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:19:42.0762 9264 mpsdrv - ok
21:19:42.0792 9264 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:19:42.0842 9264 MpsSvc - ok
21:19:42.0872 9264 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:19:42.0892 9264 MRxDAV - ok
21:19:42.0912 9264 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:19:42.0962 9264 mrxsmb - ok
21:19:42.0992 9264 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:19:43.0022 9264 mrxsmb10 - ok
21:19:43.0042 9264 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:19:43.0052 9264 mrxsmb20 - ok
21:19:43.0062 9264 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
21:19:43.0082 9264 msahci - ok
21:19:43.0102 9264 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:19:43.0112 9264 msdsm - ok
21:19:43.0122 9264 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:19:43.0162 9264 MSDTC - ok
21:19:43.0192 9264 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:19:43.0222 9264 Msfs - ok
21:19:43.0252 9264 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:19:43.0302 9264 mshidkmdf - ok
21:19:43.0322 9264 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:19:43.0332 9264 msisadrv - ok
21:19:43.0362 9264 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:19:43.0412 9264 MSiSCSI - ok
21:19:43.0422 9264 msiserver - ok
21:19:43.0452 9264 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:19:43.0502 9264 MSKSSRV - ok
21:19:43.0512 9264 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:19:43.0562 9264 MSPCLOCK - ok
21:19:43.0582 9264 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:19:43.0632 9264 MSPQM - ok
21:19:43.0662 9264 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:19:43.0682 9264 MsRPC - ok
21:19:43.0692 9264 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:19:43.0712 9264 mssmbios - ok
21:19:43.0732 9264 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:19:43.0762 9264 MSTEE - ok
21:19:43.0772 9264 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:19:43.0782 9264 MTConfig - ok
21:19:43.0802 9264 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:19:43.0822 9264 Mup - ok
21:19:43.0862 9264 [ 7E11D1788F5B531D49EF0AF97202437B ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:19:43.0872 9264 MyWiFiDHCPDNS - ok
21:19:43.0902 9264 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:19:43.0962 9264 napagent - ok
21:19:43.0992 9264 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:19:44.0032 9264 NativeWifiP - ok
21:19:44.0092 9264 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:19:44.0142 9264 NDIS - ok
21:19:44.0152 9264 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:19:44.0202 9264 NdisCap - ok
21:19:44.0232 9264 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:19:44.0282 9264 NdisTapi - ok
21:19:44.0302 9264 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:19:44.0352 9264 Ndisuio - ok
21:19:44.0382 9264 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:19:44.0432 9264 NdisWan - ok
21:19:44.0462 9264 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:19:44.0502 9264 NDProxy - ok
21:19:44.0522 9264 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:19:44.0552 9264 NetBIOS - ok
21:19:44.0582 9264 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:19:44.0632 9264 NetBT - ok
21:19:44.0652 9264 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:19:44.0662 9264 Netlogon - ok
21:19:44.0692 9264 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:19:44.0742 9264 Netman - ok
21:19:44.0802 9264 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:19:44.0812 9264 NetMsmqActivator - ok
21:19:44.0832 9264 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:19:44.0842 9264 NetPipeActivator - ok
21:19:44.0862 9264 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:19:44.0912 9264 netprofm - ok
21:19:44.0942 9264 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:19:44.0952 9264 NetTcpActivator - ok
21:19:44.0962 9264 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:19:44.0972 9264 NetTcpPortSharing - ok
21:19:45.0152 9264 [ 219A40EEEA50D638BA9D08680C354A0C ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys
21:19:45.0402 9264 NETwNs64 - ok
21:19:45.0442 9264 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:19:45.0452 9264 nfrd960 - ok
21:19:45.0482 9264 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:19:45.0522 9264 NlaSvc - ok
21:19:45.0552 9264 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
21:19:45.0612 9264 nmwcd - ok
21:19:45.0632 9264 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
21:19:45.0652 9264 nmwcdc - ok
21:19:45.0682 9264 [ 697CA586209E022D15DD0C838B235D6A ] nmwcdnsucx64 C:\Windows\system32\drivers\nmwcdnsucx64.sys
21:19:45.0712 9264 nmwcdnsucx64 - ok
21:19:45.0762 9264 [ 292DDF13F91F2CB2482B57AACD6AEB9B ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
21:19:45.0792 9264 nmwcdnsux64 - ok
21:19:45.0902 9264 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
21:19:45.0982 9264 NOBU - ok
21:19:45.0992 9264 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:19:46.0022 9264 Npfs - ok
21:19:46.0052 9264 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:19:46.0112 9264 nsi - ok
21:19:46.0212 9264 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:19:46.0282 9264 nsiproxy - ok
21:19:46.0342 9264 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:19:46.0392 9264 Ntfs - ok
21:19:46.0402 9264 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:19:46.0432 9264 Null - ok
21:19:46.0452 9264 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
21:19:46.0472 9264 nusb3hub - ok
21:19:46.0512 9264 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:19:46.0532 9264 nusb3xhc - ok
21:19:46.0562 9264 [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
21:19:46.0582 9264 NVHDA - ok
21:19:46.0622 9264 [ 9C13BE8806D430B72CC2E80BA72990FB ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
21:19:46.0642 9264 nvkflt - ok
21:19:46.0832 9264 [ 7A711D08F1FD1AB8149B6199F84A0EB7 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:19:47.0112 9264 nvlddmkm - ok
21:19:47.0132 9264 [ 1B43B01078D3CC3F0322A49E7CEDC99B ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
