Trojaner-Board - polizei virus geht nicht runter

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - polizei virus geht nicht runter (https://www.trojaner-board.de/112980-polizei-virus-geht-runter.html)

catwiesel39

02.04.2012 19:36

polizei virus geht nicht runter

hallo

seit 7 stunden
versuche ich jetzt den bundespolizei virus vom pc zu bekommen
habe sämtliche youtube videos gesehen
den kapersky windows blogger
3 mal laufen lassen
alles hat nixgebracht

dann habe ich die system wiederherstellung 2 mal laufen lassen
und mein pc geht wieder

meine frage
ist der virus jetzt weg
und wenn nicht was kann ich machen
bitte um hilfe
kann mir kein neues laptop kaufen

gruß kai

ich nutze auch online banking

gruß kai

Psychotic

03.04.2012 19:28

Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:

An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten?

catwiesel39

05.04.2012 15:09

danke für die antwort
habe alles nach anleitung gemacht siehe anhang
gruß kai

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.DDS Logfile:

Code:

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume1

Install Date: 24.11.2010 16:21:32

System Uptime: 05.04.2012 15:10:18 (0 hours ago)

.

Motherboard: LENOVO |  | Base Board Product Name

Processor: Intel(R) Core(TM) i3 CPU       M 350  @ 2.27GHz | CPU | 1858/1066mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 254 GiB total, 213,289 GiB free.

D: is FIXED (NTFS) - 29 GiB total, 27,797 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP274: 13.03.2012 08:18:15 - Windows Update

RP275: 14.03.2012 16:47:23 - Windows Update

RP276: 18.03.2012 06:56:05 - Removed HP Update

RP277: 18.03.2012 07:13:08 - Removed Scan

RP278: 18.03.2012 07:13:40 - Removed Destinations

RP279: 18.03.2012 07:14:08 - Installed Scan

RP280: 18.03.2012 07:14:49 - Installed Destinations

RP281: 18.03.2012 19:17:27 - Windows-Sicherung

RP282: 20.03.2012 13:30:09 - Windows Update

RP283: 25.03.2012 19:00:07 - Windows-Sicherung

RP284: 27.03.2012 08:40:13 - Windows Update

RP285: 01.04.2012 19:22:16 - Windows-Sicherung

RP286: 02.04.2012 20:04:52 - Wiederherstellungsvorgang

RP287: 02.04.2012 20:18:33 - Windows-Sicherung

RP288: 02.04.2012 20:33:19 - Windows Update

RP289: 05.04.2012 14:52:46 - Windows Update

.

==== Installed Programs ======================

.

1500

1500_Help

1500Trb

Ad-Aware

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.3 - Deutsch

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

Apple Application Support

Apple Software Update

Avira Free Antivirus

Broadcom 802.11 Wireless Driver

BufferChm

Copy

CyberLink YouCam

Destinations

DeviceDiscovery

DocProc

Energy Management

Fax

Free YouTube Download version 3.0.19.1206

Garmin MapSource

Garmin Training Center

Garmin USB Drivers

Google Earth

Google Update Helper

GPBaseService2

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

Intel(R) Control Center

Intel(R) Management Engine Components

Intel(R) Rapid Storage Technology

IrfanView (remove only)

Java Auto Updater

Java(TM) 6 Update 22

Java(TM) 6 Update 29

Lenovo DirectShare

Lenovo EasyCamera

Lenovo OneKey Recovery

Lenovo ReadyComm 5

Lenovo ReadyComm 5.0 Service

MarketResearch

Microsoft Office 2010

Microsoft Office Klick-und-Los 2010

Microsoft Office Starter 2010 - Deutsch

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Mozilla Firefox 11.0 (x86 de)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyFreeCodec

Onekey Theater

OpenOffice.org 3.3

posterXXL.de Bestellsoftware 4.60

Power2Go

Praetorians

QuickTime

Realtek Ethernet Controller Driver For Windows Vista and Later

Realtek USB 2.0 Card Reader

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)

SmartWebPrinting

SolutionCenter

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

Spyware Terminator 2012

Status

Toolbox

TrayApp

UnloadSupport

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VC 9.0 Runtime

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 1.1.11

WebReg

Windows Live Mesh ActiveX control for remote connections

Windows Live Sync

Windows Media Player Firefox Plugin

ZoneAlarm Firewall

ZoneAlarm Free

ZoneAlarm Security

.

==== End Of File ===========================
 
 
 
 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 

Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_29

Run by cocco at 15:18:35 on 2012-04-05

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.2415 [GMT 2:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\PROGRAM FILES (X86)\CHECKPOINT\ZONEALARM\VSMON.EXE

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\ISWSVC.EXE

C:\PROGRAM FILES (X86)\LAVASOFT\AD-AWARE\AAWSERVICE.EXE

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE

C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\SCHED.EXE

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGUARD.EXE

C:\WINDOWS\SYSTEM32\TASKHOST.EXE

C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\FORCEFIELD.EXE

C:\WINDOWS\SYSTEM32\TASKENG.EXE

C:\windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\EXPLORER.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\System32\svchost.exe -k HPZ12

C:\PROGRAM FILES (X86)\MICROSOFT\SEARCH ENHANCEMENT PACK\SEAPORT\SEAPORT.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE

C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE

C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE

C:\PROGRAM FILES (X86)\CHECKPOINT\ZONEALARM\ZATRAY.EXE

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVGNT.EXE

C:\PROGRAM FILES (X86)\AVIRA\ANTIVIR DESKTOP\AVSHADOW.EXE

C:\WINDOWS\SYSTEM32\CONHOST.EXE

C:\windows\system32\svchost.exe -k HPService

C:\PROGRAM FILES (X86)\LAVASOFT\AD-AWARE\AAWTRAY.EXE

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\PROGRAM FILES (X86)\INTEL\INTEL(R) RAPID STORAGE TECHNOLOGY\IASTORDATAMGRSVC.EXE

C:\PROGRAM FILES (X86)\INTEL\INTEL(R) MANAGEMENT ENGINE COMPONENTS\UNS\UNS.EXE

C:\windows\System32\svchost.exe -k secsvcs

C:\WINDOWS\SERVICING\TRUSTEDINSTALLER.EXE

C:\windows\system32\svchost.exe -k SDRSVC

C:\WINDOWS\SYSTEM32\WBEM\WMIPRVSE.EXE

C:\WINDOWS\SYSTEM32\DLLHOST.EXE

C:\WINDOWS\SYSTEM32\DLLHOST.EXE

C:\WINDOWS\SYSWOW64\CMD.EXE

C:\WINDOWS\SYSTEM32\CONHOST.EXE

C:\WINDOWS\SYSWOW64\CSCRIPT.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.de/#hl=de&cp=5&gs_id=m&xhr=t&q=ksk+calw&pf=p&sclient=psy-ab&site=&source=hp&pbx=1&oq=ksk+c&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.&fp=ad7ce3a3241bbebd&biw=1366&bih=653

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=C:\Windows\Sy

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Free YouTube Download - C:\Users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.178.1

TCP: Interfaces\{DC61E5D9-B1D5-40BE-A003-2DFDE213449C} : DhcpNameServer = 192.168.178.1

{0347C33E-8762-4905-BF09-768834316C61}

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}

{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}

{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

Hosts: 127.0.0.1        www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\cocco\AppData\Roaming\Mozilla\Firefox\Profiles\85ly5gs5.default\

FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/|hxxp://signin.ebay.de/ws/eBayISAPI.dll?SignOutConfirm&i=.0794001190006900076001200003500055000920005400022|hxxp://www.t-online.de/

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]

R1 avkmgr;avkmgr;C:\windows\system32\DRIVERS\avkmgr.sys --> C:\windows\system32\DRIVERS\avkmgr.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-4-2 86224]

R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-4-2 110032]

R2 avgntflt;avgntflt;C:\windows\system32\DRIVERS\avgntflt.sys --> C:\windows\system32\DRIVERS\avgntflt.sys [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-18 13336]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-16 1153368]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\windows\system32\DRIVERS\stflt.sys --> C:\windows\system32\DRIVERS\stflt.sys [?]

R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2012-4-2 1148632]

R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-6-18 2320920]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys --> C:\windows\system32\DRIVERS\ETD.sys [?]

R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-1-22 17152]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]

R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 usbsmi;Lenovo EasyCamera;C:\windows\system32\DRIVERS\SMIksdrv.sys --> C:\windows\system32\DRIVERS\SMIksdrv.sys [?]

R3 wdmirror;wdmirror;C:\windows\system32\DRIVERS\WDMirror.sys --> C:\windows\system32\DRIVERS\WDMirror.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-8 136176]

S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]

S3 Bridge0;Bridge0;C:\windows\system32\drivers\WDBridge.sys --> C:\windows\system32\drivers\WDBridge.sys [?]

S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-8 136176]

S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]

S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]

S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-6-18 509192]

S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-6-18 579400]

S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2010-12-17 16448]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]

.

=============== Created Last 30 ================

.

2012-04-04 05:58:27        8669240        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C8A73EC3-5647-4F3F-9DA9-28B28BC17C76}\mpengine.dll

2012-04-02 19:32:47        51496        ----a-w-        C:\windows\System32\drivers\stflt.sys

2012-04-02 19:32:45        --------        d-----w-        C:\Users\cocco\AppData\Roaming\Spyware Terminator

2012-04-02 19:32:45        --------        d-----w-        C:\ProgramData\Spyware Terminator

2012-04-02 19:31:08        --------        d-----w-        C:\Program Files (x86)\Spyware Terminator

2012-04-02 19:22:21        --------        d-----w-        C:\Users\cocco\AppData\Roaming\Avira

2012-04-02 19:18:09        97312        ----a-w-        C:\windows\System32\drivers\avgntflt.sys

2012-04-02 19:18:09        27760        ----a-w-        C:\windows\System32\drivers\avkmgr.sys

2012-04-02 19:18:04        --------        d-----w-        C:\ProgramData\Avira

2012-04-02 19:18:04        --------        d-----w-        C:\Program Files (x86)\Avira

2012-04-02 18:36:47        --------        d---a-w-        C:\Kaspersky Rescue Disk 10.0

2012-03-18 05:54:54        592824        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-18 05:54:54        44472        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-14 15:50:37        5559152        ----a-w-        C:\windows\System32\ntoskrnl.exe

2012-03-14 15:50:35        3968368        ----a-w-        C:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 15:50:34        3913584        ----a-w-        C:\windows\SysWow64\ntoskrnl.exe

2012-03-14 10:17:38        3145728        ----a-w-        C:\windows\System32\win32k.sys

2012-03-14 10:17:30        1544192        ----a-w-        C:\windows\System32\DWrite.dll

2012-03-14 10:17:30        1077248        ----a-w-        C:\windows\SysWow64\DWrite.dll

2012-03-14 10:16:22        9216        ----a-w-        C:\windows\System32\rdrmemptylst.exe

2012-03-14 10:16:22        77312        ----a-w-        C:\windows\System32\rdpwsx.dll

2012-03-14 10:16:22        149504        ----a-w-        C:\windows\System32\rdpcorekmts.dll

2012-03-14 10:16:19        1031680        ----a-w-        C:\windows\System32\rdpcore.dll

2012-03-14 10:16:18        826880        ----a-w-        C:\windows\SysWow64\rdpcore.dll

2012-03-14 10:16:18        23552        ----a-w-        C:\windows\System32\drivers\tdtcp.sys

2012-03-14 10:16:18        210944        ----a-w-        C:\windows\System32\drivers\rdpwd.sys

2012-03-12 15:00:00        --------        d-----w-        C:\Program Files\iPod

2012-03-12 14:59:59        --------        d-----w-        C:\Program Files\iTunes

2012-03-12 14:59:59        --------        d-----w-        C:\Program Files (x86)\iTunes

2012-03-12 14:56:50        --------        d-----w-        C:\Program Files\Bonjour

2012-03-12 14:56:50        --------        d-----w-        C:\Program Files (x86)\Bonjour

.

==================== Find3M  ====================

.

2012-02-23 07:18:36        279656        ------w-        C:\windows\System32\MpSigStub.exe

.

============= FINISH: 15:20:02,24 ===============

--- --- ---

GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-04-05 15:55:46

Windows 6.1.7601 Service Pack 1 

Running: srnsb9b6.exe
 
 

---- Registry - GMER 1.0.15 ----
 

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88                      

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)  
 

---- EOF - GMER 1.0.15 ----

--- --- ---

catwiesel39

06.04.2012 10:22

wenn ich den
baseline security analyzer
ausführe
kommen
4 benutzer konten

Administrator
gast
home group user (das kenne ich nicht)
und
meins
cocco

hat das was zu bedeuten

cosinus

06.04.2012 14:43

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

catwiesel39

06.04.2012 16:53

das malware ergebniss

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
cocco :: PC-PC [Administrator]

Schutz: Aktiviert

06.04.2012 16:13:23
mbam-log-2012-04-06 (16-13-23).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 335672
Laufzeit: 1 Stunde(n), 25 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus

06.04.2012 17:06

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

catwiesel39

06.04.2012 19:34

Hallo

in der logdatei
ist nur das gestanden

und ich habe ihn zum ersten mal benutzt

gruß kai

catwiesel39

06.04.2012 19:54

Code:

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

DLL:pipe not connected. attempts=120

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=852b3bb7f06cb648b8e7263498aa61be

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-06 06:42:30

# local_time=2012-04-06 08:42:30 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=1792 16777215 100 0 334713 334713 0 0

# compatibility_mode=5893 16776573 100 94 13702 85358847 0 0

# compatibility_mode=7937 16777214 28 75 333817 820329 0 0

# compatibility_mode=8192 67108863 100 0 3681 3681 0 0

# compatibility_mode=9217 16777214 75 4 12517398 12517398 0 0

# scanned=132285

# found=0

# cleaned=0

# scan_time=8753

cosinus

06.04.2012 20:38

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

catwiesel39

06.04.2012 20:41

also das laptop geht wie vorher auch

Programme gehen alle

ausser words das geht nicht mehr seit der systemwiederherstellung

habe avira antivir laufen lassen heute morgen
und er hat 4 sachen gefunden und gelöscht
auch spyware terminator har ein paar sachen gefunden

gruß kai

Zitat:

Zitat von cosinus (Beitrag 810382)

der einzig leere ordner
ist

der ordner autostart
im start menü+programme

cosinus

06.04.2012 20:59

Zitat:

und er hat 4 sachen gefunden und gelöscht
auch spyware terminator har ein paar sachen gefunden

Also das hilft nicht weiter :( du musst schon die Logs posten

catwiesel39

07.04.2012 07:26

spyware terminator

------
Spyware Terminator (db:)
------
Scann Zeit: 06.04.2012 06:55:57 länge: 0:35:18
Plattform: W7 (6.1.0.7601)
Benutzer: Admin
Scann typ: Umfangreicher Scann
Gescannte Objekte: 106409 (Kritisch: 3)