21:19:47.0142 9264 nvpciflt - ok
21:19:47.0182 9264 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:19:47.0192 9264 nvraid - ok
21:19:47.0212 9264 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:19:47.0222 9264 nvstor - ok
21:19:47.0262 9264 [ 9E01B716C8085F7ADB1CDC10103CEEF8 ] NvStUSB C:\Windows\system32\DRIVERS\nvstusb.sys
21:19:47.0272 9264 NvStUSB - ok
21:19:47.0342 9264 [ B9F3591981D761A5CA1D24C369764D96 ] NVSvc C:\Windows\system32\nvvsvc.exe
21:19:47.0372 9264 NVSvc - ok
21:19:47.0452 9264 [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:19:47.0522 9264 nvUpdatusService - ok
21:19:47.0552 9264 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:19:47.0562 9264 nv_agp - ok
21:19:47.0622 9264 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:19:47.0652 9264 odserv - ok
21:19:47.0662 9264 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:19:47.0682 9264 ohci1394 - ok
21:19:47.0713 9264 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:19:47.0723 9264 ose - ok
21:19:47.0753 9264 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:19:47.0803 9264 p2pimsvc - ok
21:19:47.0813 9264 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:19:47.0833 9264 p2psvc - ok
21:19:47.0853 9264 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:19:47.0893 9264 Parport - ok
21:19:47.0933 9264 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:19:47.0963 9264 partmgr - ok
21:19:47.0973 9264 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:19:47.0993 9264 PcaSvc - ok
21:19:48.0013 9264 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
21:19:48.0063 9264 pccsmcfd - ok
21:19:48.0093 9264 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:19:48.0103 9264 pci - ok
21:19:48.0143 9264 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:19:48.0173 9264 pciide - ok
21:19:48.0183 9264 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:19:48.0203 9264 pcmcia - ok
21:19:48.0213 9264 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:19:48.0223 9264 pcw - ok
21:19:48.0243 9264 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:19:48.0333 9264 PEAUTH - ok
21:19:48.0413 9264 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:19:48.0433 9264 PerfHost - ok
21:19:48.0493 9264 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:19:48.0573 9264 pla - ok
21:19:48.0613 9264 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:19:48.0663 9264 PlugPlay - ok
21:19:48.0683 9264 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:19:48.0713 9264 PNRPAutoReg - ok
21:19:48.0733 9264 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:19:48.0743 9264 PNRPsvc - ok
21:19:48.0763 9264 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:19:48.0823 9264 PolicyAgent - ok
21:19:48.0863 9264 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:19:48.0913 9264 Power - ok
21:19:48.0933 9264 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:19:48.0983 9264 PptpMiniport - ok
21:19:49.0013 9264 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:19:49.0043 9264 Processor - ok
21:19:49.0083 9264 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:19:49.0113 9264 ProfSvc - ok
21:19:49.0123 9264 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:19:49.0143 9264 ProtectedStorage - ok
21:19:49.0173 9264 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:19:49.0223 9264 Psched - ok
21:19:49.0253 9264 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:19:49.0263 9264 PxHlpa64 - ok
21:19:49.0293 9264 [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt C:\Windows\system32\DRIVERS\qicflt.sys
21:19:49.0303 9264 qicflt - ok
21:19:49.0333 9264 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:19:49.0383 9264 ql2300 - ok
21:19:49.0413 9264 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:19:49.0423 9264 ql40xx - ok
21:19:49.0443 9264 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:19:49.0473 9264 QWAVE - ok
21:19:49.0503 9264 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:19:49.0513 9264 QWAVEdrv - ok
21:19:49.0583 9264 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
21:19:49.0593 9264 RapiMgr - ok
21:19:49.0593 9264 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:19:49.0643 9264 RasAcd - ok
21:19:49.0673 9264 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:19:49.0703 9264 RasAgileVpn - ok
21:19:49.0733 9264 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:19:49.0763 9264 RasAuto - ok
21:19:49.0783 9264 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:19:49.0833 9264 Rasl2tp - ok
21:19:49.0873 9264 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:19:49.0943 9264 RasMan - ok
21:19:49.0983 9264 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:19:50.0033 9264 RasPppoe - ok
21:19:50.0063 9264 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:19:50.0113 9264 RasSstp - ok
21:19:50.0143 9264 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:19:50.0193 9264 rdbss - ok
21:19:50.0213 9264 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:19:50.0233 9264 rdpbus - ok
21:19:50.0253 9264 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:19:50.0293 9264 RDPCDD - ok
21:19:50.0313 9264 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:19:50.0373 9264 RDPENCDD - ok
21:19:50.0403 9264 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:19:50.0433 9264 RDPREFMP - ok
21:19:50.0493 9264 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:19:50.0543 9264 RdpVideoMiniport - ok
21:19:50.0573 9264 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:19:50.0593 9264 RDPWD - ok
21:19:50.0623 9264 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:19:50.0633 9264 rdyboost - ok
21:19:50.0703 9264 [ F09087C51C6AE42AE7DABE1EB3E44C17 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:19:50.0713 9264 RegSrvc - ok
21:19:50.0734 9264 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:19:50.0784 9264 RemoteAccess - ok
21:19:50.0814 9264 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:19:50.0864 9264 RemoteRegistry - ok
21:19:50.0994 9264 [ BDDC447AB46625A54619808575D5CB46 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
21:19:51.0034 9264 RoxMediaDB12OEM - ok
21:19:51.0064 9264 [ CE203243ADF512540249DF9C264F12DD ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