------
laufende Prozesse
------
smss.exe [Microsoft Corporation] : %SYSDIR%\smss.exe
csrss.exe [Microsoft Corporation] : %SYSDIR%\csrss.exe
wininit.exe [Microsoft Corporation] : %SYSDIR%\wininit.exe
csrss.exe [Microsoft Corporation] : %SYSDIR%\csrss.exe
services.exe [Microsoft Corporation] : %SYSDIR%\services.exe
lsass.exe [Microsoft Corporation] : %SYSDIR%\lsass.exe
lsm.exe [Microsoft Corporation] : %SYSDIR%\lsm.exe
svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe
nvvsvc.exe [NVIDIA Corporation] : %SYSDIR%\nvvsvc.exe
svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe
svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe
svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe
svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe
audiodg.exe
svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe
svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe
vsmon.exe [Check Point Software Technologies LTD] : %PROGRAMFILES32%\CheckPoint\ZoneAlarm\vsmon.exe
winlogon.exe [Microsoft Corporation] : %SYSDIR%\winlogon.exe
wlanext.exe [Microsoft Corporation] : %SYSDIR%\wlanext.exe
conhost.exe [Microsoft Corporation] : %SYSDIR%\conhost.exe
nvvsvc.exe [NVIDIA Corporation] : %SYSDIR%\nvvsvc.exe
ISWSVC.exe [Check Point Software Technologies] : %SystemDiskRoot%\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
AAWService.exe [Lavasoft Limited] : %PROGRAMFILES32%\Lavasoft\Ad-Aware\AAWService.exe
spoolsv.exe [Microsoft Corporation] : %SYSDIR%\spoolsv.exe
sched.exe [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\sched.exe
svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe
avguard.exe [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\avguard.exe
AppleMobileDeviceService.exe [Apple Inc.] : %COMMONFILES32%\Apple\Mobile Device Support\AppleMobileDeviceService.exe
mDNSResponder.exe [Apple Inc.] : %SystemDiskRoot%\Program Files\Bonjour\mDNSResponder.exe
svchost.exe [Microsoft Corporation] : %SYSDIR32%\svchost.exe
LMS.exe [Intel Corporation] : %PROGRAMFILES32%\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe
svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe
SeaPort.exe [Microsoft Corporation] : %PROGRAMFILES32%\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
sftvsa.exe [Microsoft Corporation] : %PROGRAMFILES32%\Microsoft Application Virtualization Client\sftvsa.exe
st_rsser64.exe [Crawler.com] : %PROGRAMFILES%\Spyware Terminator\st_rsser64.exe
svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe
sftlist.exe [Microsoft Corporation] : %PROGRAMFILES32%\Microsoft Application Virtualization Client\sftlist.exe
SDWinSec.exe [Safer Networking Ltd.] : %PROGRAMFILES32%\Spybot - Search & Destroy\SDWinSec.exe
unsecapp.exe [Microsoft Corporation] : %SYSDIR%\wbem\unsecapp.exe
WmiPrvSE.exe [Microsoft Corporation] : %SYSDIR%\wbem\WmiPrvSE.exe
CVHSVC.EXE [Microsoft Corporation] : %COMMONFILES32%\microsoft shared\Virtualization Handler\CVHSVC.EXE
avshadow.exe [Avira Operations GmbH & Co. KG] : %PROGRAMFILES%\Avira\AntiVir Desktop\avshadow.exe
conhost.exe [Microsoft Corporation] : %SYSDIR%\conhost.exe
svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe
svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe
taskhost.exe [Microsoft Corporation] : %SYSDIR%\taskhost.exe
dwm.exe [Microsoft Corporation] : %SYSDIR%\dwm.exe
explorer.exe [Microsoft Corporation] : %WINDIR%\explorer.exe
taskeng.exe [Microsoft Corporation] : %SYSDIR%\taskeng.exe
ForceField.exe [Check Point Software Technologies] : %SystemDiskRoot%\Program Files\CheckPoint\ZAForceField\ForceField.exe
GoogleUpdate.exe [Google Inc.] : %PROGRAMFILES32%\Google\Update\GoogleUpdate.exe
Energy Management.exe [Lenovo (Beijing) Limited] : %PROGRAMFILES%\Lenovo\Energy Management\Energy Management.exe
utility.exe [Lenovo(beijing) Limited] : %PROGRAMFILES%\Lenovo\Energy Management\utility.exe
SpywareTerminatorShield.exe [Crawler.com] : %PROGRAMFILES32%\Spyware Terminator\SpywareTerminatorShield.exe
SpywareTerminatorUpdate.exe [Crawler.com] : %PROGRAMFILES32%\Spyware Terminator\SpywareTerminatorUpdate.exe
svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe
zatray.exe [Check Point Software Technologies LTD] : %PROGRAMFILES32%\CheckPoint\ZoneAlarm\zatray.exe
avgnt.exe [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\avgnt.exe
wmpnetwk.exe [Microsoft Corporation] : %SystemDiskRoot%\Program Files\Windows Media Player\wmpnetwk.exe
svchost.exe [Microsoft Corporation] : %SYSDIR%\svchost.exe
SpywareTerminator.exe [Crawler.com] : %PROGRAMFILES32%\Spyware Terminator\SpywareTerminator.exe
AAWTray.exe [Lavasoft Limited] : %PROGRAMFILES32%\Lavasoft\Ad-Aware\AAWTray.exe

------
Laufende Services und Treiber
------
ACPI [Microsoft Corporation] : %SYSDIR%\drivers\acpi.sys
ACPIVPC [Lenovo Corporation] : %SYSDIR%\drivers\AcpiVpc.sys
AeLookupSvc [Microsoft Corporation] : %SYSDIR%\svchost.exe
AFD [Microsoft Corporation] : %SYSDIR%\drivers\afd.sys
amdxata [Advanced Micro Devices] : %SYSDIR%\drivers\amdxata.sys
AntiVirSchedulerService [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\sched.exe
AntiVirService [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\avguard.exe
Appinfo [Microsoft Corporation] : %SYSDIR%\svchost.exe
Apple Mobile Device [Apple Inc.] : %COMMONFILES32%\Apple\Mobile Device Support\AppleMobileDeviceService.exe
atapi [Microsoft Corporation] : %SYSDIR%\drivers\atapi.sys
AudioEndpointBuilder [Microsoft Corporation] : %SYSDIR%\svchost.exe
AudioSrv [Microsoft Corporation] : %SYSDIR%\svchost.exe
avgntflt [Avira GmbH] : %SYSDIR%\drivers\avgntflt.sys
avipbb [Avira GmbH] : %SYSDIR%\drivers\avipbb.sys
avkmgr [Avira GmbH] : %SYSDIR%\drivers\avkmgr.sys
BCM43XX [Broadcom Corporation] : %SYSDIR%\drivers\BCMWL664.SYS
BFE [Microsoft Corporation] : %SYSDIR%\svchost.exe
BITS [Microsoft Corporation] : %SYSDIR%\svchost.exe
blbdrive [Microsoft Corporation] : %SYSDIR%\drivers\blbdrive.sys
Bonjour Service [Apple Inc.] : %SystemDiskRoot%\Program Files\Bonjour\mDNSResponder.exe
bowser [Microsoft Corporation] : %SYSDIR%\drivers\bowser.sys
Browser [Microsoft Corporation] : %SYSDIR%\svchost.exe
cdrom [Microsoft Corporation] : %SYSDIR%\drivers\cdrom.sys
CLFS [Microsoft Corporation] : %SYSDIR%\clfs.sys
CmBatt [Microsoft Corporation] : %SYSDIR%\drivers\CmBatt.sys
CNG [Microsoft Corporation] : %SYSDIR%\drivers\cng.sys
CnxtHdAudService [Conexant Systems Inc.] : %SYSDIR%\drivers\CHDRT64.sys
Compbatt [Microsoft Corporation] : %SYSDIR%\drivers\compbatt.sys
CompositeBus [Microsoft Corporation] : %SYSDIR%\drivers\CompositeBus.sys
CryptSvc [Microsoft Corporation] : %SYSDIR%\svchost.exe
cvhsvc [Microsoft Corporation] : %COMMONFILES32%\microsoft shared\Virtualization Handler\CVHSVC.EXE
DcomLaunch [Microsoft Corporation] : %SYSDIR%\svchost.exe
DfsC [Microsoft Corporation] : %SYSDIR%\drivers\dfsc.sys
Dhcp [Microsoft Corporation] : %SYSDIR%\svchost.exe
discache [Microsoft Corporation] : %SYSDIR%\drivers\discache.sys
Disk [Microsoft Corporation] : %SYSDIR%\drivers\disk.sys
Dnscache [Microsoft Corporation] : %SYSDIR%\svchost.exe
DPS [Microsoft Corporation] : %SYSDIR%\svchost.exe
DXGKrnl [Microsoft Corporation] : %SYSDIR%\drivers\dxgkrnl.sys
EapHost [Microsoft Corporation] : %SYSDIR%\svchost.exe
EFS [Microsoft Corporation] : %SYSDIR%\lsass.exe
ETD [ELAN Microelectronics Corp.] : %SYSDIR%\drivers\ETD.sys
eventlog [Microsoft Corporation] : %SYSDIR%\svchost.exe
EventSystem [Microsoft Corporation] : %SYSDIR%\svchost.exe
fdPHost [Microsoft Corporation] : %SYSDIR%\svchost.exe
FDResPub [Microsoft Corporation] : %SYSDIR%\svchost.exe
FileInfo [Microsoft Corporation] : %SYSDIR%\drivers\fileinfo.sys
FltMgr [Microsoft Corporation] : %SYSDIR%\drivers\fltMgr.sys
FontCache [Microsoft Corporation] : %SYSDIR%\svchost.exe
fvevol [Microsoft Corporation] : %SYSDIR%\drivers\fvevol.sys
GEARAspiWDM [GEAR Software Inc.] : %SYSDIR%\drivers\GEARAspiWDM.sys
gpsvc [Microsoft Corporation] : %SYSDIR%\svchost.exe
HDAudBus [Microsoft Corporation] : %SYSDIR%\drivers\hdaudbus.sys
HECIx64 [Intel Corporation] : %SYSDIR%\drivers\HECIx64.sys
HomeGroupListener [Microsoft Corporation] : %SYSDIR%\svchost.exe
HomeGroupProvider [Microsoft Corporation] : %SYSDIR%\svchost.exe
hpqcxs08 [Microsoft Corporation] : %SYSDIR%\svchost.exe
hpqddsvc [Microsoft Corporation] : %SYSDIR%\svchost.exe
HPSLPSVC [Microsoft Corporation] : %SYSDIR%\svchost.exe
HTTP [Microsoft Corporation] : %SYSDIR%\drivers\http.sys
hwpolicy [Microsoft Corporation] : %SYSDIR%\drivers\hwpolicy.sys
i8042prt [Microsoft Corporation] : %SYSDIR%\drivers\i8042prt.sys
iaStor [Intel Corporation] : %SYSDIR%\drivers\iaStor.sys
IKEEXT [Microsoft Corporation] : %SYSDIR%\svchost.exe
intelppm [Microsoft Corporation] : %SYSDIR%\drivers\intelppm.sys
iphlpsvc [Microsoft Corporation] : %SYSDIR%\svchost.exe
ISWKL [Check Point Software Technologies] : %SystemDiskRoot%\Program Files\CheckPoint\ZAForceField\ISWKL.sys
IswSvc [Check Point Software Technologies] : %SystemDiskRoot%\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
kbdclass [Microsoft Corporation] : %SYSDIR%\drivers\kbdclass.sys
KeyIso [Microsoft Corporation] : %SYSDIR%\lsass.exe
KSecDD [Microsoft Corporation] : %SYSDIR%\drivers\ksecdd.sys
KSecPkg [Microsoft Corporation] : %SYSDIR%\drivers\ksecpkg.sys
ksthunk [Microsoft Corporation] : %SYSDIR%\drivers\ksthunk.sys
LanmanServer [Microsoft Corporation] : %SYSDIR%\svchost.exe
LanmanWorkstation [Microsoft Corporation] : %SYSDIR%\svchost.exe
Lavasoft Ad-Aware Service [Lavasoft Limited] : %PROGRAMFILES32%\Lavasoft\Ad-Aware\AAWService.exe
Lavasoft Kernexplorer : %PROGRAMFILES%\Lavasoft\Ad-Aware\KernExplorer64.sys
Lbd [Lavasoft AB] : %SYSDIR%\drivers\Lbd.sys
lltdio [Microsoft Corporation] : %SYSDIR%\drivers\lltdio.sys
lmhosts [Microsoft Corporation] : %SYSDIR%\svchost.exe
LMS [Intel Corporation] : %PROGRAMFILES32%\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
luafv [Microsoft Corporation] : %SYSDIR%\drivers\luafv.sys
MMCSS [Microsoft Corporation] : %SYSDIR%\svchost.exe
monitor [Microsoft Corporation] : %SYSDIR%\drivers\monitor.sys
mouclass [Microsoft Corporation] : %SYSDIR%\drivers\mouclass.sys
mountmgr [Microsoft Corporation] : %SYSDIR%\drivers\mountmgr.sys
mpsdrv [Microsoft Corporation] : %SYSDIR%\drivers\mpsdrv.sys
MpsSvc [Microsoft Corporation] : %SYSDIR%\svchost.exe
mrxsmb [Microsoft Corporation] : %SYSDIR%\drivers\mrxsmb.sys
mrxsmb10 [Microsoft Corporation] : %SYSDIR%\drivers\mrxsmb10.sys
mrxsmb20 [Microsoft Corporation] : %SYSDIR%\drivers\mrxsmb20.sys
msahci [Microsoft Corporation] : %SYSDIR%\drivers\msahci.sys
msisadrv [Microsoft Corporation] : %SYSDIR%\drivers\msisadrv.sys
mssmbios [Microsoft Corporation] : %SYSDIR%\drivers\mssmbios.sys
Mup [Microsoft Corporation] : %SYSDIR%\drivers\mup.sys
NativeWifiP [Microsoft Corporation] : %SYSDIR%\drivers\nwifi.sys
NDIS [Microsoft Corporation] : %SYSDIR%\drivers\ndis.sys
NdisTapi [Microsoft Corporation] : %SYSDIR%\drivers\ndistapi.sys
Ndisuio [Microsoft Corporation] : %SYSDIR%\drivers\ndisuio.sys
NdisWan [Microsoft Corporation] : %SYSDIR%\drivers\ndiswan.sys
Net Driver HPZ12 [Microsoft Corporation] : %SYSDIR%\svchost.exe
NetBIOS [Microsoft Corporation] : %SYSDIR%\drivers\netbios.sys
NetBT [Microsoft Corporation] : %SYSDIR%\drivers\netbt.sys
Netman [Microsoft Corporation] : %SYSDIR%\svchost.exe
netprofm [Microsoft Corporation] : %SYSDIR%\svchost.exe
NlaSvc [Microsoft Corporation] : %SYSDIR%\svchost.exe
nsi [Microsoft Corporation] : %SYSDIR%\svchost.exe
nsiproxy [Microsoft Corporation] : %SYSDIR%\drivers\nsiproxy.sys
NVHDA [NVIDIA Corporation] : %SYSDIR%\drivers\nvhda64v.sys
nvlddmkm [NVIDIA Corporation] : %SYSDIR%\drivers\nvlddmkm.sys
nvsvc [NVIDIA Corporation] : %SYSDIR%\nvvsvc.exe
p2pimsvc [Microsoft Corporation] : %SYSDIR%\svchost.exe
p2psvc [Microsoft Corporation] : %SYSDIR%\svchost.exe
partmgr [Microsoft Corporation] : %SYSDIR%\drivers\partmgr.sys
PcaSvc [Microsoft Corporation] : %SYSDIR%\svchost.exe
pci [Microsoft Corporation] : %SYSDIR%\drivers\pci.sys
pcw [Microsoft Corporation] : %SYSDIR%\drivers\pcw.sys
PEAUTH [Microsoft Corporation] : %SYSDIR%\drivers\PEAuth.sys
PlugPlay [Microsoft Corporation] : %SYSDIR%\svchost.exe
Pml Driver HPZ12 [Microsoft Corporation] : %SYSDIR%\svchost.exe
PNRPsvc [Microsoft Corporation] : %SYSDIR%\svchost.exe
PolicyAgent [Microsoft Corporation] : %SYSDIR%\svchost.exe
Power [Microsoft Corporation] : %SYSDIR%\svchost.exe
PptpMiniport [Microsoft Corporation] : %SYSDIR%\drivers\raspptp.sys
ProfSvc [Microsoft Corporation] : %SYSDIR%\svchost.exe
Psched [Microsoft Corporation] : %SYSDIR%\drivers\pacer.sys
RasAgileVpn [Microsoft Corporation] : %SYSDIR%\drivers\agilevpn.sys
Rasl2tp [Microsoft Corporation] : %SYSDIR%\drivers\rasl2tp.sys
RasPppoe [Microsoft Corporation] : %SYSDIR%\drivers\raspppoe.sys
RasSstp [Microsoft Corporation] : %SYSDIR%\drivers\rassstp.sys
rdbss [Microsoft Corporation] : %SYSDIR%\drivers\rdbss.sys
RDPCDD [Microsoft Corporation] : %SYSDIR%\drivers\RDPCDD.sys
RDPENCDD [Microsoft Corporation] : %SYSDIR%\drivers\RDPENCDD.sys
RDPREFMP [Microsoft Corporation] : %SYSDIR%\drivers\RDPREFMP.sys
rdyboost [Microsoft Corporation] : %SYSDIR%\drivers\rdyboost.sys
RpcEptMapper [Microsoft Corporation] : %SYSDIR%\svchost.exe
RpcSs [Microsoft Corporation] : %SYSDIR%\svchost.exe
rspndr [Microsoft Corporation] : %SYSDIR%\drivers\rspndr.sys
SamSs [Microsoft Corporation] : %SYSDIR%\lsass.exe
SBSDWSCService [Safer Networking Ltd.] : %PROGRAMFILES32%\Spybot - Search & Destroy\SDWinSec.exe
Schedule [Microsoft Corporation] : %SYSDIR%\svchost.exe
SeaPort [Microsoft Corporation] : %PROGRAMFILES32%\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SENS [Microsoft Corporation] : %SYSDIR%\svchost.exe
Sftfs [Microsoft Corporation] : %SYSDIR%\drivers\Sftfslh.sys
sftlist [Microsoft Corporation] : %PROGRAMFILES32%\Microsoft Application Virtualization Client\sftlist.exe
Sftplay [Microsoft Corporation] : %SYSDIR%\drivers\Sftplaylh.sys
Sftredir [Microsoft Corporation] : %SYSDIR%\drivers\Sftredirlh.sys
Sftvol [Microsoft Corporation] : %SYSDIR%\drivers\Sftvollh.sys
sftvsa [Microsoft Corporation] : %PROGRAMFILES32%\Microsoft Application Virtualization Client\sftvsa.exe
ShellHWDetection [Microsoft Corporation] : %SYSDIR%\svchost.exe
Spooler [Microsoft Corporation] : %SYSDIR%\spoolsv.exe
sp_rsdrv2 [Windows (R) Win 7 DDK provider] : %SYSDIR%\drivers\stflt.sys
srv [Microsoft Corporation] : %SYSDIR%\drivers\srv.sys
srv2 [Microsoft Corporation] : %SYSDIR%\drivers\srv2.sys
srvnet [Microsoft Corporation] : %SYSDIR%\drivers\srvnet.sys
SSDPSRV [Microsoft Corporation] : %SYSDIR%\svchost.exe
ST2012_Svc [Crawler.com] : %PROGRAMFILES%\Spyware Terminator\st_rsser64.exe
stisvc [Microsoft Corporation] : %SYSDIR%\svchost.exe
swenum [Microsoft Corporation] : %SYSDIR%\drivers\swenum.sys
SysMain [Microsoft Corporation] : %SYSDIR%\svchost.exe
Tcpip [Microsoft Corporation] : %SYSDIR%\drivers\tcpip.sys
tcpipreg [Microsoft Corporation] : %SYSDIR%\drivers\tcpipreg.sys
tdx [Microsoft Corporation] : %SYSDIR%\drivers\tdx.sys
TermDD [Microsoft Corporation] : %SYSDIR%\drivers\termdd.sys
Themes [Microsoft Corporation] : %SYSDIR%\svchost.exe
TrkWks [Microsoft Corporation] : %SYSDIR%\svchost.exe
tunnel [Microsoft Corporation] : %SYSDIR%\drivers\tunnel.sys
umbus [Microsoft Corporation] : %SYSDIR%\drivers\umbus.sys
upnphost [Microsoft Corporation] : %SYSDIR%\svchost.exe
usbccgp [Microsoft Corporation] : %SYSDIR%\drivers\usbccgp.sys
usbehci [Microsoft Corporation] : %SYSDIR%\drivers\usbehci.sys
usbhub [Microsoft Corporation] : %SYSDIR%\drivers\usbhub.sys
usbsmi [SMI] : %SYSDIR%\drivers\SMIksdrv.sys
UxSms [Microsoft Corporation] : %SYSDIR%\svchost.exe
vdrvroot [Microsoft Corporation] : %SYSDIR%\drivers\vdrvroot.sys
VgaSave [Microsoft Corporation] : %SYSDIR%\drivers\vga.sys
volmgr [Microsoft Corporation] : %SYSDIR%\drivers\volmgr.sys
volmgrx [Microsoft Corporation] : %SYSDIR%\drivers\volmgrx.sys
volsnap [Microsoft Corporation] : %SYSDIR%\drivers\volsnap.sys
Vsdatant [Check Point Software Technologies LTD] : %SYSDIR%\drivers\vsdatant.sys
vsmon [Check Point Software Technologies LTD] : %PROGRAMFILES32%\CheckPoint\ZoneAlarm\vsmon.exe
vwifibus [Microsoft Corporation] : %SYSDIR%\drivers\vwifibus.sys
vwififlt [Microsoft Corporation] : %SYSDIR%\drivers\vwififlt.sys
Wanarpv6 [Microsoft Corporation] : %SYSDIR%\drivers\wanarp.sys
Wdf01000 [Microsoft Corporation] : %SYSDIR%\drivers\Wdf01000.sys
WdiServiceHost [Microsoft Corporation] : %SYSDIR%\svchost.exe
WdiSystemHost [Microsoft Corporation] : %SYSDIR%\svchost.exe
wdmirror [Lenovo] : %SYSDIR%\drivers\WDMirror.sys
WfpLwf [Microsoft Corporation] : %SYSDIR%\drivers\wfplwf.sys
WinHttpAutoProxySvc [Microsoft Corporation] : %SYSDIR%\svchost.exe
Winmgmt [Microsoft Corporation] : %SYSDIR%\svchost.exe
Wlansvc [Microsoft Corporation] : %SYSDIR%\svchost.exe
WmiAcpi [Microsoft Corporation] : %SYSDIR%\drivers\wmiacpi.sys
WMPNetworkSvc [Microsoft Corporation] : %SystemDiskRoot%\Program Files\Windows Media Player\wmpnetwk.exe
WPDBusEnum [Microsoft Corporation] : %SYSDIR%\svchost.exe
wscsvc [Microsoft Corporation] : %SYSDIR%\svchost.exe
WudfPf [Microsoft Corporation] : %SYSDIR%\drivers\WUDFPf.sys
wudfsvc [Microsoft Corporation] : %SYSDIR%\svchost.exe

------
geladene Bibliotheken
------
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\ntdll.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\kernel32.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\KERNELBASE.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\advapi32.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\msvcrt.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\sechost.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\rpcrt4.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\sspicli.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\CRYPTBASE.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\psapi.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\userenv.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\profapi.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\version.dll
Windows® Internet Explorer [Microsoft Corporation] : %SYSDIR32%\wininet.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\shlwapi.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\gdi32.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\user32.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\lpk.dll
Microsoft(R) Uniscribe Unicode script processor [Microsoft Corporation] : %SYSDIR32%\usp10.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\normaliz.dll
Windows® Internet Explorer [Microsoft Corporation] : %SYSDIR32%\iertutil.dll
Windows® Internet Explorer [Microsoft Corporation] : %SYSDIR32%\urlmon.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\ole32.dll
[Microsoft Corporation]%SYSDIR32%\oleaut32.dll
%PROGRAMFILES32%\Lavasoft\Ad-Aware\RPAPI.dll
Microsoft® Visual Studio® 2008 [Microsoft Corporation] : %WINDIR%\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
Microsoft® Visual Studio® 2008 [Microsoft Corporation] : %WINDIR%\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\crypt32.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\msasn1.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\wintrust.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\fltLib.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\shell32.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\imm32.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\msctf.dll
Ad-Aware Resources [Lavasoft Limited] : %PROGRAMFILES32%\Lavasoft\Ad-Aware\Resources.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\ntmarta.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\Wldap32.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\winsta.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\clbcatq.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\taskschd.dll
LavaLicense Desktop [Lavasoft Limited] : %PROGRAMFILES32%\Lavasoft\Ad-Aware\lavalicense.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\wbem\wbemprox.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\wbemcomn.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\ws2_32.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\nsi.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\cryptsp.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\rsaenh.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\RpcRtRemote.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\wbem\wbemsvc.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\wbem\fastprox.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\ntdsapi.dll
CEAPI Dynamic Link Library [Lavasoft Limited] : %PROGRAMFILES32%\Lavasoft\Ad-Aware\CEAPI.dll
%PROGRAMFILES32%\Lavasoft\Ad-Aware\viprebridge.dll
Sunbelt AntiMalware Common SDK Merge Module [Sunbelt Software] : %PROGRAMFILES32%\Lavasoft\Ad-Aware\SBTE.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\sfc.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\sfc_os.dll
VIPRE Threat detection and remediation system : %PROGRAMFILES32%\Lavasoft\Ad-Aware\Vipre.dll
VIPRE Threat detection and remediation system [GFI Software] : %ALLUSERS_APPDATA%\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\netapi32.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\netutils.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\srvcli.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\wkscli.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\schedcli.dll
VIPRE Threat detection and remediation system [GFI Software] : %ALLUSERS_APPDATA%\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\winmm.dll
VIPRE Threat detection and remediation system [GFI Software] : %ALLUSERS_APPDATA%\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll
VIPRE Threat detection and remediation system [GFI Software] : %ALLUSERS_APPDATA%\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll
%ALLUSERS_APPDATA%\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
VIPRE Threat detection and remediation system [GFI Software] : %ALLUSERS_APPDATA%\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\nlaapi.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\NapiNSP.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\pnrpnsp.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\wshbth.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\mswsock.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\dnsapi.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\winrnr.dll
Bonjour [Apple Inc.] : %PROGRAMFILES32%\Bonjour\mdnsNSP.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\IPHLPAPI.DLL
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\winnsi.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\FWPUCLNT.DLL
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\rasadhlp.dll
%ALLUSERS_APPDATA%\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
VIPRE Threat detection and remediation system [GFI Software] : %ALLUSERS_APPDATA%\Lavasoft\Ad-Aware\Defs\Extended\libMsCab.dll
VIPRE Threat detection and remediation system [GFI Software] : %ALLUSERS_APPDATA%\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll
VIPRE Threat detection and remediation system [GFI Software] : %ALLUSERS_APPDATA%\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll
VIPRE Threat detection and remediation system [GFI Software] : %ALLUSERS_APPDATA%\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll
VIPRE Threat detection and remediation system [GFI Software] : %ALLUSERS_APPDATA%\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll
VIPRE Threat detection and remediation system [GFI Software] : %ALLUSERS_APPDATA%\Lavasoft\Ad-Aware\Defs\Extended\libRTF.dll
VIPRE Threat detection and remediation system [GFI Software] : %ALLUSERS_APPDATA%\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll
VIPRE Threat detection and remediation system [GFI Software] : %ALLUSERS_APPDATA%\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll
VIPRE Threat detection and remediation system [GFI Software] : %ALLUSERS_APPDATA%\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll
Microsoft(R) MSXML 3.0 SP11 [Microsoft Corporation] : %SYSDIR32%\msxml3.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\imagehlp.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\ncrypt.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\bcrypt.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\bcryptprimitives.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\gpapi.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\cryptnet.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\SensApi.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\cabinet.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\devrtl.dll
%ALLUSERS_APPDATA%\Lavasoft\Ad-Aware\Defs\thorax.aaw
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\apphelp.dll
ZoneAlarm Browser Security [Check Point Software Technologies] : %SystemDiskRoot%\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
Microsoft® Visual Studio® 2005 [Microsoft Corporation] : %WINDIR%\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
Microsoft® Visual Studio® 2005 [Microsoft Corporation] : %WINDIR%\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
Microsoft® Visual Studio® 2010 [Microsoft Corporation] : %SYSDIR32%\msvcp100.dll
Microsoft® Visual Studio® 2010 [Microsoft Corporation] : %SYSDIR32%\msvcr100.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\grdcore.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\cfglib.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\gpipc.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\mpr.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\gpgen.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\gpschd.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\wtsapi32.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\rasapi32.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\rasman.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\avevtlog.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\schedr.dll
SQLite Database : %PROGRAMFILES32%\Avira\AntiVir Desktop\sqlite3.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\cfgmgr32.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\avipc.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\gpgrd.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\gpavgio.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\gpgui.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\gplegacy.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\gpgenrep.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\onlcfg.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\guardmsg.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\avgio.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\avpref.dll
AVCORE [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aecore.dll
AVVDF [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aevdf.dll
AVSCRIPT [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aescript.dll
AVSCN [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aescn.dll
AVSBX [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aesbx.dll
AVRDL [Avira GmbH] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aerdl.dll
AVPACK [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aepack.dll
AVOFFICE [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aeoffice.dll
AVHEUR [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aeheur.dll
AVHELP [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aehelp.dll
AVGEN [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aegen.dll
AVEXP [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aeexp.dll
AVEMU [Avira GmbH] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aeemu.dll
AVBB [Avira GmbH] : %PROGRAMFILES32%\Avira\AntiVir Desktop\aebb.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\avesvc.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\avesvcr.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\webcat.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\webcatrc.dll
AntiVir Desktop [Avira Operations GmbH] : %PROGRAMFILES32%\Avira\antivir desktop\avreg.dll
Apple Software Support Version Check [Apple Inc.] : %COMMONFILES32%\Apple\Apple Application Support\AppleVersions.dll
[Apple Inc.]%COMMONFILES32%\Apple\Apple Application Support\YSCrashDump.DLL
CoreFoundation [Apple Inc.] : %COMMONFILES32%\Apple\Apple Application Support\CoreFoundation.dll
[Open Source Software community project]%COMMONFILES32%\Apple\Apple Application Support\pthreadVC2.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\wsock32.dll
objc4 [Apple Inc.] : %COMMONFILES32%\Apple\Apple Application Support\objc.dll
libdispatch [Apple Inc.] : %COMMONFILES32%\Apple\Apple Application Support\libdispatch.dll
International Components for Unicode [The ICU Project] : %COMMONFILES32%\Apple\Apple Application Support\libicuin.dll
International Components for Unicode [The ICU Project] : %COMMONFILES32%\Apple\Apple Application Support\libicuuc.dll
International Components for Unicode [The ICU Project] : %COMMONFILES32%\Apple\Apple Application Support\icudt46.dll
[Apple Inc.]%COMMONFILES32%\Apple\Apple Application Support\ASL.dll
Apple Mobile Device Service [Apple Inc.] : %COMMONFILES32%\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\setupapi.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\devobj.dll
Bonjour [Apple Inc.] : %SYSDIR32%\dnssd.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\WSHTCPIP.DLL
iTunesMobileDevice [Apple Inc.] : %COMMONFILES32%\Apple\Mobile Device Support\MobileDevice.dll
zlib : %COMMONFILES32%\Apple\Apple Application Support\zlib1.dll
CFNetwork [Apple, Inc.] : %COMMONFILES32%\Apple\Apple Application Support\CFNetwork.dll
SQLite3 [Apple Inc.] : %COMMONFILES32%\Apple\Apple Application Support\SQLite3.dll
libxml2.dll : %COMMONFILES32%\Apple\Apple Application Support\libxml2.dll
HP Digital Imaging [Hewlett-Packard Co.] : %PROGRAMFILES32%\HP\digital imaging\bin\hpqddsvc.dll
HP Digital Imaging [Hewlett-Packard Co.] : %PROGRAMFILES32%\HP\digital imaging\bin\hpqddcmn.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\winspool.drv
HP Digital Imaging [Hewlett-Packard Co.] : %PROGRAMFILES32%\HP\digital imaging\bin\hpqcxs08.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\shfolder.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\sxs.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\winhttp.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\webio.dll
Microsoft(R) MSXML 6.0 SP3 [Microsoft Corporation] : %SYSDIR32%\msxml6.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\credssp.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\wship6.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %WINDIR%\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\secur32.dll
Microsoft Application Virtualization [Microsoft Corporation] : %PROGRAMFILES32%\Microsoft Application Virtualization Client\sftsync.dll
Microsoft Application Virtualization [Microsoft Corporation] : %PROGRAMFILES32%\Microsoft Application Virtualization Client\sftuser.dll
Microsoft Application Virtualization [Microsoft Corporation] : %PROGRAMFILES32%\Microsoft Application Virtualization Client\sftcore.dll
Microsoft Application Virtualization [Microsoft Corporation] : %PROGRAMFILES32%\Microsoft Application Virtualization Client\sftpsr.dll
Microsoft Application Virtualization [Microsoft Corporation] : %PROGRAMFILES32%\Microsoft Application Virtualization Client\sftfsi_wow64.dll
Microsoft Application Virtualization [Microsoft Corporation] : %PROGRAMFILES32%\Microsoft Application Virtualization Client\sftcomp.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\logoncli.dll
Windows Installer - Unicode [Microsoft Corporation] : %SYSDIR32%\msi.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\schannel.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\msv1_0.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\cryptdll.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %WINDIR%\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\msimg32.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\wer.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\Faultrep.dll
Windows® Search [Microsoft Corporation] : %SYSDIR32%\propsys.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\wbem\wbemdisp.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\wbem\wmiutils.dll
Microsoft Office 2010 [Microsoft Corporation] : %COMMONFILES32%\Microsoft Shared\Virtualization Handler\cvhshared.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\dbghelp.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\credui.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\oleacc.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %WINDIR%\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\hlink.dll
Microsoft Office 2010 [Microsoft Corporation] : %COMMONFILES32%\Microsoft Shared\Virtualization Handler\de-de\CVHIntl.dll
Microsoft Application Virtualization [Microsoft Corporation] : %PROGRAMFILES32%\Microsoft Application Virtualization Client\sftintf.dll
Google Update [Google Inc.] : %PROGRAMFILES32%\Google\Update\1.3.21.79\goopdate.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\cscapi.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\mstask.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\uxtheme.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\dwmapi.dll
[Microsoft Corporation]%SYSDIR32%\olepro32.dll
Spyware Terminator 2011 [Crawler.com] : %PROGRAMFILES32%\Spyware Terminator\TorrentDll.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\dhcpcsvc.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\rtutils.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\netprofm.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\npmproxy.dll
Microsoft® Visual Studio® 10 [Microsoft Corporation] : %SYSDIR32%\mfc100u.dll
Microsoft® Visual Studio® 10 [Microsoft Corporation] : %SYSDIR32%\MFC100DEU.DLL
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\ccwkrlib.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccguard.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccgrdrc.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccgrdw.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccwgrd.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\samcli.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccgen.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccgenrc.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccupdate.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccupdrc.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\cclic.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\cclicrc.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccmsg.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccmsgrc.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\AntiVir Desktop\rcimage.dll
Avira Free Antivirus [Avira Operations GmbH & Co. KG] : %PROGRAMFILES32%\Avira\antivir desktop\ccmainrc.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\WindowsCodecs.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\comdlg32.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\explorerframe.dll
Microsoft® Windows® Operating System [Microsoft Corporation] : %SYSDIR32%\duser.dll
Betriebssystem Microsoft® Windows® [Microsoft Corporation] : %SYSDIR32%\dui70.dll

------
Report Ende
------

------
Säubern
------
Reinigungsstart um: 06.04.2012 07:31:21.
Browser schließt.
Affiliate tracking cookie (Tracking cookie):
Gelöscht Internet Explorer Cookie: mediaplex.com
Gelöscht Internet Explorer Cookie: fastclick.net
Gelöscht Internet Explorer Cookie: apmebf.com

------
Report Ende
------

guten morgen

die avira berichte kann ich nicht kopieren leider

gruß kai

es geht doch

Die Datei 'C:\Users\cocco\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6aa703c0-5aa7fa13'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2012-0507' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.