21:19:51.0074 9264 RoxWatch12 - ok
21:19:51.0104 9264 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:19:51.0154 9264 RpcEptMapper - ok
21:19:51.0194 9264 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:19:51.0234 9264 RpcLocator - ok
21:19:51.0284 9264 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:19:51.0324 9264 RpcSs - ok
21:19:51.0344 9264 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:19:51.0394 9264 rspndr - ok
21:19:51.0544 9264 [ 81FE3CDBA210F2DCFB451F2C24258780 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:19:51.0584 9264 RTL8167 - ok
21:19:51.0604 9264 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:19:51.0624 9264 SamSs - ok
21:19:51.0684 9264 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:19:51.0704 9264 sbp2port - ok
21:19:51.0724 9264 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:19:51.0764 9264 SCardSvr - ok
21:19:51.0784 9264 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:19:51.0834 9264 scfilter - ok
21:19:51.0874 9264 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:19:51.0954 9264 Schedule - ok
21:19:51.0984 9264 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:19:52.0014 9264 SCPolicySvc - ok
21:19:52.0044 9264 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:19:52.0074 9264 sdbus - ok
21:19:52.0104 9264 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:19:52.0154 9264 SDRSVC - ok
21:19:52.0174 9264 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:19:52.0224 9264 secdrv - ok
21:19:52.0254 9264 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:19:52.0304 9264 seclogon - ok
21:19:52.0344 9264 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:19:52.0374 9264 SENS - ok
21:19:52.0404 9264 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:19:52.0424 9264 SensrSvc - ok
21:19:52.0434 9264 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:19:52.0444 9264 Serenum - ok
21:19:52.0474 9264 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:19:52.0504 9264 Serial - ok
21:19:52.0524 9264 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:19:52.0544 9264 sermouse - ok
21:19:52.0614 9264 [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
21:19:52.0644 9264 ServiceLayer - ok
21:19:52.0674 9264 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:19:52.0724 9264 SessionEnv - ok
21:19:52.0744 9264 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
21:19:52.0774 9264 sffdisk - ok
21:19:52.0794 9264 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:19:52.0814 9264 sffp_mmc - ok
21:19:52.0824 9264 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
21:19:52.0864 9264 sffp_sd - ok
21:19:52.0894 9264 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:19:52.0914 9264 sfloppy - ok
21:19:52.0984 9264 [ E1974A92AC0914A3859359A0A8C82C68 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
21:19:53.0004 9264 SftService - ok
21:19:53.0024 9264 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:19:53.0084 9264 SharedAccess - ok
21:19:53.0114 9264 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:19:53.0164 9264 ShellHWDetection - ok
21:19:53.0194 9264 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:19:53.0204 9264 SiSRaid2 - ok
21:19:53.0214 9264 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:19:53.0234 9264 SiSRaid4 - ok
21:19:53.0254 9264 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:19:53.0304 9264 Smb - ok
21:19:53.0354 9264 [ E11C9E13E92DA6747363924CFFCBD7EF ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
21:19:53.0364 9264 SmbDrvI - ok
21:19:53.0414 9264 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:19:53.0454 9264 SNMPTRAP - ok
21:19:53.0474 9264 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:19:53.0484 9264 spldr - ok
21:19:53.0524 9264 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:19:53.0554 9264 Spooler - ok
21:19:53.0614 9264 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:19:53.0734 9264 sppsvc - ok
21:19:53.0764 9264 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:19:53.0814 9264 sppuinotify - ok
21:19:53.0864 9264 [ B9657A0AFF28C1CB114ACC0CB93EE4BB ] sp_rsdrv2 C:\Windows\system32\DRIVERS\stflt.sys
21:19:53.0874 9264 sp_rsdrv2 - ok
21:19:53.0904 9264 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:19:53.0964 9264 srv - ok
21:19:53.0974 9264 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:19:54.0014 9264 srv2 - ok
21:19:54.0034 9264 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:19:54.0064 9264 srvnet - ok
21:19:54.0094 9264 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:19:54.0144 9264 SSDPSRV - ok
21:19:54.0164 9264 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:19:54.0204 9264 SstpSvc - ok
21:19:54.0274 9264 [ 24543AAF056D3AFCED3F4FF487F53C90 ] ST2012_Svc C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
21:19:54.0324 9264 ST2012_Svc - ok
21:19:54.0384 9264 Steam Client Service - ok
21:19:54.0424 9264 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:19:54.0434 9264 stexstor - ok
21:19:54.0464 9264 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:19:54.0504 9264 stisvc - ok
21:19:54.0544 9264 [ 9E182DD94496550A22A392CC1A8E0F52 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
21:19:54.0554 9264 stllssvr - ok
21:19:54.0574 9264 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:19:54.0584 9264 swenum - ok
21:19:54.0604 9264 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:19:54.0664 9264 swprv - ok
21:19:54.0714 9264 [ B0C7D4DCF4800DF2F2145B500D0161E8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:19:54.0764 9264 SynTP - ok
21:19:54.0804 9264 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:19:54.0884 9264 SysMain - ok
21:19:54.0914 9264 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:19:54.0934 9264 TabletInputService - ok
21:19:54.0964 9264 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:19:55.0014 9264 TapiSrv - ok
21:19:55.0054 9264 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:19:55.0104 9264 TBS - ok
21:19:55.0174 9264 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:19:55.0234 9264 Tcpip - ok
21:19:55.0314 9264 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:19:55.0354 9264 TCPIP6 - ok