Die Datei 'C:\Users\cocco\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\7e93aa62-503e2b88'
enthielt einen Virus oder unerwünschtes Programm 'EXP/JAVA.Ternub.Gen' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.

Die Datei 'C:\Users\cocco\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\2cd4d55f-153c840d'
enthielt einen Virus oder unerwünschtes Programm 'EXP/2011-3544.DL.1' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.

In der Datei 'C:\Users\cocco\AppData\Local\Temp\7YHXwGZO.exe.part'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ULPM.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

In der Datei 'C:\Users\cocco\Desktop\jxpiinstall.exe.part'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ULPM.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

In der Datei 'C:\Users\cocco\AppData\Local\Temp\HouseCall\VSDVPE7T.007'
wurde ein Virus oder unerwünschtes Programm 'PCK/Dumped' [packer] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

In der Datei 'C:\Users\cocco\AppData\Local\Temp\HouseCall\VSDVPE7T.00E'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

In der Datei 'C:\Users\cocco\AppData\Local\Temp\HouseCall\VSDVPE7T.00L'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen5' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

In der Datei 'C:\Users\cocco\AppData\Local\Temp\HouseCall\VSDVPE7T.00S'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

In der Datei 'C:\Users\cocco\AppData\Local\Temp\HouseCall\VSDVPE7T.00U'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

In der Datei 'C:\Users\cocco\AppData\Local\Temp\HouseCall\VSDVPE7T.012'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen5' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

In der Datei 'C:\Users\cocco\AppData\Local\Temp\HouseCall\VSDVPE7T.01A'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner

Die Datei 'C:\Users\cocco\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2da93402-6a0bb45e'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2012-0507' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde gelöscht.

cosinus

07.04.2012 17:48

Zitat:

vsmon.exe [Check Point Software Technologies LTD] : %PROGRAMFILES32%\CheckPoint\ZoneAlarm\vsmon.exe

ZoneAlarm ist kontraproduktiver Müll, bitte umgehend deinstallieren und die Windows-Firewall einschalten!

Mach danach ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

catwiesel39

08.04.2012 09:07

Code:

OTL logfile created on: 08.04.2012 09:57:33 - Run 2

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\cocco\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,87 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 70,03% Memory free

7,73 Gb Paging File | 6,49 Gb Available in Paging File | 83,95% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 254,14 Gb Total Space | 213,48 Gb Free Space | 84,00% Space Free | Partition Type: NTFS

Drive D: | 29,00 Gb Total Space | 27,80 Gb Free Space | 95,87% Space Free | Partition Type: NTFS

 

Computer Name: PC-PC | User Name: cocco | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\cocco\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)

SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)

SRV - (PS_MDP) -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)

SRV - (IGRS) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)

SRV - (ReadyComm.DirectRouter) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (SbFw) -- C:\Windows\SysNative\drivers\SbFw.sys (Sunbelt Software, Inc.)

DRV:64bit: - (SbTis) -- C:\Windows\SysNative\drivers\sbtis.sys (Sunbelt Software, Inc.)

DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (Sunbelt Software, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (SBFWIMCLMP) -- C:\Windows\SysNative\drivers\SbFwIm.sys (Sunbelt Software, Inc.)

DRV:64bit: - (SBFWIMCL) -- C:\Windows\SysNative\drivers\SbFwIm.sys (Sunbelt Software, Inc.)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (usbsmi) -- C:\Windows\SysNative\drivers\SMIksdrv.sys (SMI)

DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)

DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)

DRV:64bit: - (wdmirror) -- C:\Windows\SysNative\drivers\WDMirror.sys (Lenovo)

DRV:64bit: - (Bridge0) -- C:\Windows\SysNative\drivers\WDBridge.sys (Lenovo)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (StarOpen) -- C:\windows\SysWow64\drivers\StarOpen.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/#hl=de&cp=5&gs_id=m&xhr=t&q=ksk+calw&pf=p&sclient=psy-ab&site=&source=hp&pbx=1&oq=ksk+c&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.&fp=ad7ce3a3241bbebd&biw=1366&bih=653

IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/|hxxp://signin.ebay.de/ws/eBayISAPI.dll?SignOutConfirm&i=.0794001190006900076001200003500055000920005400022|hxxp://www.t-online.de/"

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.03 16:51:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 07:54:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.07 15:45:52 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.03 16:51:19 | 000,000,000 | ---D | M]

 

[2011.07.23 15:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cocco\AppData\Roaming\mozilla\Extensions

[2012.04.06 08:58:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cocco\AppData\Roaming\mozilla\Firefox\Profiles\85ly5gs5.default\extensions

[2012.01.01 14:42:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\cocco\AppData\Roaming\mozilla\Firefox\Profiles\85ly5gs5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.02.26 12:17:00 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\cocco\AppData\Roaming\mozilla\Firefox\Profiles\85ly5gs5.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2012.04.06 08:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.04.07 15:45:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\COCCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\85LY5GS5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\COCCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\85LY5GS5.DEFAULT\EXTENSIONS\{E6C1199F-E687-42DA-8C24-E7770CC3AE66}.XPI

[2012.03.18 07:54:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.04.06 08:59:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.02.12 10:54:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.12 10:54:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.02.12 10:54:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.12 10:54:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.12 10:54:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.12 10:54:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.12.17 19:53:25 | 000,427,737 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 127.0.0.1        123fporn.info

O1 - Hosts: 14727 more lines...

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube Download - C:\Users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC61E5D9-B1D5-40BE-A003-2DFDE213449C}: DhcpNameServer = 192.168.178.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.08 08:00:07 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\cocco\Desktop\OTL.exe

[2012.04.07 16:49:57 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}

[2012.04.07 16:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications

[2012.04.07 15:59:11 | 000,249,736 | ---- | C] (ELAN Microelectronic Corp.) -- C:\windows\ETDUninst.dll

[2012.04.07 10:27:19 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner

[2012.04.07 10:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner

[2012.04.07 10:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eusing Free Registry Cleaner

[2012.04.07 09:14:46 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\windows\stinger.sys

[2012.04.07 09:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger

[2012.04.07 09:07:12 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\sbhips.sys

[2012.04.07 09:07:11 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\sbtis.sys

[2012.04.07 09:06:56 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\SbFw.sys

[2012.04.07 09:06:56 | 000,084,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\SbFwIm.sys

[2012.04.07 09:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus

[2012.04.07 09:00:42 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Roaming\Ad-Aware Antivirus

[2012.04.06 16:10:08 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Roaming\Malwarebytes

[2012.04.06 16:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.04.06 11:26:25 | 008,767,136 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe

[2012.04.06 10:42:52 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2012.04.06 10:42:48 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed

[2012.04.06 09:38:41 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.04.06 09:19:52 | 000,000,000 | ---D | C] -- C:\Users\cocco\SecurityScans

[2012.04.06 09:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2

[2012.04.06 08:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012.04.06 08:59:25 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe

[2012.04.06 08:59:24 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe

[2012.04.06 08:59:24 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe

[2012.04.02 21:32:47 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys

[2012.04.02 21:22:21 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Roaming\Avira

[2012.04.02 21:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.04.02 21:18:09 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys

[2012.04.02 21:18:09 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys

[2012.04.02 21:18:09 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys

[2012.04.02 21:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.04.02 21:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2012.04.02 20:36:47 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2012.03.30 09:30:28 | 000,000,000 | ---D | C] -- C:\Users\cocco\Documents\Mein Garmin

[2012.03.14 17:50:37 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe

[2012.03.14 17:50:35 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe

[2012.03.14 17:50:34 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe

[2012.03.14 12:17:30 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll

[2012.03.14 12:16:22 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll

[2012.03.14 12:16:22 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll

[2012.03.14 12:16:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe

[2012.03.14 12:16:19 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll

[2012.03.14 12:16:18 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll

[2012.03.12 17:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012.03.12 17:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012.03.12 16:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012.03.12 16:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012.03.12 16:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012.03.12 16:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2012.03.12 16:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012.03.12 16:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.08 09:56:40 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.04.08 09:56:33 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012.04.08 09:56:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012.04.08 09:23:32 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.08 08:00:35 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.08 08:00:35 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.08 08:00:10 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\cocco\Desktop\OTL.exe

[2012.04.07 16:40:49 | 000,008,066 | ---- | M] () -- C:\Users\cocco\Desktop\cc_20120407_164042.reg

[2012.04.07 15:38:31 | 000,001,080 | ---- | M] () -- C:\windows\tasks\Ad-Aware Antivirus Scheduled Scan.job

[2012.04.07 15:17:39 | 001,500,294 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012.04.07 15:17:39 | 000,654,852 | ---- | M] () -- C:\windows\SysNative\perfh007.dat

[2012.04.07 15:17:39 | 000,616,694 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012.04.07 15:17:39 | 000,130,434 | ---- | M] () -- C:\windows\SysNative\perfc007.dat

[2012.04.07 15:17:39 | 000,106,816 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012.04.07 09:14:46 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\windows\stinger.sys

[2012.04.06 11:26:48 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2012.04.06 11:26:48 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.04.06 11:26:25 | 008,767,136 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe

[2012.04.06 10:35:11 | 000,000,036 | ---- | M] () -- C:\Users\cocco\AppData\Local\housecall.guid.cache

[2012.04.06 08:59:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll

[2012.04.06 08:59:01 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe

[2012.04.06 08:59:01 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe

[2012.04.06 08:59:01 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe

[2012.04.06 07:20:31 | 000,883,840 | ---- | M] () -- C:\Users\cocco\Desktop\Avira-DE-Cleaner.exe

[2012.04.05 20:15:04 | 000,307,205 | ---- | M] () -- C:\Users\cocco\blabla.odt

[2012.04.05 15:14:02 | 000,000,000 | ---- | M] () -- C:\Users\cocco\defogger_reenable

[2012.04.02 21:32:47 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys

[2012.04.02 21:18:25 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.03.31 20:27:38 | 000,028,167 | ---- | M] () -- C:\Users\cocco\Desktop\Tour_14765.gpx

[2012.03.29 20:23:37 | 000,068,837 | ---- | M] () -- C:\Users\cocco\Desktop\IMG_2812_Bildgrendern.JPG

[2012.03.26 12:55:14 | 000,015,955 | ---- | M] () -- C:\Users\cocco\Desktop\2504763839.jpg

[2012.03.26 12:51:33 | 000,339,588 | ---- | M] () -- C:\Users\cocco\Desktop\carlotta_umfeld_kernbuche_schmal_01.jpg

[2012.03.26 08:58:57 | 000,025,430 | ---- | M] () -- C:\Users\cocco\Desktop\3.jpg

[2012.03.26 08:58:46 | 000,025,996 | ---- | M] () -- C:\Users\cocco\Desktop\5.jpg

[2012.03.26 08:55:33 | 000,240,008 | ---- | M] () -- C:\Users\cocco\Desktop\Team7_Bett_und_Tisch_opt.jpg

[2012.03.26 08:55:04 | 000,019,044 | ---- | M] () -- C:\Users\cocco\Desktop\team7_Bett_Sesam.jpg

[2012.03.15 11:26:14 | 000,309,496 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012.03.12 17:00:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.04.07 16:40:47 | 000,008,066 | ---- | C] () -- C:\Users\cocco\Desktop\cc_20120407_164042.reg

[2012.04.07 09:08:14 | 000,001,080 | ---- | C] () -- C:\windows\tasks\Ad-Aware Antivirus Scheduled Scan.job

[2012.04.06 11:03:58 | 000,307,205 | ---- | C] () -- C:\Users\cocco\blabla.odt

[2012.04.06 10:42:53 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012.04.06 10:35:11 | 000,000,036 | ---- | C] () -- C:\Users\cocco\AppData\Local\housecall.guid.cache

[2012.04.06 09:36:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2012.04.06 09:19:15 | 000,001,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.2.lnk

[2012.04.06 07:20:24 | 000,883,840 | ---- | C] () -- C:\Users\cocco\Desktop\Avira-DE-Cleaner.exe

[2012.04.05 15:14:02 | 000,000,000 | ---- | C] () -- C:\Users\cocco\defogger_reenable

[2012.04.02 21:18:25 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.03.31 20:27:38 | 000,028,167 | ---- | C] () -- C:\Users\cocco\Desktop\Tour_14765.gpx

[2012.03.30 18:38:28 | 001,125,434 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7232.JPG

[2012.03.30 18:38:28 | 001,041,822 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7231.JPG

[2012.03.30 18:38:20 | 001,222,337 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7228.JPG

[2012.03.30 18:38:20 | 001,171,169 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7235.JPG

[2012.03.30 18:38:20 | 001,067,811 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7230.JPG

[2012.03.30 18:38:20 | 000,996,281 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7236.JPG

[2012.03.29 20:23:37 | 000,068,837 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_2812_Bildgrendern.JPG

[2012.03.26 12:55:14 | 000,015,955 | ---- | C] () -- C:\Users\cocco\Desktop\2504763839.jpg

[2012.03.26 12:51:33 | 000,339,588 | ---- | C] () -- C:\Users\cocco\Desktop\carlotta_umfeld_kernbuche_schmal_01.jpg

[2012.03.26 08:58:56 | 000,025,430 | ---- | C] () -- C:\Users\cocco\Desktop\3.jpg

[2012.03.26 08:58:46 | 000,025,996 | ---- | C] () -- C:\Users\cocco\Desktop\5.jpg

[2012.03.26 08:55:32 | 000,240,008 | ---- | C] () -- C:\Users\cocco\Desktop\Team7_Bett_und_Tisch_opt.jpg

[2012.03.26 08:55:02 | 000,019,044 | ---- | C] () -- C:\Users\cocco\Desktop\team7_Bett_Sesam.jpg

[2012.03.12 17:00:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.02.25 07:24:22 | 000,000,000 | ---- | C] () -- C:\Users\cocco\AppData\Local\{8A30A419-CD73-4841-822B-31045D1742DD}

[2012.01.22 02:54:14 | 000,000,024 | ---- | C] () -- C:\Users\cocco\AppData\Roaming\xpy.ini

[2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll

[2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll

[2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll

[2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll

[2011.12.03 16:46:10 | 000,245,227 | ---- | C] () -- C:\windows\hpoins19.dat

[2011.12.03 16:46:10 | 000,013,898 | ---- | C] () -- C:\windows\hpomdl19.dat

[2011.08.13 18:53:59 | 000,005,632 | ---- | C] () -- C:\Users\cocco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.04.26 09:06:18 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat

[2011.04.26 09:06:18 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat

[2010.12.17 11:45:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2010.12.17 11:41:54 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys

[2010.12.17 06:04:23 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE

[2010.12.16 22:42:45 | 001,527,876 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2010.11.25 23:01:28 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml

[2010.06.18 13:48:37 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin

[2010.06.18 13:48:37 | 000,000,512 | ---- | C] () -- C:\windows\current.bin

[2010.06.18 13:42:06 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll

[2010.06.18 13:34:08 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll

[2010.06.18 13:34:08 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll

[2010.06.18 13:33:58 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
 

< End of report >

catwiesel39

08.04.2012 09:08

hallo

reicht der windows firewall aus
zone alarm ist weg
gruß
kai

cosinus

08.04.2012 16:54

Die Windows-Firewall reicht nicht nur aus, sie ist anderen Software-Firewall unbedingt vorzuziehen!

Und sry, aber das OTL-Log hast du falsch erstellt.
1. Du hast den Haken bei Scanne alle Benutzer nicht gesetzt
2. das war kein Custom Scan

Bitte lies die Anleitung genau und setz sie auch so genau um!

catwiesel39

09.04.2012 06:06

ok 2 versuch

catwiesel39

09.04.2012 06:09

Code:

OTL logfile created on: 09.04.2012 06:56:38 - Run 3

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\cocco\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,87 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 53,68% Memory free

7,73 Gb Paging File | 5,82 Gb Available in Paging File | 75,34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 254,14 Gb Total Space | 220,79 Gb Free Space | 86,88% Space Free | Partition Type: NTFS

Drive D: | 29,00 Gb Total Space | 27,80 Gb Free Space | 95,87% Space Free | Partition Type: NTFS

 

Computer Name: PC-PC | User Name: cocco | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\cocco\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (cmdAgent) -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (CLPSLS) -- C:\Programme\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)

SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)

SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)

SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (Lenovo ReadyComm ConnSvc) -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe (Lenovo Group Limited)

SRV - (Lenovo ReadyComm AppSvc) -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe (Lenovo Group Limited)

SRV - (PS_MDP) -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll (Lenovo Group Limited)

SRV - (IGRS) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe (Lenovo Group Limited)

SRV - (ReadyComm.DirectRouter) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll (Lenovo Group Limited)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (SbFw) -- C:\Windows\SysNative\drivers\SbFw.sys (Sunbelt Software, Inc.)

DRV:64bit: - (SbTis) -- C:\Windows\SysNative\drivers\sbtis.sys (Sunbelt Software, Inc.)

DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (Sunbelt Software, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (SBFWIMCLMP) -- C:\Windows\SysNative\drivers\SbFwIm.sys (Sunbelt Software, Inc.)

DRV:64bit: - (SBFWIMCL) -- C:\Windows\SysNative\drivers\SbFwIm.sys (Sunbelt Software, Inc.)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)

DRV:64bit: - (usbsmi) -- C:\Windows\SysNative\drivers\SMIksdrv.sys (SMI)

DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)

DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)

DRV:64bit: - (wdmirror) -- C:\Windows\SysNative\drivers\WDMirror.sys (Lenovo)

DRV:64bit: - (Bridge0) -- C:\Windows\SysNative\drivers\WDBridge.sys (Lenovo)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - (StarOpen) -- C:\windows\SysWow64\drivers\StarOpen.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/#hl=de&cp=5&gs_id=m&xhr=t&q=ksk+calw&pf=p&sclient=psy-ab&site=&source=hp&pbx=1&oq=ksk+c&aq=0&aqi=g4&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.&fp=ad7ce3a3241bbebd&biw=1366&bih=653

IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found

IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/|hxxp://signin.ebay.de/ws/eBayISAPI.dll?SignOutConfirm&i=.0794001190006900076001200003500055000920005400022|hxxp://www.t-online.de/"

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.03 16:51:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 07:54:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.07 15:45:52 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.03 16:51:19 | 000,000,000 | ---D | M]

 

[2011.07.23 15:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cocco\AppData\Roaming\mozilla\Extensions

[2012.04.06 08:58:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cocco\AppData\Roaming\mozilla\Firefox\Profiles\85ly5gs5.default\extensions

[2012.01.01 14:42:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\cocco\AppData\Roaming\mozilla\Firefox\Profiles\85ly5gs5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.02.26 12:17:00 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\cocco\AppData\Roaming\mozilla\Firefox\Profiles\85ly5gs5.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2012.04.06 08:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.04.07 15:45:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\COCCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\85LY5GS5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\COCCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\85LY5GS5.DEFAULT\EXTENSIONS\{E6C1199F-E687-42DA-8C24-E7770CC3AE66}.XPI

[2012.03.18 07:54:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.04.06 08:59:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.02.12 10:54:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.12 10:54:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.02.12 10:54:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.12 10:54:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.12 10:54:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.12 10:54:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.12.17 19:53:25 | 000,427,737 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 127.0.0.1        123fporn.info

O1 - Hosts: 14727 more lines...

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)

O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube Download - C:\Users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC61E5D9-B1D5-40BE-A003-2DFDE213449C}: DhcpNameServer = 192.168.178.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.09 06:55:03 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\cocco\Desktop\OTL.exe

[2012.04.09 06:40:19 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Local\Comodo

[2012.04.09 06:29:44 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Roaming\SUPERAntiSpyware.com

[2012.04.09 06:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012.04.09 06:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012.04.09 06:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012.04.09 06:26:52 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\cocco\Desktop\HiJackThis204.exe

[2012.04.09 06:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA

[2012.04.09 06:02:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO

[2012.04.09 05:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2012.04.09 05:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO

[2012.04.09 05:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo

[2012.04.09 05:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo

[2012.04.07 16:49:57 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}

[2012.04.07 16:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications

[2012.04.07 15:59:11 | 000,249,736 | ---- | C] (ELAN Microelectronic Corp.) -- C:\windows\ETDUninst.dll

[2012.04.07 10:27:19 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner

[2012.04.07 10:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner

[2012.04.07 10:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eusing Free Registry Cleaner

[2012.04.07 09:14:46 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\windows\stinger.sys

[2012.04.07 09:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger

[2012.04.07 09:07:12 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\sbhips.sys

[2012.04.07 09:07:11 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\sbtis.sys

[2012.04.07 09:06:56 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\SbFw.sys

[2012.04.07 09:06:56 | 000,084,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\SbFwIm.sys

[2012.04.07 09:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus

[2012.04.07 09:00:42 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Roaming\Ad-Aware Antivirus

[2012.04.06 16:10:08 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Roaming\Malwarebytes

[2012.04.06 16:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.04.06 11:26:25 | 008,767,136 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe

[2012.04.06 10:42:52 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2012.04.06 10:42:48 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed

[2012.04.06 09:38:41 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.04.06 09:19:52 | 000,000,000 | ---D | C] -- C:\Users\cocco\SecurityScans

[2012.04.06 09:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2

[2012.04.06 08:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012.04.06 08:59:25 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe

[2012.04.06 08:59:24 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe

[2012.04.06 08:59:24 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe

[2012.04.02 21:32:47 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys

[2012.04.02 21:22:21 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Roaming\Avira

[2012.04.02 21:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.04.02 21:18:09 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys

[2012.04.02 21:18:09 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys

[2012.04.02 21:18:09 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys

[2012.04.02 21:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.04.02 21:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2012.04.02 20:36:47 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2012.03.30 09:30:28 | 000,000,000 | ---D | C] -- C:\Users\cocco\Documents\Mein Garmin

[2012.03.14 17:50:37 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe

[2012.03.14 17:50:35 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe

[2012.03.14 17:50:34 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe

[2012.03.14 12:17:30 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll

[2012.03.14 12:16:22 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll

[2012.03.14 12:16:22 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll

[2012.03.14 12:16:22 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe

[2012.03.14 12:16:19 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll

[2012.03.14 12:16:18 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll

[2012.03.12 17:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012.03.12 17:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012.03.12 16:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012.03.12 16:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012.03.12 16:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012.03.12 16:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2012.03.12 16:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012.03.12 16:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2012.03.11 21:13:40 | 000,022,696 | ---- | C] (COMODO) -- C:\windows\SysNative\drivers\cmderd.sys

[2012.03.11 21:13:22 | 000,041,200 | ---- | C] (COMODO) -- C:\windows\SysNative\cmdcsr.dll

[2012.03.11 21:13:20 | 000,301,224 | ---- | C] (COMODO) -- C:\windows\SysWow64\guard32.dll

[2012.03.11 21:13:18 | 000,389,840 | ---- | C] (COMODO) -- C:\windows\SysNative\guard64.dll

[1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.09 06:59:34 | 082,935,340 | ---- | M] () -- C:\Users\cocco\Desktop\4s8lv8w9.exe.part

[2012.04.09 06:59:34 | 000,000,000 | ---- | M] () -- C:\Users\cocco\Desktop\4s8lv8w9.exe

[2012.04.09 06:55:15 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\cocco\Desktop\OTL.exe

[2012.04.09 06:49:02 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.09 06:49:02 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.09 06:32:25 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.04.09 06:31:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012.04.09 06:27:50 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012.04.09 06:26:53 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\cocco\Desktop\HiJackThis204.exe

[2012.04.09 06:23:25 | 000,001,225 | ---- | M] () -- C:\windows\SysWow64\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf

[2012.04.09 06:23:25 | 000,000,414 | ---- | M] () -- C:\windows\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile

[2012.04.09 06:23:09 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.09 05:59:29 | 432,725,629 | ---- | M] () -- C:\windows\MEMORY.DMP

[2012.04.08 12:00:00 | 000,001,080 | ---- | M] () -- C:\windows\tasks\Ad-Aware Antivirus Scheduled Scan.job

[2012.04.07 15:17:39 | 001,500,294 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012.04.07 15:17:39 | 000,654,852 | ---- | M] () -- C:\windows\SysNative\perfh007.dat

[2012.04.07 15:17:39 | 000,616,694 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012.04.07 15:17:39 | 000,130,434 | ---- | M] () -- C:\windows\SysNative\perfc007.dat

[2012.04.07 15:17:39 | 000,106,816 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012.04.07 09:14:46 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\windows\stinger.sys

[2012.04.06 11:26:48 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe

[2012.04.06 11:26:48 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

[2012.04.06 11:26:25 | 008,767,136 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe

[2012.04.06 10:35:11 | 000,000,036 | ---- | M] () -- C:\Users\cocco\AppData\Local\housecall.guid.cache

[2012.04.06 08:59:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll

[2012.04.06 08:59:01 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe

[2012.04.06 08:59:01 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe

[2012.04.06 08:59:01 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe

[2012.04.06 07:20:31 | 000,883,840 | ---- | M] () -- C:\Users\cocco\Desktop\Avira-DE-Cleaner.exe

[2012.04.05 20:15:04 | 000,307,205 | ---- | M] () -- C:\Users\cocco\blabla.odt

[2012.04.05 15:14:02 | 000,000,000 | ---- | M] () -- C:\Users\cocco\defogger_reenable

[2012.04.02 21:32:47 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys

[2012.04.02 21:18:25 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.03.31 20:27:38 | 000,028,167 | ---- | M] () -- C:\Users\cocco\Desktop\Tour_14765.gpx

[2012.03.29 20:23:37 | 000,068,837 | ---- | M] () -- C:\Users\cocco\Desktop\IMG_2812_Bildgrendern.JPG

[2012.03.26 12:55:14 | 000,015,955 | ---- | M] () -- C:\Users\cocco\Desktop\2504763839.jpg

[2012.03.26 12:51:33 | 000,339,588 | ---- | M] () -- C:\Users\cocco\Desktop\carlotta_umfeld_kernbuche_schmal_01.jpg

[2012.03.26 08:58:57 | 000,025,430 | ---- | M] () -- C:\Users\cocco\Desktop\3.jpg

[2012.03.26 08:58:46 | 000,025,996 | ---- | M] () -- C:\Users\cocco\Desktop\5.jpg

[2012.03.26 08:55:33 | 000,240,008 | ---- | M] () -- C:\Users\cocco\Desktop\Team7_Bett_und_Tisch_opt.jpg

[2012.03.26 08:55:04 | 000,019,044 | ---- | M] () -- C:\Users\cocco\Desktop\team7_Bett_Sesam.jpg

[2012.03.15 11:26:14 | 000,309,496 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012.03.12 17:00:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.03.11 21:13:40 | 000,022,696 | ---- | M] (COMODO) -- C:\windows\SysNative\drivers\cmderd.sys

[2012.03.11 21:13:22 | 000,041,200 | ---- | M] (COMODO) -- C:\windows\SysNative\cmdcsr.dll

[2012.03.11 21:13:20 | 000,301,224 | ---- | M] (COMODO) -- C:\windows\SysWow64\guard32.dll

[2012.03.11 21:13:18 | 000,389,840 | ---- | M] (COMODO) -- C:\windows\SysNative\guard64.dll

[1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.04.09 06:59:34 | 000,000,000 | ---- | C] () -- C:\Users\cocco\Desktop\4s8lv8w9.exe

[2012.04.09 06:59:31 | 022,314,540 | ---- | C] () -- C:\Users\cocco\Desktop\4s8lv8w9.exe.part

[2012.04.09 06:06:29 | 000,001,225 | ---- | C] () -- C:\windows\SysWow64\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf

[2012.04.09 06:06:29 | 000,000,414 | ---- | C] () -- C:\windows\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile

[2012.04.09 05:59:29 | 432,725,629 | ---- | C] () -- C:\windows\MEMORY.DMP

[2012.04.07 09:08:14 | 000,001,080 | ---- | C] () -- C:\windows\tasks\Ad-Aware Antivirus Scheduled Scan.job

[2012.04.06 11:03:58 | 000,307,205 | ---- | C] () -- C:\Users\cocco\blabla.odt

[2012.04.06 10:42:53 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012.04.06 10:35:11 | 000,000,036 | ---- | C] () -- C:\Users\cocco\AppData\Local\housecall.guid.cache

[2012.04.06 09:36:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2012.04.06 09:19:15 | 000,001,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.2.lnk

[2012.04.06 07:20:24 | 000,883,840 | ---- | C] () -- C:\Users\cocco\Desktop\Avira-DE-Cleaner.exe

[2012.04.05 15:14:02 | 000,000,000 | ---- | C] () -- C:\Users\cocco\defogger_reenable

[2012.04.02 21:18:25 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.03.31 20:27:38 | 000,028,167 | ---- | C] () -- C:\Users\cocco\Desktop\Tour_14765.gpx

[2012.03.30 18:38:28 | 001,125,434 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7232.JPG

[2012.03.30 18:38:28 | 001,041,822 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7231.JPG

[2012.03.30 18:38:20 | 001,222,337 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7228.JPG

[2012.03.30 18:38:20 | 001,171,169 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7235.JPG

[2012.03.30 18:38:20 | 001,067,811 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7230.JPG

[2012.03.30 18:38:20 | 000,996,281 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7236.JPG

[2012.03.29 20:23:37 | 000,068,837 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_2812_Bildgrendern.JPG

[2012.03.26 12:55:14 | 000,015,955 | ---- | C] () -- C:\Users\cocco\Desktop\2504763839.jpg

[2012.03.26 12:51:33 | 000,339,588 | ---- | C] () -- C:\Users\cocco\Desktop\carlotta_umfeld_kernbuche_schmal_01.jpg

[2012.03.26 08:58:56 | 000,025,430 | ---- | C] () -- C:\Users\cocco\Desktop\3.jpg

[2012.03.26 08:58:46 | 000,025,996 | ---- | C] () -- C:\Users\cocco\Desktop\5.jpg

[2012.03.26 08:55:32 | 000,240,008 | ---- | C] () -- C:\Users\cocco\Desktop\Team7_Bett_und_Tisch_opt.jpg

[2012.03.26 08:55:02 | 000,019,044 | ---- | C] () -- C:\Users\cocco\Desktop\team7_Bett_Sesam.jpg

[2012.03.12 17:00:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.02.25 07:24:22 | 000,000,000 | ---- | C] () -- C:\Users\cocco\AppData\Local\{8A30A419-CD73-4841-822B-31045D1742DD}

[2012.01.22 02:54:14 | 000,000,024 | ---- | C] () -- C:\Users\cocco\AppData\Roaming\xpy.ini

[2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll

[2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll

[2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll

[2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll

[2011.12.03 16:46:10 | 000,245,227 | ---- | C] () -- C:\windows\hpoins19.dat

[2011.12.03 16:46:10 | 000,013,898 | ---- | C] () -- C:\windows\hpomdl19.dat

[2011.08.13 18:53:59 | 000,005,632 | ---- | C] () -- C:\Users\cocco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.04.26 09:06:18 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat

[2011.04.26 09:06:18 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat

[2010.12.17 11:45:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2010.12.17 11:41:54 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys

[2010.12.17 06:04:23 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE

[2010.12.16 22:42:45 | 001,527,876 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2010.11.25 23:01:28 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml

[2010.06.18 13:48:37 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin

[2010.06.18 13:48:37 | 000,000,512 | ---- | C] () -- C:\windows\current.bin

[2010.06.18 13:42:06 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll

[2010.06.18 13:34:08 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll

[2010.06.18 13:34:08 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll

[2010.06.18 13:33:58 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll

 
 ========== LOP Check ==========

 

[2011.11.20 18:58:11 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\.minecraft

[2012.04.07 15:25:13 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Ad-Aware Antivirus

[2011.07.23 15:15:47 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\CheckPoint

[2012.01.01 14:43:15 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\DVDVideoSoft

[2012.01.01 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.09.04 16:14:50 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Garmin

[2012.04.07 15:45:51 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\IrfanView

[2011.11.08 20:22:06 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\OpenOffice.org

[2012.01.16 14:18:00 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Samsung

[2012.04.08 16:16:59 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\SoftGrid Client

[2011.12.10 08:55:13 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\TuneUp Software

[2012.04.07 16:49:57 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}

[2012.04.08 12:00:00 | 000,001,080 | ---- | M] () -- C:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

[2012.04.07 15:38:30 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

cosinus

09.04.2012 16:30

Einmal das Log reicht! Du brauchst es nicht zu posten und dann zustäzlich nochmal als Anhang! Pack es nur in den Ahang wenn es für CODE-Tags zu groß ist!