21:19:55.0394 9264 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:19:55.0404 9264 tcpipreg - ok
21:19:55.0424 9264 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:19:55.0454 9264 TDPIPE - ok
21:19:55.0484 9264 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:19:55.0494 9264 TDTCP - ok
21:19:55.0524 9264 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:19:55.0554 9264 tdx - ok
21:19:55.0584 9264 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:19:55.0594 9264 TermDD - ok
21:19:55.0614 9264 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:19:55.0664 9264 TermService - ok
21:19:55.0694 9264 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
21:19:55.0704 9264 TFsExDisk - ok
21:19:55.0735 9264 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:19:55.0765 9264 Themes - ok
21:19:55.0795 9264 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:19:55.0825 9264 THREADORDER - ok
21:19:55.0835 9264 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:19:55.0885 9264 TrkWks - ok
21:19:55.0925 9264 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:19:55.0985 9264 TrustedInstaller - ok
21:19:56.0005 9264 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:19:56.0045 9264 tssecsrv - ok
21:19:56.0075 9264 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:19:56.0125 9264 TsUsbFlt - ok
21:19:56.0165 9264 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:19:56.0205 9264 tunnel - ok
21:19:56.0225 9264 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:19:56.0235 9264 uagp35 - ok
21:19:56.0255 9264 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:19:56.0325 9264 udfs - ok
21:19:56.0375 9264 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:19:56.0505 9264 UI0Detect - ok
21:19:56.0535 9264 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:19:56.0555 9264 uliagpkx - ok
21:19:56.0575 9264 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:19:56.0605 9264 umbus - ok
21:19:56.0635 9264 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:19:56.0645 9264 UmPass - ok
21:19:56.0725 9264 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:19:56.0795 9264 UNS - ok
21:19:56.0825 9264 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:19:56.0885 9264 upnphost - ok
21:19:56.0945 9264 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
21:19:57.0005 9264 upperdev - ok
21:19:57.0035 9264 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:19:57.0045 9264 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
21:19:57.0045 9264 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
21:19:57.0065 9264 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:19:57.0125 9264 usbccgp - ok
21:19:57.0155 9264 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:19:57.0175 9264 usbcir - ok
21:19:57.0185 9264 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:19:57.0215 9264 usbehci - ok
21:19:57.0255 9264 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:19:57.0285 9264 usbhub - ok
21:19:57.0315 9264 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:19:57.0355 9264 usbohci - ok
21:19:57.0395 9264 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:19:57.0435 9264 usbprint - ok
21:19:57.0455 9264 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:19:57.0465 9264 usbscan - ok
21:19:57.0525 9264 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
21:19:57.0565 9264 UsbserFilt - ok
21:19:57.0615 9264 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:19:57.0665 9264 USBSTOR - ok
21:19:57.0675 9264 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:19:57.0705 9264 usbuhci - ok
21:19:57.0735 9264 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:19:57.0755 9264 usbvideo - ok
21:19:57.0785 9264 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
21:19:57.0805 9264 usb_rndisx - ok
21:19:57.0825 9264 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:19:57.0865 9264 UxSms - ok
21:19:57.0915 9264 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:19:57.0925 9264 VaultSvc - ok
21:19:57.0945 9264 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:19:57.0955 9264 vdrvroot - ok
21:19:57.0995 9264 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:19:58.0045 9264 vds - ok
21:19:58.0075 9264 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:19:58.0085 9264 vga - ok
21:19:58.0095 9264 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:19:58.0145 9264 VgaSave - ok
21:19:58.0165 9264 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:19:58.0185 9264 vhdmp - ok
21:19:58.0195 9264 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:19:58.0205 9264 viaide - ok
21:19:58.0235 9264 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:19:58.0245 9264 volmgr - ok
21:19:58.0275 9264 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:19:58.0285 9264 volmgrx - ok
21:19:58.0305 9264 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:19:58.0315 9264 volsnap - ok
21:19:58.0335 9264 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:19:58.0355 9264 vsmraid - ok
21:19:58.0465 9264 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:19:58.0585 9264 VSS - ok
21:19:58.0605 9264 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:19:58.0635 9264 vwifibus - ok
21:19:58.0655 9264 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:19:58.0685 9264 vwififlt - ok
21:19:58.0705 9264 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:19:58.0725 9264 vwifimp - ok
21:19:58.0785 9264 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:19:58.0865 9264 W32Time - ok
21:19:58.0895 9264 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:19:58.0935 9264 WacomPen - ok
21:19:58.0955 9264 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:19:59.0005 9264 WANARP - ok
21:19:59.0025 9264 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:19:59.0065 9264 Wanarpv6 - ok
21:19:59.0335 9264 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:19:59.0435 9264 wbengine - ok
21:19:59.0465 9264 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:19:59.0495 9264 WbioSrvc - ok
21:19:59.0545 9264 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
21:19:59.0565 9264 WcesComm - ok