Und sry es ist immer noch kein CustomScan gewesen!

Bitte lies die Anleitung genau und setz sie auch so genau um!

catwiesel39

09.04.2012 19:25

hallo

jetzt habe ich 100% alles häken gesetzt
auch den für alle benutzer

catwiesel39

09.04.2012 19:32

das otl gruß kai

cosinus

09.04.2012 19:39

Das war aber immer noch kein CustomScan!!
Lies bitte richtig! Du musst was in das Texteld unten bei OTL hineinkopieren!

catwiesel39

09.04.2012 19:40

nochmal eine otl im anhang

catwiesel39

09.04.2012 19:42

ah jetzt habe ichs

cosinus

09.04.2012 19:43

Auch das war kein CustomScan

catwiesel39

09.04.2012 20:15

so ich hoffe ich kanns jetzt

Code:

OTL logfile created on: 09.04.2012 20:44:46 - Run 4

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\cocco\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,87 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 71,79% Memory free

7,73 Gb Paging File | 6,47 Gb Available in Paging File | 83,75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 254,14 Gb Total Space | 219,00 Gb Free Space | 86,17% Space Free | Partition Type: NTFS

Drive D: | 29,00 Gb Total Space | 27,80 Gb Free Space | 95,87% Space Free | Partition Type: NTFS

 

Computer Name:  Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.04.08 08:00:10 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\cocco\Desktop\OTL.exe

PRC - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.01.31 08:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2009.12.23 19:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2009.12.09 10:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2009.12.09 10:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.04.06 11:26:48 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010.10.22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2009.12.23 19:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)

SRV - [2009.12.09 10:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - [2009.12.09 10:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - [2009.09.22 20:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)

SRV - [2009.08.14 16:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)

SRV - [2009.07.16 05:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)

SRV - [2009.07.14 16:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)

SRV - [2009.07.14 16:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.01.31 08:56:33 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.01.31 08:56:33 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011.04.05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)

DRV:64bit: - [2011.04.05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)

DRV:64bit: - [2011.04.05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.02.08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)

DRV:64bit: - [2011.02.08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)

DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)

DRV:64bit: - [2010.03.12 05:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010.02.02 17:52:02 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2010.01.22 11:53:58 | 000,197,888 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMIksdrv.sys -- (usbsmi)

DRV:64bit: - [2010.01.18 11:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2009.12.17 12:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009.11.12 03:44:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2009.10.19 02:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)

DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)

DRV:64bit: - [2009.08.20 18:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)

DRV:64bit: - [2009.07.16 13:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)

DRV:64bit: - [2009.07.16 05:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)

DRV:64bit: - [2009.06.10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009.04.29 17:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV:64bit: - [2008.08.06 14:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found

IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/|hxxp://signin.ebay.de/ws/eBayISAPI.dll?SignOutConfirm&i=.0794001190006900076001200003500055000920005400022|hxxp://www.t-online.de/"

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.03 16:51:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 07:54:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.07 15:45:52 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.03 16:51:19 | 000,000,000 | ---D | M]

 

[2011.07.23 15:16:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cocco\AppData\Roaming\mozilla\Extensions

[2012.04.06 08:58:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cocco\AppData\Roaming\mozilla\Firefox\Profiles\85ly5gs5.default\extensions

[2012.01.01 14:42:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\cocco\AppData\Roaming\mozilla\Firefox\Profiles\85ly5gs5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012.02.26 12:17:00 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\cocco\AppData\Roaming\mozilla\Firefox\Profiles\85ly5gs5.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2012.04.06 08:59:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.04.07 15:45:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\COCCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\85LY5GS5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\COCCO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\85LY5GS5.DEFAULT\EXTENSIONS\{E6C1199F-E687-42DA-8C24-E7770CC3AE66}.XPI

[2012.03.18 07:54:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.04.06 08:59:02 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012.02.12 10:54:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.12 10:54:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.02.12 10:54:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.12 10:54:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.12 10:54:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.12 10:54:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.12.17 19:53:25 | 000,427,737 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 127.0.0.1        123fporn.info

O1 - Hosts: 14727 more lines...

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube Download - C:\Users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC61E5D9-B1D5-40BE-A003-2DFDE213449C}: DhcpNameServer = 192.168.178.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: ISW - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)

MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MCODS - Reg Error: Value error.

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: McMPFSvc - Service

SafeBootNet:64bit: MCODS - Reg Error: Value error.

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: McMPFSvc - Service

SafeBootNet: MCODS - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.clmp3enc - C:\PROGRA~2\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.09 13:06:45 | 000,000,000 | ---D | C] -- C:\dell

[2012.04.09 12:07:37 | 000,000,000 | ---D | C] -- C:\Drivers

[2012.04.09 09:57:48 | 000,000,000 | ---D | C] -- C:\Users\cocco\Desktop\markus

[2012.04.09 08:41:52 | 000,000,000 | ---D | C] -- C:\Users\cocco\Doctor Web

[2012.04.09 08:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Doctor Web

[2012.04.09 08:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DrWeb

[2012.04.09 08:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Doctor Web

[2012.04.09 07:12:11 | 000,000,000 | ---D | C] -- C:\Users\cocco\DoctorWeb

[2012.04.09 06:40:19 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Local\Comodo

[2012.04.09 06:29:44 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Roaming\SUPERAntiSpyware.com

[2012.04.09 06:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012.04.09 06:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012.04.09 06:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA

[2012.04.09 06:02:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO

[2012.04.09 05:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2012.04.09 05:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO

[2012.04.09 05:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo

[2012.04.08 08:00:07 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\cocco\Desktop\OTL.exe

[2012.04.07 16:49:57 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}

[2012.04.07 16:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtualized Applications

[2012.04.07 15:59:11 | 000,249,736 | ---- | C] (ELAN Microelectronic Corp.) -- C:\windows\ETDUninst.dll

[2012.04.07 10:27:19 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner

[2012.04.07 10:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Registry Cleaner

[2012.04.07 10:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eusing Free Registry Cleaner

[2012.04.07 09:14:46 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\windows\stinger.sys

[2012.04.07 09:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger

[2012.04.07 09:07:12 | 000,060,504 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\sbhips.sys

[2012.04.07 09:07:11 | 000,094,296 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\sbtis.sys

[2012.04.07 09:06:56 | 000,253,528 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\SbFw.sys

[2012.04.07 09:06:56 | 000,084,568 | ---- | C] (Sunbelt Software, Inc.) -- C:\windows\SysNative\drivers\SbFwIm.sys

[2012.04.07 09:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus

[2012.04.07 09:00:42 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Roaming\Ad-Aware Antivirus

[2012.04.06 16:10:08 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Roaming\Malwarebytes

[2012.04.06 16:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.04.06 10:42:48 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed

[2012.04.06 09:19:52 | 000,000,000 | ---D | C] -- C:\Users\cocco\SecurityScans

[2012.04.06 09:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Baseline Security Analyzer 2

[2012.04.06 08:59:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012.04.02 21:32:47 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys

[2012.04.02 21:22:21 | 000,000,000 | ---D | C] -- C:\Users\cocco\AppData\Roaming\Avira

[2012.04.02 21:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.04.02 21:18:09 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys

[2012.04.02 21:18:09 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys

[2012.04.02 21:18:09 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys

[2012.04.02 21:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.04.02 21:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2012.04.02 20:36:47 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2012.03.30 09:30:28 | 000,000,000 | ---D | C] -- C:\Users\cocco\Documents\Mein Garmin

[2012.03.12 17:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012.03.12 17:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012.03.12 16:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012.03.12 16:59:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012.03.12 16:56:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2012.03.12 16:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2012.03.12 16:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2012.03.12 16:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.09 20:26:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012.04.09 20:24:35 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.09 20:24:35 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.09 20:23:00 | 000,001,102 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.09 20:21:14 | 001,500,294 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012.04.09 20:21:14 | 000,654,852 | ---- | M] () -- C:\windows\SysNative\perfh007.dat

[2012.04.09 20:21:14 | 000,616,694 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012.04.09 20:21:14 | 000,130,434 | ---- | M] () -- C:\windows\SysNative\perfc007.dat

[2012.04.09 20:21:14 | 000,106,816 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012.04.09 20:17:05 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.04.09 20:16:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012.04.09 17:10:42 | 000,039,431 | ---- | M] () -- C:\Users\cocco\Desktop\$(KGrHqRHJCYE9sj9sV2BBPfr4C4hyw~~60_12.jpg

[2012.04.09 06:06:29 | 000,001,225 | ---- | M] () -- C:\windows\SysWow64\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf

[2012.04.09 06:06:29 | 000,000,414 | ---- | M] () -- C:\windows\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile

[2012.04.09 05:59:29 | 432,725,629 | ---- | M] () -- C:\windows\MEMORY.DMP

[2012.04.08 12:00:00 | 000,001,080 | ---- | M] () -- C:\windows\tasks\Ad-Aware Antivirus Scheduled Scan.job

[2012.04.08 08:00:10 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\cocco\Desktop\OTL.exe

[2012.04.07 09:14:46 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\windows\stinger.sys

[2012.04.06 10:35:11 | 000,000,036 | ---- | M] () -- C:\Users\cocco\AppData\Local\housecall.guid.cache

[2012.04.06 07:20:31 | 000,883,840 | ---- | M] () -- C:\Users\cocco\Desktop\Avira-DE-Cleaner.exe

[2012.04.05 20:15:04 | 000,307,205 | ---- | M] () -- C:\Users\cocco\Desktop\bestellung.odt

[2012.04.05 15:14:02 | 000,000,000 | ---- | M] () -- C:\Users\cocco\defogger_reenable

[2012.04.02 21:32:47 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\stflt.sys

[2012.04.02 21:18:25 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.03.31 20:27:38 | 000,028,167 | ---- | M] () -- C:\Users\cocco\Desktop\Tour_14765.gpx

[2012.03.29 20:23:37 | 000,068,837 | ---- | M] () -- C:\Users\cocco\Desktop\IMG_2812_Bildgrendern.JPG

[2012.03.26 12:55:14 | 000,015,955 | ---- | M] () -- C:\Users\cocco\Desktop\2504763839.jpg

[2012.03.26 12:51:33 | 000,339,588 | ---- | M] () -- C:\Users\cocco\Desktop\carlotta_umfeld_kernbuche_schmal_01.jpg

[2012.03.26 08:58:57 | 000,025,430 | ---- | M] () -- C:\Users\cocco\Desktop\3.jpg

[2012.03.26 08:58:46 | 000,025,996 | ---- | M] () -- C:\Users\cocco\Desktop\5.jpg

[2012.03.26 08:55:33 | 000,240,008 | ---- | M] () -- C:\Users\cocco\Desktop\Team7_Bett_und_Tisch_opt.jpg

[2012.03.26 08:55:04 | 000,019,044 | ---- | M] () -- C:\Users\cocco\Desktop\team7_Bett_Sesam.jpg

[2012.03.15 11:26:14 | 000,309,496 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012.03.12 17:00:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.04.09 17:10:52 | 000,039,431 | ---- | C] () -- C:\Users\cocco\Desktop\$(KGrHqRHJCYE9sj9sV2BBPfr4C4hyw~~60_12.jpg

[2012.04.09 06:06:29 | 000,001,225 | ---- | C] () -- C:\windows\SysWow64\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf

[2012.04.09 06:06:29 | 000,000,414 | ---- | C] () -- C:\windows\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile

[2012.04.09 05:59:29 | 432,725,629 | ---- | C] () -- C:\windows\MEMORY.DMP

[2012.04.07 09:08:14 | 000,001,080 | ---- | C] () -- C:\windows\tasks\Ad-Aware Antivirus Scheduled Scan.job

[2012.04.06 11:03:58 | 000,307,205 | ---- | C] () -- C:\Users\cocco\Desktop\bestellung.odt

[2012.04.06 10:42:53 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012.04.06 10:35:11 | 000,000,036 | ---- | C] () -- C:\Users\cocco\AppData\Local\housecall.guid.cache

[2012.04.06 09:36:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2012.04.06 09:19:15 | 000,001,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Baseline Security Analyzer 2.2.lnk

[2012.04.06 07:20:24 | 000,883,840 | ---- | C] () -- C:\Users\cocco\Desktop\Avira-DE-Cleaner.exe

[2012.04.05 15:14:02 | 000,000,000 | ---- | C] () -- C:\Users\cocco\defogger_reenable

[2012.04.02 21:18:25 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.03.31 20:27:38 | 000,028,167 | ---- | C] () -- C:\Users\cocco\Desktop\Tour_14765.gpx

[2012.03.30 18:38:28 | 001,125,434 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7232.JPG

[2012.03.30 18:38:28 | 001,041,822 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7231.JPG

[2012.03.30 18:38:20 | 001,222,337 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7228.JPG

[2012.03.30 18:38:20 | 001,171,169 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7235.JPG

[2012.03.30 18:38:20 | 001,067,811 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7230.JPG

[2012.03.30 18:38:20 | 000,996,281 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_7236.JPG

[2012.03.29 20:23:37 | 000,068,837 | ---- | C] () -- C:\Users\cocco\Desktop\IMG_2812_Bildgrendern.JPG

[2012.03.26 12:55:14 | 000,015,955 | ---- | C] () -- C:\Users\cocco\Desktop\2504763839.jpg

[2012.03.26 12:51:33 | 000,339,588 | ---- | C] () -- C:\Users\cocco\Desktop\carlotta_umfeld_kernbuche_schmal_01.jpg

[2012.03.26 08:58:56 | 000,025,430 | ---- | C] () -- C:\Users\cocco\Desktop\3.jpg

[2012.03.26 08:58:46 | 000,025,996 | ---- | C] () -- C:\Users\cocco\Desktop\5.jpg

[2012.03.26 08:55:32 | 000,240,008 | ---- | C] () -- C:\Users\cocco\Desktop\Team7_Bett_und_Tisch_opt.jpg

[2012.03.26 08:55:02 | 000,019,044 | ---- | C] () -- C:\Users\cocco\Desktop\team7_Bett_Sesam.jpg

[2012.03.12 17:00:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2012.02.25 07:24:22 | 000,000,000 | ---- | C] () -- C:\Users\cocco\AppData\Local\{8A30A419-CD73-4841-822B-31045D1742DD}

[2012.01.22 02:54:14 | 000,000,024 | ---- | C] () -- C:\Users\cocco\AppData\Roaming\xpy.ini

[2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll

[2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll

[2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll

[2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll

[2011.12.03 16:46:10 | 000,245,227 | ---- | C] () -- C:\windows\hpoins19.dat

[2011.12.03 16:46:10 | 000,013,898 | ---- | C] () -- C:\windows\hpomdl19.dat

[2011.08.13 18:53:59 | 000,005,632 | ---- | C] () -- C:\Users\cocco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.04.26 09:06:18 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat

[2011.04.26 09:06:18 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat

[2010.12.17 11:45:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2010.12.17 11:41:54 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys

[2010.12.17 06:04:23 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE

[2010.12.16 22:42:45 | 001,527,876 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2010.11.25 23:01:28 | 000,000,088 | ---- | C] () -- C:\ProgramData\profile.xml

[2010.06.18 13:48:37 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin

[2010.06.18 13:48:37 | 000,000,512 | ---- | C] () -- C:\windows\current.bin

[2010.06.18 13:42:06 | 000,016,648 | R--- | C] () -- C:\windows\SysWow64\LogAPI.dll

[2010.06.18 13:34:08 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll

[2010.06.18 13:34:08 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll

[2010.06.18 13:33:58 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll

 
 ========== LOP Check ==========

 

[2011.11.20 18:58:11 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\.minecraft

[2012.04.07 15:25:13 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Ad-Aware Antivirus

[2011.07.23 15:15:47 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\CheckPoint