21:19:59.0585 9264 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:19:59.0635 9264 wcncsvc - ok
21:19:59.0665 9264 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:19:59.0685 9264 WcsPlugInService - ok
21:19:59.0705 9264 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:19:59.0725 9264 Wd - ok
21:19:59.0765 9264 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:19:59.0805 9264 Wdf01000 - ok
21:19:59.0845 9264 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:19:59.0945 9264 WdiServiceHost - ok
21:19:59.0955 9264 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:19:59.0965 9264 WdiSystemHost - ok
21:20:00.0005 9264 [ 94DC2BF6CBAAA95E369C3756D3115A76 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
21:20:00.0015 9264 wdkmd - ok
21:20:00.0055 9264 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:20:00.0075 9264 WebClient - ok
21:20:00.0115 9264 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:20:00.0155 9264 Wecsvc - ok
21:20:00.0175 9264 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:20:00.0225 9264 wercplsupport - ok
21:20:00.0255 9264 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:20:00.0295 9264 WerSvc - ok
21:20:00.0315 9264 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:20:00.0355 9264 WfpLwf - ok
21:20:00.0465 9264 [ 49F06C7D5517DE53D848F38B9AE86A7C ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
21:20:00.0505 9264 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - warning
21:20:00.0505 9264 WiMAXAppSrv - detected UnsignedFile.Multi.Generic (1)
21:20:00.0555 9264 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:20:00.0565 9264 WimFltr - ok
21:20:00.0575 9264 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:20:00.0585 9264 WIMMount - ok
21:20:00.0595 9264 WinDefend - ok
21:20:00.0605 9264 WinHttpAutoProxySvc - ok
21:20:00.0895 9264 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:20:00.0935 9264 Winmgmt - ok
21:20:01.0015 9264 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM C:\Windows\system32\WsmSvc.dll
21:20:01.0105 9264 WinRM - ok
21:20:01.0145 9264 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:20:01.0185 9264 WinUsb - ok
21:20:01.0215 9264 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:20:01.0275 9264 Wlansvc - ok
21:20:01.0325 9264 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:20:01.0335 9264 wlcrasvc - ok
21:20:01.0455 9264 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:20:01.0525 9264 wlidsvc - ok
21:20:01.0825 9264 WMCoreService - ok
21:20:01.0885 9264 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:20:01.0895 9264 WmiAcpi - ok
21:20:02.0045 9264 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:20:02.0075 9264 wmiApSrv - ok
21:20:02.0115 9264 WMPNetworkSvc - ok
21:20:02.0165 9264 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:20:02.0185 9264 WPCSvc - ok
21:20:02.0205 9264 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:20:02.0225 9264 WPDBusEnum - ok
21:20:02.0235 9264 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:20:02.0285 9264 ws2ifsl - ok
21:20:02.0345 9264 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:20:02.0385 9264 wscsvc - ok
21:20:02.0385 9264 WSearch - ok
21:20:02.0505 9264 [ 7E1FE51770D0E2E02EBBC4D11113FC85 ] WTGService C:\Program Files (x86)\XSManager\WTGService.exe
21:20:02.0525 9264 WTGService - ok
21:20:02.0595 9264 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:20:02.0665 9264 wuauserv - ok
21:20:02.0705 9264 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:20:02.0755 9264 WudfPf - ok
21:20:02.0765 9264 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:20:02.0785 9264 WUDFRd - ok
21:20:02.0805 9264 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:20:02.0835 9264 wudfsvc - ok
21:20:02.0865 9264 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
21:20:02.0915 9264 WwanSvc - ok
21:20:02.0945 9264 [ 498A41CE2B68D338C8D92F48B664DBBB ] WwanUsbServ C:\Windows\system32\DRIVERS\WwanUsbMp64.sys
21:20:02.0955 9264 WwanUsbServ - ok
21:20:03.0375 9264 [ 5BCB1F6CB749B6826BE1C0F16FF2F600 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
21:20:03.0475 9264 ZeroConfigService - ok
21:20:03.0505 9264 ================ Scan global ===============================
21:20:03.0515 9264 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:20:03.0555 9264 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:20:03.0565 9264 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:20:03.0595 9264 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:20:03.0645 9264 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:20:03.0655 9264 [Global] - ok
21:20:03.0655 9264 ================ Scan MBR ==================================
21:20:03.0675 9264 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:20:04.0545 9264 \Device\Harddisk0\DR0 - ok
21:20:04.0545 9264 ================ Scan VBR ==================================
21:20:04.0575 9264 [ F95D22E461B4B58C3145EE1A4A67027E ] \Device\Harddisk0\DR0\Partition1
21:20:04.0575 9264 \Device\Harddisk0\DR0\Partition1 - ok
21:20:04.0585 9264 [ C845D5C8BB657EE4EBCDF33A84300C9A ] \Device\Harddisk0\DR0\Partition2
21:20:04.0595 9264 \Device\Harddisk0\DR0\Partition2 - ok
21:20:04.0595 9264 ============================================================
21:20:04.0595 9264 Scan finished
21:20:04.0595 9264 ============================================================
21:20:04.0595 8748 Detected object count: 5
21:20:04.0595 8748 Actual detected object count: 5
21:20:41.0466 8748 DMAgent ( UnsignedFile.Multi.Generic ) - skipped by user
21:20:41.0466 8748 DMAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:20:41.0466 8748 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
21:20:41.0466 8748 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:20:41.0466 8748 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:20:41.0466 8748 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:20:41.0466 8748 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
21:20:41.0466 8748 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:20:41.0466 8748 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:20:41.0466 8748 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 15.06.2013, 13:50   #11
markusg
/// Malware-holic
 
GVU Trojaner (Rechner läuft aber noch) - Standard

GVU Trojaner (Rechner läuft aber noch)



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 15.06.2013, 20:24   #12
Bonner
 
GVU Trojaner (Rechner läuft aber noch) - Standard

GVU Trojaner (Rechner läuft aber noch)



Hallo Markus,
vielen Dank schon mal für die Zeit, die Du bisher geopfert hast. bin ja mal gespannt, wie das ausgeht.
Hier das Ergebnis von Combofix:

Combofix Logfile:
Code:
ATTFilter
ComboFix 13-06-15.01 - *** 15.06.2013  21:08:48.1.8 - x64
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dll
c:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6261\AddOnDownloaded\31274d4c-b2a5-4954-874c-18abd8e795fc.dll
c:\programdata\PCDr\6261\AddOnDownloaded\5e1499b7-780b-4b0e-8240-0221e699a647.dll
c:\programdata\PCDr\6261\AddOnDownloaded\7a273375-a427-45b1-8925-a4fd3312f55b.dll
c:\programdata\Roaming
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-15 bis 2013-06-15  ))))))))))))))))))))))))))))))
.
.
2013-06-14 11:56 . 2013-06-14 11:56	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{84A231FA-2360-48EC-8B61-5DC1B9A36E8B}\offreg.dll
2013-06-14 11:55 . 2013-06-14 11:55	51496	----a-w-	c:\windows\system32\drivers\stflt.sys
2013-06-14 11:55 . 2013-06-14 15:42	--------	d-----w-	c:\programdata\Spyware Terminator
2013-06-14 11:55 . 2013-06-14 11:55	--------	d-----w-	c:\users\***\AppData\Roaming\Spyware Terminator
2013-06-14 11:55 . 2013-06-14 11:55	--------	d-----w-	c:\program files (x86)\Spyware Terminator
2013-06-14 09:23 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{84A231FA-2360-48EC-8B61-5DC1B9A36E8B}\mpengine.dll
2013-06-11 22:02 . 2013-06-11 22:09	--------	d-----w-	c:\programdata\HitmanPro
2013-06-11 21:09 . 2013-06-11 21:09	--------	d-----w-	c:\programdata\imkn
2013-06-11 19:08 . 2013-06-08 14:08	279040	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-06-11 19:04 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-01 20:03 . 2013-06-01 20:03	--------	d-----w-	c:\users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2013-06-01 19:54 . 2013-06-01 20:00	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2013-05-25 17:27 . 2013-05-25 17:27	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-25 17:27 . 2013-05-25 17:27	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-25 17:27 . 2013-05-25 17:27	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-25 17:27 . 2013-05-25 17:27	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-25 17:27 . 2013-05-25 17:27	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-25 17:27 . 2013-05-25 17:27	--------	d-----w-	c:\program files (x86)\QuickTime
2013-05-24 21:28 . 2013-06-01 13:33	--------	d-----w-	c:\program files\My Dell
2013-05-23 19:55 . 2013-05-23 19:55	--------	d-----w-	c:\windows\SysWow64\NV
2013-05-23 19:55 . 2013-05-23 19:55	--------	d-----w-	c:\windows\system32\NV
2013-05-23 19:53 . 2013-02-25 05:27	31520	----a-w-	c:\windows\system32\nvhdap64.dll
2013-05-23 19:53 . 2013-02-25 05:27	194848	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2013-05-23 19:53 . 2013-01-29 08:35	1510176	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2013-05-21 19:15 . 2013-05-21 19:15	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-21 19:15 . 2013-05-21 19:15	--------	d-----w-	c:\program files\iTunes
2013-05-21 19:15 . 2013-05-21 19:15	--------	d-----w-	c:\program files (x86)\iTunes
2013-05-21 19:15 . 2013-05-21 19:15	--------	d-----w-	c:\program files\iPod
2013-05-20 12:10 . 2013-05-20 12:10	--------	d-----w-	c:\program files (x86)\SilverFast Application
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-11 19:58 . 2012-06-10 15:53	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 19:58 . 2011-06-15 18:48	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 19:58 . 2013-05-15 06:58	9089416	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-11 19:10 . 2011-03-19 19:02	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-05-15 17:15 . 2012-11-16 11:00	123904	----a-w-	c:\windows\system32\drivers\cmnuusbser.sys
2013-05-15 17:15 . 2012-11-16 11:00	117888	----a-w-	c:\windows\system32\drivers\cmnsusbser.sys
2013-05-15 17:15 . 2012-11-16 11:00	63648	----a-w-	c:\windows\system32\drivers\smsbda.sys
2013-05-15 17:15 . 2012-11-16 11:00	141824	----a-w-	c:\windows\system32\drivers\cmntnet.sys
2013-05-15 17:15 . 2012-11-16 11:00	133120	----a-w-	c:\windows\system32\drivers\cm_netamd.sys
2013-05-15 17:15 . 2012-11-16 11:00	118272	----a-w-	c:\windows\system32\drivers\cm_seramd.sys
2013-05-15 17:15 . 2012-11-16 11:00	112640	----a-w-	c:\windows\system32\drivers\cm_net32.sys
2013-05-15 17:15 . 2012-11-16 11:00	103680	----a-w-	c:\windows\system32\drivers\cm_ser32.sys
2013-05-12 21:42 . 2012-10-08 09:42	925648	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-05-12 21:42 . 2011-03-16 01:20	1059560	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-05-12 21:42 . 2011-03-16 01:20	266448	----a-w-	c:\windows\system32\nvinitx.dll
2013-05-12 21:42 . 2011-03-16 01:20	214448	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-05-12 21:42 . 2011-03-16 01:19	2935696	----a-w-	c:\windows\system32\nvapi64.dll
2013-05-12 20:34 . 2011-02-18 10:19	6491936	----a-w-	c:\windows\system32\nvcpl.dll
2013-05-12 20:34 . 2011-02-18 10:19	3514656	----a-w-	c:\windows\system32\nvsvc64.dll
2013-05-12 20:34 . 2011-02-18 10:19	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-05-12 20:34 . 2011-02-18 10:19	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-05-12 20:34 . 2010-11-29 04:35	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-05-12 20:34 . 2011-02-18 10:19	67072	----a-w-	c:\windows\system32\nv3dappshextr.dll
2013-05-12 20:34 . 2011-02-18 10:19	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-05-12 20:34 . 2011-02-18 10:19	1025312	----a-w-	c:\windows\system32\nv3dappshext.dll
2013-05-12 06:06 . 2010-06-24 16:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-08 14:13 . 2011-02-18 10:19	3165737	----a-w-	c:\windows\system32\nvcoproc.bin
2013-05-07 17:40 . 2013-05-07 17:41	83160	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-05 20:04 . 2013-05-05 20:04	73728	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut47_74B9CE5DF1F4447F982DCA29A461B529.exe
2013-05-05 20:04 . 2013-05-05 20:04	73728	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut46_74B9CE5DF1F4447F982DCA29A461B529.exe
2013-05-05 20:04 . 2013-05-05 20:04	53248	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\ARPPRODUCTICON.exe
2013-05-05 20:04 . 2013-05-05 20:04	49152	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
2013-05-05 20:04 . 2013-05-05 20:04	49152	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{7130468A-F53F-4698-8C09-A339EA3B05E6}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
2013-05-02 00:06 . 2011-03-18 23:21	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2013-04-23 12:32 . 2013-04-23 12:32	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-15 12:05	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 12:05	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 12:05	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 12:05	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 12:05	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 12:05	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 10:47	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-12 12:50 . 2013-04-12 12:50	5268480	----a-w-	c:\windows\system32\MF5000_x64.dll
2013-04-12 12:50 . 2013-04-12 12:50	5268480	------w-	c:\windows\SysWow64\MF5000_x64.dll
2013-04-12 12:50 . 2013-04-12 12:50	5165568	----a-w-	c:\windows\system32\PF7250PRO3_x64.dll
2013-04-12 12:50 . 2013-04-12 12:50	5165568	------w-	c:\windows\SysWow64\PF7250PRO3_x64.dll
2013-04-12 12:50 . 2013-04-12 12:50	5192192	----a-w-	c:\windows\system32\DD6000_x64.dll
2013-04-12 12:50 . 2013-04-12 12:50	5192192	------w-	c:\windows\SysWow64\DD6000_x64.dll
2013-04-12 12:48 . 2013-04-12 12:48	3712512	----a-w-	c:\windows\system32\PF7250PRO3.dll
2013-04-12 12:48 . 2013-04-12 12:48	3712512	------w-	c:\windows\SysWow64\PF7250PRO3.dll
2013-04-12 12:26 . 2013-04-12 12:26	3734528	----a-w-	c:\windows\system32\DD6000.dll
2013-04-12 12:26 . 2013-04-12 12:26	3734528	------w-	c:\windows\SysWow64\DD6000.dll
2013-04-12 12:24 . 2013-04-12 12:24	3817472	----a-w-	c:\windows\system32\MF5000.dll
2013-04-12 12:24 . 2013-04-12 12:24	3817472	------w-	c:\windows\SysWow64\MF5000.dll
2013-04-10 06:01 . 2013-05-15 12:05	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 12:05	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 12:04	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-04-08 19:47 . 2013-04-08 19:52	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-04-08 19:47 . 2013-04-08 19:52	130016	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-04-08 19:47 . 2013-04-08 19:52	100712	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-19 06:04 . 2013-04-11 19:24	5550424	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 05:53 . 2013-05-15 12:05	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-03-19 05:53 . 2013-05-15 12:05	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-03-19 05:46 . 2013-04-11 19:24	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-11 19:24	3968856	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-11 19:24	3913560	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-11 19:24	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-11 19:24	112640	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"NSU_agent"="c:\program files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys;c:\windows\SYSNATIVE\DRIVERS\nvstusb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe;c:\program files (x86)\XSManager\WTGService.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 cmntnet;Wireless Data Device USB Ethernet Driver;c:\windows\system32\DRIVERS\cmntnet.sys;c:\windows\SYSNATIVE\DRIVERS\cmntnet.sys [x]
S3 cmnuusbser;Mobile Connector USB Device for Serial Communication Device;c:\windows\system32\DRIVERS\cmnuusbser.sys;c:\windows\SYSNATIVE\DRIVERS\cmnuusbser.sys [x]
S3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\DRIVERS\d554gps64.sys;c:\windows\SYSNATIVE\DRIVERS\d554gps64.sys [x]
S3 d554scard;Dell Wireless  HSPA Mini-Card USIM Port;c:\windows\system32\DRIVERS\d554scard.sys;c:\windows\SYSNATIVE\DRIVERS\d554scard.sys [x]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 Mbm3CBus;Dell Wireless 5540 HSPA Mini-Card Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt;Dell Wireless  HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl;Dell Wireless  HSPA Mini-Card Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm;Dell Wireless  HSPA Mini-Card Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 14586479
*NewlyCreated* - SP_RSDRV2
*Deregistered* - 14586479
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 20:32]
.
2013-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 19:04]
.
2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 19:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2013-04-03 2777736]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Preispiratensuche nach markiertem Text - c:\\Program Files (x86)\\Preispiraten6\\preispiraten.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 193.189.244.206 193.189.244.225
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\aumr8uax.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Tomb Raider III - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-15  21:20:41
ComboFix-quarantined-files.txt  2013-06-15 19:20
.
Vor Suchlauf: 13 Verzeichnis(se), 276.011.048.960 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 275.673.542.656 Bytes frei
.
- - End Of File - - 43B929E616E1563B7F36ED99F01F6F33
         
--- --- ---
5C616939100B85E558DA92B899A0FC36

Alt 16.06.2013, 18:55   #13
markusg
/// Malware-holic
 
GVU Trojaner (Rechner läuft aber noch) - Standard

GVU Trojaner (Rechner läuft aber noch)



malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.06.2013, 06:08   #14
Bonner
 
GVU Trojaner (Rechner läuft aber noch) - Standard

GVU Trojaner (Rechner läuft aber noch)



Hi Markus,
der Suchlauf mit Malwarebytes brachte keinen Fund.
Mittlerweile erscheinen auf meinem Rechner ständig die Datei-Endungen, die ja standardmäßig unterdrückt sind. So heißen meine Fotos, die bisher nur nummeriert waren, jetzt z.B. 234.jpg
Auch werde ich jetzt vom IE dauernd darauf hingewiesen, dass ich im Begriff bin, mir Seiten über eine sichere Verbindung anzeigen zu lassen. Das sind alles so kleine Veränderungen, die ich nicht eingerichtet habe, jetzt aber plötzlich auftauchen. Hast Du ne Erklärung dafür???
Hier das Ergebnis von Malwarebyte:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.16.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
*** :: ***-PC [Administrator]

Schutz: Aktiviert

16.06.2013 23:05:08
mbam-log-2013-06-16 (23-05-08).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 496905
Laufzeit: 1 Stunde(n), 29 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Schöne Grüße
Ralf

Geändert von Bonner (17.06.2013 um 06:14 Uhr)

Alt 17.06.2013, 13:46   #15
markusg
/// Malware-holic
 
GVU Trojaner (Rechner läuft aber noch) - Standard

GVU Trojaner (Rechner läuft aber noch)



Hi

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu GVU Trojaner (Rechner läuft aber noch)
anderen, antivir, beendet, board, ergebnisse, folgende, funktioniert, geblockt, lösung, nicht mehr, probleme, quarantäne, rechner, registry, seite, spyware, taskmanager, tr/dldr.nymaim.b.69, tr/drop.xpaj.a, trojaner, windows



Ähnliche Themen: GVU Trojaner (Rechner läuft aber noch)


  1. nach Lüfterreperatur stürzt Rechner erst ab (0x490), läuft dann aber flüssig
    Netzwerk und Hardware - 28.02.2014 (6)
  2. Mein PC läuft nur noch sehr langsam, nicht mal AVIRA funktiomiert noch. Woran kann das liegen?
    Plagegeister aller Art und deren Bekämpfung - 29.10.2013 (5)
  3. Pc hängt kurz, Maus läuft aber noch
    Log-Analyse und Auswertung - 16.08.2013 (14)
  4. Trojaner blockiert Zugang zu Onlinebanking, Rechner läuft sehr langsam
    Log-Analyse und Auswertung - 21.05.2013 (31)
  5. GVU Trojaner. Windows läuft, aber alles sauber?
    Log-Analyse und Auswertung - 27.09.2012 (6)
  6. Win7 Verschlüsselungstrojaner, Rechner läuft wieder aber hab ich alles weg?
    Log-Analyse und Auswertung - 13.06.2012 (28)
  7. Pc läuft nur mit Oltimersoftware- Trojaner sperrt noch Windows
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (4)
  8. Meldung: rpcrtremote.dll / Rechner läuft aber schwarzer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 12.11.2011 (1)
  9. Schwarzer Bildschirm - Rechner läuft aber weiter
    Netzwerk und Hardware - 20.09.2011 (13)
  10. XP REchner: kann nicht erkennen, ob ich immer noch Trojaner auf meinem Rechner habe
    Plagegeister aller Art und deren Bekämpfung - 13.09.2011 (43)
  11. Trojaner? Eigentlich weg aber System läuft dennoch langsam...
    Log-Analyse und Auswertung - 05.02.2010 (7)
  12. zonealarm weg läuft aber noch im Hintergrund, Firefox keine Verbindung, IE schon
    Log-Analyse und Auswertung - 10.01.2010 (1)
  13. lsp.dll gelöscht, aber Trojaner noch da...
    Log-Analyse und Auswertung - 05.09.2009 (14)
  14. Trojaner: neutralisiert aber trotzdem noch da?
    Plagegeister aller Art und deren Bekämpfung - 09.06.2009 (1)
  15. Vundo anscheinend entfernt...aber Rechner ist trotzdem noch langsam?!?!
    Log-Analyse und Auswertung - 08.04.2009 (5)
  16. Hilfe, mein Rechner läuft kaum noch! Kann keine zwei programme nebeneinander laufen!
    Log-Analyse und Auswertung - 01.04.2006 (11)
  17. Rechner läuft kaum noch
    Log-Analyse und Auswertung - 07.02.2005 (4)

Zum Thema GVU Trojaner (Rechner läuft aber noch) - Hallo, ich habe mir den GVU-Trojaner eingefangen. Antivir hat gemeldet, dass irgendetwas auf meine registry zugreift und daher geblockt wird (den genauen Wortlaut habe ich nicht mehr im Kopf). Ich - GVU Trojaner (Rechner läuft aber noch)...
Archiv
Du betrachtest: GVU Trojaner (Rechner läuft aber noch) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.