[2012.01.01 14:43:15 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\DVDVideoSoft

[2012.01.01 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.09.04 16:14:50 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Garmin

[2012.04.07 15:45:51 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\IrfanView

[2011.11.08 20:22:06 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\OpenOffice.org

[2012.01.16 14:18:00 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Samsung

[2012.04.09 12:38:58 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\SoftGrid Client

[2011.12.10 08:55:13 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\TuneUp Software

[2012.04.07 16:49:57 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}

[2012.04.08 12:00:00 | 000,001,080 | ---- | M] () -- C:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

[2012.04.07 15:38:30 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU(27).TXT

[2012.04.07 15:38:30 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.11.20 18:58:11 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\.minecraft

[2012.04.07 15:25:13 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Ad-Aware Antivirus

[2011.07.24 10:21:27 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Adobe

[2011.08.09 17:49:58 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Apple Computer

[2012.04.02 21:22:21 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Avira

[2011.07.23 15:15:47 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\CheckPoint

[2011.07.23 15:44:14 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\CyberLink

[2012.01.01 14:43:15 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\DVDVideoSoft

[2012.01.01 14:42:23 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.09.04 16:14:50 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Garmin

[2011.12.03 16:55:37 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\HP

[2011.07.23 15:16:06 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Identities

[2012.04.07 15:45:51 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\IrfanView

[2011.07.23 15:17:39 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Macromedia

[2012.04.06 16:10:08 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Malwarebytes

[2009.07.29 09:23:49 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Media Center Programs

[2012.04.06 09:31:00 | 000,000,000 | --SD | M] -- C:\Users\cocco\AppData\Roaming\Microsoft

[2011.07.23 15:16:03 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Mozilla

[2011.11.08 20:22:06 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\OpenOffice.org

[2012.01.16 14:18:00 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Samsung

[2012.02.01 19:17:21 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\Skype

[2012.04.09 12:38:58 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\SoftGrid Client

[2012.04.09 06:29:44 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\SUPERAntiSpyware.com

[2011.12.10 08:55:13 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\TuneUp Software

[2011.12.27 18:08:07 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\vlc

[2012.04.07 16:49:57 | 000,000,000 | ---D | M] -- C:\Users\cocco\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.12.17 12:42:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\windows\SysNative\drivers\iaStor.sys

[2009.12.17 12:42:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_f26ae7769ab43067\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll

[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll

[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll

[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2010.06.18 04:50:07 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2010.06.18 04:50:07 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

cosinus

09.04.2012 21:42

Geht doch :applaus:

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1267310097-3752901941-3059132480-1004\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

catwiesel39

10.04.2012 07:26

gell ein großer schritt weiter

wie gehts weiter

Code:

All processes killed

========== OTL ==========

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1267310097-3752901941-3059132480-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: AppData

 

User: cocc

->Temp folder emptied: 270363626 bytes

->Temporary Internet Files folder emptied: 12913997 bytes

->Java cache emptied: 1094112 bytes

->FireFox cache emptied: 49637781 bytes

->Flash cache emptied: 504 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: PC

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 257353 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 396797 bytes

RecycleBin emptied: 118434651 bytes

 

Total Files Cleaned = 432,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: AppData

 

User: cocco

->Flash cache emptied: 0 bytes

 

User: Default

 

User: Default User

 

User: PC

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.39.2 log created on 04102012_081944
 

Files\Folders moved on Reboot...

C:\Users\cocco\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

cosinus

10.04.2012 12:56

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

catwiesel39

10.04.2012 14:06

ist ganz schön viel

Code:

14:52:38.0415 2672        TDSS rootkit removing tool 2.7.27.0 Apr  9 2012 09:53:37

14:52:38.0555 2672        ============================================================

14:52:38.0555 2672        Current date / time: 2012/04/10 14:52:38.0555

14:52:38.0555 2672        SystemInfo:

14:52:38.0555 2672        

14:52:38.0555 2672        OS Version: 6.1.7601 ServicePack: 1.0

14:52:38.0555 2672        Product type: Workstation

14:52:38.0555 2672        Computer

14:52:38.0555 2672        Windows directory: C:\windows

14:52:38.0555 2672        System windows directory: C:\windows

14:52:38.0555 2672        Running under WOW64

14:52:38.0555 2672        Processor architecture: Intel x64

14:52:38.0555 2672        Number of processors: 4

14:52:38.0555 2672        Page size: 0x1000

14:52:38.0555 2672        Boot type: Normal boot

14:52:38.0555 2672        ============================================================

14:52:39.0320 2672        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:52:39.0335 2672        \Device\Harddisk0\DR0:

14:52:39.0335 2672        MBR used

14:52:39.0335 2672        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000

14:52:39.0335 2672        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x1FC49800

14:52:39.0351 2672        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1FCAE800, BlocksNum 0x39FD800

14:52:39.0445 2672        Initialize success

14:52:39.0445 2672        ============================================================

14:54:06.0278 1144        ============================================================

14:54:06.0278 1144        Scan started

14:54:06.0278 1144        Mode: Manual; SigCheck; TDLFS; 

14:54:06.0278 1144        ============================================================

14:54:06.0715 1144        1394ohci        (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

14:54:06.0855 1144        1394ohci - ok

14:54:06.0902 1144        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

14:54:06.0933 1144        ACPI - ok

14:54:07.0027 1144        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

14:54:07.0089 1144        AcpiPmi - ok

14:54:07.0198 1144        ACPIVPC         (dc201246a14cb3b274df59faf539ab07) C:\windows\system32\DRIVERS\AcpiVpc.sys

14:54:07.0245 1144        ACPIVPC - ok

14:54:07.0370 1144        AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

14:54:07.0401 1144        AdobeFlashPlayerUpdateSvc - ok

14:54:07.0542 1144        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

14:54:07.0588 1144        adp94xx - ok

14:54:07.0729 1144        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

14:54:07.0760 1144        adpahci - ok

14:54:07.0807 1144        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

14:54:07.0838 1144        adpu320 - ok

14:54:07.0885 1144        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

14:54:07.0994 1144        AeLookupSvc - ok

14:54:08.0103 1144        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

14:54:08.0150 1144        AFD - ok

14:54:08.0259 1144        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

14:54:08.0290 1144        agp440 - ok

14:54:08.0337 1144        ALG             (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

14:54:08.0384 1144        ALG - ok

14:54:08.0493 1144        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

14:54:08.0509 1144        aliide - ok

14:54:08.0524 1144        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

14:54:08.0556 1144        amdide - ok

14:54:08.0618 1144        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

14:54:08.0665 1144        AmdK8 - ok

14:54:08.0758 1144        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

14:54:08.0821 1144        AmdPPM - ok

14:54:08.0883 1144        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

14:54:08.0914 1144        amdsata - ok

14:54:09.0039 1144        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

14:54:09.0070 1144        amdsbs - ok

14:54:09.0148 1144        amdxata         (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

14:54:09.0180 1144        amdxata - ok

14:54:09.0382 1144        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

14:54:09.0414 1144        AntiVirSchedulerService - ok

14:54:09.0601 1144        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

14:54:09.0632 1144        AntiVirService - ok

14:54:09.0757 1144        AppID           (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

14:54:09.0866 1144        AppID - ok

14:54:09.0913 1144        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

14:54:10.0006 1144        AppIDSvc - ok

14:54:10.0147 1144        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

14:54:10.0256 1144        Appinfo - ok

14:54:10.0381 1144        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:54:10.0412 1144        Apple Mobile Device - ok

14:54:10.0537 1144        arc             (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

14:54:10.0568 1144        arc - ok

14:54:10.0599 1144        arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

14:54:10.0630 1144        arcsas - ok

14:54:10.0677 1144        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

14:54:10.0786 1144        AsyncMac - ok

14:54:10.0911 1144        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

14:54:10.0927 1144        atapi - ok

14:54:11.0005 1144        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

14:54:11.0130 1144        AudioEndpointBuilder - ok

14:54:11.0145 1144        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

14:54:11.0254 1144        AudioSrv - ok

14:54:11.0410 1144        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\windows\system32\DRIVERS\avgntflt.sys

14:54:11.0426 1144        avgntflt - ok

14:54:11.0582 1144        avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\windows\system32\DRIVERS\avipbb.sys

14:54:11.0598 1144        avipbb - ok

14:54:11.0738 1144        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\windows\system32\DRIVERS\avkmgr.sys

14:54:11.0754 1144        avkmgr - ok

14:54:11.0816 1144        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

14:54:11.0878 1144        AxInstSV - ok

14:54:12.0019 1144        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

14:54:12.0081 1144        b06bdrv - ok

14:54:12.0222 1144        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

14:54:12.0284 1144        b57nd60a - ok

14:54:12.0471 1144        BCM43XX         (5b5c36b2ec500462a715db6bcbaf5da7) C:\windows\system32\DRIVERS\bcmwl664.sys

14:54:12.0658 1144        BCM43XX - ok

14:54:12.0768 1144        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

14:54:12.0830 1144        BDESVC - ok

14:54:12.0908 1144        Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

14:54:13.0017 1144        Beep - ok

14:54:13.0158 1144        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll

14:54:13.0267 1144        BFE - ok

14:54:13.0376 1144        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll

14:54:13.0516 1144        BITS - ok

14:54:13.0626 1144        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

14:54:13.0688 1144        blbdrive - ok

14:54:13.0813 1144        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

14:54:13.0844 1144        Bonjour Service - ok

14:54:13.0969 1144        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

14:54:14.0016 1144        bowser - ok

14:54:14.0078 1144        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

14:54:14.0125 1144        BrFiltLo - ok

14:54:14.0234 1144        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

14:54:14.0265 1144        BrFiltUp - ok

14:54:14.0328 1144        Bridge0         (34f786535f9245e4028c57b28248c9d8) C:\windows\system32\drivers\WDBridge.sys

14:54:14.0343 1144        Bridge0 - ok

14:54:14.0452 1144        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

14:54:14.0577 1144        Browser - ok

14:54:14.0640 1144        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

14:54:14.0718 1144        Brserid - ok

14:54:14.0842 1144        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

14:54:14.0905 1144        BrSerWdm - ok

14:54:14.0920 1144        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

14:54:14.0983 1144        BrUsbMdm - ok

14:54:15.0076 1144        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

14:54:15.0123 1144        BrUsbSer - ok

14:54:15.0186 1144        BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys

14:54:15.0232 1144        BthEnum - ok

14:54:15.0342 1144        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

14:54:15.0388 1144        BTHMODEM - ok

14:54:15.0420 1144        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys

14:54:15.0482 1144        BthPan - ok

14:54:15.0622 1144        BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys

14:54:15.0700 1144        BTHPORT - ok

14:54:15.0810 1144        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

14:54:15.0934 1144        bthserv - ok

14:54:15.0981 1144        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys

14:54:16.0028 1144        BTHUSB - ok

14:54:16.0137 1144        cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

14:54:16.0246 1144        cdfs - ok

14:54:16.0324 1144        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys

14:54:16.0371 1144        cdrom - ok

14:54:16.0465 1144        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

14:54:16.0590 1144        CertPropSvc - ok

14:54:16.0636 1144        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

14:54:16.0699 1144        circlass - ok

14:54:16.0808 1144        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

14:54:16.0855 1144        CLFS - ok

14:54:17.0089 1144        CLPSLS          (882e3973505c441ce000133c821d0edd) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe

14:54:17.0229 1144        CLPSLS - ok

14:54:17.0338 1144        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:54:17.0370 1144        clr_optimization_v2.0.50727_32 - ok

14:54:17.0416 1144        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:54:17.0448 1144        clr_optimization_v2.0.50727_64 - ok

14:54:17.0572 1144        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:54:17.0604 1144        clr_optimization_v4.0.30319_32 - ok

14:54:17.0650 1144        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:54:17.0682 1144        clr_optimization_v4.0.30319_64 - ok

14:54:17.0791 1144        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

14:54:17.0838 1144        CmBatt - ok

14:54:17.0994 1144        cmdAgent        (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

14:54:18.0150 1144        cmdAgent - ok

14:54:18.0243 1144        cmdGuard        (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\windows\system32\DRIVERS\cmdguard.sys

14:54:18.0290 1144        cmdGuard - ok

14:54:18.0368 1144        cmdHlp          (2d3e08c7106f748f9eff3dec14142d3e) C:\windows\system32\DRIVERS\cmdhlp.sys

14:54:18.0399 1144        cmdHlp - ok

14:54:18.0415 1144        cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

14:54:18.0446 1144        cmdide - ok

14:54:18.0508 1144        CNG             (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

14:54:18.0555 1144        CNG - ok

14:54:18.0696 1144        CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\windows\system32\drivers\CHDRT64.sys

14:54:18.0758 1144        CnxtHdAudService - ok

14:54:18.0883 1144        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

14:54:18.0898 1144        Compbatt - ok

14:54:18.0961 1144        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys

14:54:19.0023 1144        CompositeBus - ok

14:54:19.0101 1144        COMSysApp - ok

14:54:19.0164 1144        cpuz134 - ok

14:54:19.0257 1144        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

14:54:19.0288 1144        crcdisk - ok

14:54:19.0398 1144        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll

14:54:19.0507 1144        CryptSvc - ok

14:54:19.0616 1144        cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

14:54:19.0678 1144        cvhsvc - ok

14:54:19.0803 1144        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

14:54:19.0928 1144        DcomLaunch - ok

14:54:20.0037 1144        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

14:54:20.0162 1144        defragsvc - ok

14:54:20.0240 1144        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

14:54:20.0334 1144        DfsC - ok

14:54:20.0458 1144        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

14:54:20.0583 1144        Dhcp - ok

14:54:20.0646 1144        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

14:54:20.0770 1144        discache - ok

14:54:20.0895 1144        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

14:54:20.0926 1144        Disk - ok

14:54:20.0958 1144        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

14:54:21.0004 1144        Dnscache - ok

14:54:21.0082 1144        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

14:54:21.0192 1144        dot3svc - ok

14:54:21.0301 1144        Dot4            (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys

14:54:21.0363 1144        Dot4 - ok

14:54:21.0472 1144        Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\windows\system32\DRIVERS\Dot4Prt.sys

14:54:21.0519 1144        Dot4Print - ok

14:54:21.0566 1144        dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys

14:54:21.0613 1144        dot4usb - ok

14:54:21.0691 1144        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

14:54:21.0800 1144        DPS - ok

14:54:21.0878 1144        drmkaud         (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

14:54:21.0925 1144        drmkaud - ok

14:54:22.0050 1144        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

14:54:22.0112 1144        DXGKrnl - ok

14:54:22.0221 1144        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

14:54:22.0330 1144        EapHost - ok

14:54:22.0486 1144        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

14:54:22.0658 1144        ebdrv - ok

14:54:22.0783 1144        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

14:54:22.0814 1144        EFS - ok

14:54:22.0892 1144        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

14:54:22.0986 1144        ehRecvr - ok

14:54:23.0079 1144        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

14:54:23.0110 1144        ehSched - ok

14:54:23.0204 1144        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

14:54:23.0251 1144        elxstor - ok

14:54:23.0344 1144        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

14:54:23.0391 1144        ErrDev - ok

14:54:23.0500 1144        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

14:54:23.0625 1144        EventSystem - ok

14:54:23.0688 1144        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

14:54:23.0797 1144        exfat - ok

14:54:23.0922 1144        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

14:54:24.0046 1144        fastfat - ok

14:54:24.0124 1144        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

14:54:24.0187 1144        Fax - ok

14:54:24.0296 1144        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

14:54:24.0343 1144        fdc - ok

14:54:24.0374 1144        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

14:54:24.0468 1144        fdPHost - ok

14:54:24.0561 1144        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

14:54:24.0670 1144        FDResPub - ok

14:54:24.0748 1144        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

14:54:24.0764 1144        FileInfo - ok

14:54:24.0873 1144        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

14:54:24.0998 1144        Filetrace - ok

14:54:25.0045 1144        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

14:54:25.0092 1144        flpydisk - ok

14:54:25.0232 1144        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

14:54:25.0263 1144        FltMgr - ok

14:54:25.0326 1144        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

14:54:25.0404 1144        FontCache - ok

14:54:25.0513 1144        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:54:25.0528 1144        FontCache3.0.0.0 - ok

14:54:25.0606 1144        FsDepends       (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

14:54:25.0638 1144        FsDepends - ok

14:54:25.0747 1144        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

14:54:25.0762 1144        Fs_Rec - ok

14:54:25.0856 1144        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

14:54:25.0903 1144        fvevol - ok

14:54:25.0981 1144        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

14:54:25.0996 1144        gagp30kx - ok

14:54:26.0106 1144        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

14:54:26.0137 1144        GEARAspiWDM - ok

14:54:26.0230 1144        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

14:54:26.0355 1144        gpsvc - ok

14:54:26.0449 1144        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

14:54:26.0480 1144        gupdate - ok

14:54:26.0496 1144        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

14:54:26.0511 1144        gupdatem - ok

14:54:26.0636 1144        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

14:54:26.0683 1144        hcw85cir - ok

14:54:26.0776 1144        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

14:54:26.0823 1144        HdAudAddService - ok

14:54:26.0917 1144        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys

14:54:26.0964 1144        HDAudBus - ok

14:54:27.0042 1144        HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys

14:54:27.0104 1144        HECIx64 - ok

14:54:27.0166 1144        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

14:54:27.0229 1144        HidBatt - ok

14:54:27.0291 1144        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

14:54:27.0338 1144        HidBth - ok

14:54:27.0432 1144        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

14:54:27.0478 1144        HidIr - ok

14:54:27.0556 1144        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll

14:54:27.0666 1144        hidserv - ok

14:54:27.0759 1144        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

14:54:27.0790 1144        HidUsb - ok

14:54:27.0853 1144        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

14:54:27.0946 1144        hkmsvc - ok

14:54:28.0024 1144        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

14:54:28.0071 1144        HomeGroupListener - ok

14:54:28.0149 1144        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

14:54:28.0196 1144        HomeGroupProvider - ok

14:54:28.0336 1144        hpqcxs08        (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

14:54:28.0368 1144        hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

14:54:28.0368 1144        hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

14:54:28.0508 1144        hpqddsvc        (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

14:54:28.0539 1144        hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

14:54:28.0539 1144        hpqddsvc - detected UnsignedFile.Multi.Generic (1)

14:54:28.0648 1144        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

14:54:28.0680 1144        HpSAMD - ok

14:54:28.0882 1144        HPSLPSVC        (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

14:54:28.0929 1144        HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

14:54:28.0929 1144        HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

14:54:29.0070 1144        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

14:54:29.0210 1144        HTTP - ok

14:54:29.0319 1144        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

14:54:29.0335 1144        hwpolicy - ok

14:54:29.0382 1144        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

14:54:29.0413 1144        i8042prt - ok

14:54:29.0538 1144        iaStor          (42e00996dfc13c46366689c0ea8abc5e) C:\windows\system32\DRIVERS\iaStor.sys

14:54:29.0569 1144        iaStor - ok

14:54:29.0694 1144        IAStorDataMgrSvc (48362e5db5cb2c000c514ee1f3890acd) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

14:54:29.0709 1144        IAStorDataMgrSvc - ok

14:54:29.0834 1144        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

14:54:29.0881 1144        iaStorV - ok

14:54:30.0052 1144        IDriverT        (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

14:54:30.0068 1144        IDriverT ( UnsignedFile.Multi.Generic ) - warning

14:54:30.0068 1144        IDriverT - detected UnsignedFile.Multi.Generic (1)

14:54:30.0177 1144        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:54:30.0240 1144        idsvc - ok

14:54:30.0489 1144        igfx            (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys

14:54:30.0754 1144        igfx - ok

14:54:30.0910 1144        IGRS            (d951d20153e51928f9db2227d6ff5c7a) C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe

14:54:30.0926 1144        IGRS - ok

14:54:31.0051 1144        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

14:54:31.0082 1144        iirsp - ok

14:54:31.0144 1144        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

14:54:31.0285 1144        IKEEXT - ok

14:54:31.0410 1144        inspect         (efff0afd27cc97bf0e5e0bab78419de7) C:\windows\system32\DRIVERS\inspect.sys

14:54:31.0441 1144        inspect - ok

14:54:31.0472 1144        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

14:54:31.0503 1144        intelide - ok

14:54:31.0566 1144        intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

14:54:31.0597 1144        intelppm - ok

14:54:31.0690 1144        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

14:54:31.0800 1144        IPBusEnum - ok

14:54:31.0846 1144        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

14:54:31.0940 1144        IpFilterDriver - ok

14:54:32.0065 1144        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

14:54:32.0190 1144        iphlpsvc - ok

14:54:32.0283 1144        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

14:54:32.0330 1144        IPMIDRV - ok

14:54:32.0361 1144        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

14:54:32.0470 1144        IPNAT - ok

14:54:32.0580 1144        iPod Service    (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe

14:54:32.0626 1144        iPod Service - ok

14:54:32.0736 1144        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

14:54:32.0798 1144        IRENUM - ok

14:54:32.0845 1144        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

14:54:32.0876 1144        isapnp - ok

14:54:32.0970 1144        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

14:54:33.0001 1144        iScsiPrt - ok

14:54:33.0063 1144        k57nd60a        (7dbafe10c1b777305c80bea42fbda710) C:\windows\system32\DRIVERS\k57nd60a.sys

14:54:33.0126 1144        k57nd60a - ok

14:54:33.0219 1144        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys

14:54:33.0250 1144        kbdclass - ok

14:54:33.0282 1144        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

14:54:33.0344 1144        kbdhid - ok

14:54:33.0438 1144        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

14:54:33.0469 1144        KeyIso - ok

14:54:33.0562 1144        KMWDFILTER      (07071c1e3cd8f0f9114aac8b072ca1e5) C:\windows\system32\DRIVERS\KMWDFILTER.sys

14:54:33.0578 1144        KMWDFILTER - ok

14:54:33.0672 1144        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

14:54:33.0703 1144        KSecDD - ok

14:54:33.0718 1144        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

14:54:33.0750 1144        KSecPkg - ok

14:54:33.0812 1144        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

14:54:33.0921 1144        ksthunk - ok

14:54:34.0015 1144        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

14:54:34.0124 1144        KtmRm - ok

14:54:34.0202 1144        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll

14:54:34.0311 1144        LanmanServer - ok

14:54:34.0405 1144        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

14:54:34.0530 1144        LanmanWorkstation - ok

14:54:34.0576 1144        Lbd - ok

14:54:34.0670 1144        Lenovo ReadyComm AppSvc (7fcb3ec66361f157bcd5b5c33ce2ac16) C:\Program Files\Lenovo\ReadyComm\AppSvc.exe

14:54:34.0701 1144        Lenovo ReadyComm AppSvc - ok

14:54:34.0732 1144        Lenovo ReadyComm ConnSvc (5287074e79e4ba82510886f684dc5f72) C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe

14:54:34.0779 1144        Lenovo ReadyComm ConnSvc - ok

14:54:34.0888 1144        lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

14:54:34.0998 1144        lltdio - ok

14:54:35.0044 1144        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

14:54:35.0154 1144        lltdsvc - ok

14:54:35.0278 1144        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

14:54:35.0372 1144        lmhosts - ok

14:54:35.0497 1144        LMS             (1e2f802846eb944e0333efee7c9532a8) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

14:54:35.0528 1144        LMS - ok

14:54:35.0637 1144        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

14:54:35.0653 1144        LSI_FC - ok

14:54:35.0715 1144        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

14:54:35.0731 1144        LSI_SAS - ok

14:54:35.0840 1144        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

14:54:35.0871 1144        LSI_SAS2 - ok

14:54:35.0902 1144        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

14:54:35.0934 1144        LSI_SCSI - ok

14:54:35.0965 1144        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

14:54:36.0090 1144        luafv - ok

14:54:36.0214 1144        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

14:54:36.0246 1144        Mcx2Svc - ok

14:54:36.0292 1144        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

14:54:36.0324 1144        megasas - ok

14:54:36.0355 1144        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

14:54:36.0386 1144        MegaSR - ok

14:54:36.0495 1144        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

14:54:36.0604 1144        MMCSS - ok

14:54:36.0651 1144        Modem           (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

14:54:36.0760 1144        Modem - ok

14:54:36.0870 1144        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

14:54:36.0948 1144        monitor - ok

14:54:37.0041 1144        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

14:54:37.0072 1144        mouclass - ok

14:54:37.0166 1144        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

14:54:37.0197 1144        mouhid - ok

14:54:37.0275 1144        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

14:54:37.0291 1144        mountmgr - ok

14:54:37.0338 1144        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

14:54:37.0369 1144        mpio - ok

14:54:37.0431 1144        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

14:54:37.0525 1144        mpsdrv - ok

14:54:37.0618 1144        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

14:54:37.0743 1144        MpsSvc - ok

14:54:37.0821 1144        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

14:54:37.0884 1144        MRxDAV - ok

14:54:37.0962 1144        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

14:54:38.0008 1144        mrxsmb - ok

14:54:38.0086 1144        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

14:54:38.0133 1144        mrxsmb10 - ok

14:54:38.0196 1144        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

14:54:38.0227 1144        mrxsmb20 - ok

14:54:38.0289 1144        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

14:54:38.0320 1144        msahci - ok

14:54:38.0383 1144        msdsm           (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

14:54:38.0398 1144        msdsm - ok

14:54:38.0445 1144        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

14:54:38.0492 1144        MSDTC - ok

14:54:38.0554 1144        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

14:54:38.0664 1144        Msfs - ok

14:54:38.0742 1144        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

14:54:38.0851 1144        mshidkmdf - ok

14:54:38.0913 1144        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

14:54:38.0929 1144        msisadrv - ok

14:54:39.0022 1144        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

14:54:39.0132 1144        MSiSCSI - ok

14:54:39.0178 1144        msiserver - ok

14:54:39.0241 1144        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

14:54:39.0366 1144        MSKSSRV - ok

14:54:39.0381 1144        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

14:54:39.0490 1144        MSPCLOCK - ok

14:54:39.0553 1144        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

14:54:39.0662 1144        MSPQM - ok

14:54:39.0756 1144        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

14:54:39.0802 1144        MsRPC - ok

14:54:39.0865 1144        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys

14:54:39.0896 1144        mssmbios - ok

14:54:39.0958 1144        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

14:54:40.0068 1144        MSTEE - ok

14:54:40.0130 1144        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

14:54:40.0161 1144        MTConfig - ok

14:54:40.0224 1144        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

14:54:40.0255 1144        Mup - ok

14:54:40.0302 1144        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

14:54:40.0426 1144        napagent - ok

14:54:40.0551 1144        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

14:54:40.0614 1144        NativeWifiP - ok

14:54:40.0676 1144        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

14:54:40.0738 1144        NDIS - ok

14:54:40.0848 1144        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

14:54:40.0941 1144        NdisCap - ok

14:54:40.0988 1144        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

14:54:41.0082 1144        NdisTapi - ok

14:54:41.0238 1144        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

14:54:41.0362 1144        Ndisuio - ok

14:54:41.0409 1144        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

14:54:41.0534 1144        NdisWan - ok

14:54:41.0643 1144        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

14:54:41.0752 1144        NDProxy - ok

14:54:41.0877 1144        Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll

14:54:41.0893 1144        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

14:54:41.0893 1144        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

14:54:41.0971 1144        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

14:54:42.0080 1144        NetBIOS - ok

14:54:42.0174 1144        NetBT           (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

14:54:42.0283 1144        NetBT - ok

14:54:42.0330 1144        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

14:54:42.0361 1144        Netlogon - ok

14:54:42.0470 1144        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

14:54:42.0595 1144        Netman - ok

14:54:42.0642 1144        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

14:54:42.0766 1144        netprofm - ok

14:54:42.0876 1144        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:54:42.0907 1144        NetTcpPortSharing - ok

14:54:43.0125 1144        netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys

14:54:43.0375 1144        netw5v64 - ok

14:54:43.0468 1144        nfrd960         (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

14:54:43.0500 1144        nfrd960 - ok

14:54:43.0546 1144        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

14:54:43.0656 1144        NlaSvc - ok

14:54:43.0749 1144        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

14:54:43.0843 1144        Npfs - ok

14:54:43.0874 1144        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

14:54:43.0983 1144        nsi - ok

14:54:44.0046 1144        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

14:54:44.0155 1144        nsiproxy - ok

14:54:44.0248 1144        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

14:54:44.0342 1144        Ntfs - ok

14:54:44.0436 1144        Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

14:54:44.0529 1144        Null - ok

14:54:44.0592 1144        NVHDA           (181e7fe39211e04128a30708906627d8) C:\windows\system32\drivers\nvhda64v.sys

14:54:44.0607 1144        NVHDA - ok

14:54:44.0997 1144        nvlddmkm        (a1777644c3d044494658da850a4a16d8) C:\windows\system32\DRIVERS\nvlddmkm.sys

14:54:45.0621 1144        nvlddmkm - ok

14:54:45.0746 1144        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

14:54:45.0777 1144        nvraid - ok

14:54:45.0824 1144        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

14:54:45.0855 1144        nvstor - ok

14:54:45.0902 1144        nvsvc           (b8e361851bfb7152e0a2d6031c4db1e9) C:\windows\system32\nvvsvc.exe

14:54:45.0933 1144        nvsvc - ok

14:54:46.0042 1144        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

14:54:46.0074 1144        nv_agp - ok

14:54:46.0105 1144        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

14:54:46.0152 1144        ohci1394 - ok

14:54:46.0245 1144        ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:54:46.0276 1144        ose - ok

14:54:46.0432 1144        osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

14:54:46.0729 1144        osppsvc - ok

14:54:46.0854 1144        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

14:54:46.0916 1144        p2pimsvc - ok

14:54:46.0963 1144        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

14:54:46.0994 1144        p2psvc - ok

14:54:47.0088 1144        Parport         (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

14:54:47.0119 1144        Parport - ok

14:54:47.0166 1144        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys

14:54:47.0181 1144        partmgr - ok

14:54:47.0228 1144        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

14:54:47.0290 1144        PcaSvc - ok

14:54:47.0384 1144        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

14:54:47.0415 1144        pci - ok

14:54:47.0431 1144        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

14:54:47.0462 1144        pciide - ok

14:54:47.0493 1144        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

14:54:47.0524 1144        pcmcia - ok

14:54:47.0587 1144        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

14:54:47.0602 1144        pcw - ok

14:54:47.0665 1144        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

14:54:47.0805 1144        PEAUTH - ok

14:54:47.0930 1144        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

14:54:47.0977 1144        PerfHost - ok

14:54:48.0070 1144        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

14:54:48.0226 1144        pla - ok

14:54:48.0320 1144        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

14:54:48.0367 1144        PlugPlay - ok

14:54:48.0507 1144        Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll

14:54:48.0523 1144        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

14:54:48.0523 1144        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

14:54:48.0570 1144        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

14:54:48.0616 1144        PNRPAutoReg - ok

14:54:48.0710 1144        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

14:54:48.0741 1144        PNRPsvc - ok

14:54:48.0804 1144        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

14:54:48.0928 1144        PolicyAgent - ok

14:54:49.0022 1144        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

14:54:49.0147 1144        Power - ok

14:54:49.0256 1144        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

14:54:49.0365 1144        PptpMiniport - ok

14:54:49.0428 1144        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

14:54:49.0475 1144        Processor - ok

14:54:49.0568 1144        ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll

14:54:49.0662 1144        ProfSvc - ok

14:54:49.0724 1144        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

14:54:49.0755 1144        ProtectedStorage - ok

14:54:49.0865 1144        Psched          (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

14:54:49.0974 1144        Psched - ok

14:54:50.0005 1144        PS_MDP - ok

14:54:50.0161 1144        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

14:54:50.0255 1144        ql2300 - ok

14:54:50.0348 1144        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

14:54:50.0379 1144        ql40xx - ok

14:54:50.0426 1144        QWAVE           (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

14:54:50.0504 1144        QWAVE - ok

14:54:50.0582 1144        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

14:54:50.0645 1144        QWAVEdrv - ok

14:54:50.0676 1144        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

14:54:50.0785 1144        RasAcd - ok

14:54:50.0879 1144        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

14:54:50.0972 1144        RasAgileVpn - ok

14:54:51.0003 1144        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

14:54:51.0128 1144        RasAuto - ok

14:54:51.0237 1144        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

14:54:51.0362 1144        Rasl2tp - ok

14:54:51.0393 1144        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

14:54:51.0503 1144        RasMan - ok

14:54:51.0612 1144        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

14:54:51.0737 1144        RasPppoe - ok

14:54:51.0752 1144        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

14:54:51.0877 1144        RasSstp - ok

14:54:51.0971 1144        rdbss           (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

14:54:52.0080 1144        rdbss - ok

14:54:52.0127 1144        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

14:54:52.0173 1144        rdpbus - ok

14:54:52.0298 1144        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

14:54:52.0407 1144        RDPCDD - ok

14:54:52.0439 1144        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

14:54:52.0548 1144        RDPENCDD - ok

14:54:52.0657 1144        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

14:54:52.0751 1144        RDPREFMP - ok

14:54:52.0797 1144        RDPWD           (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys

14:54:52.0844 1144        RDPWD - ok

14:54:52.0969 1144        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

14:54:53.0000 1144        rdyboost - ok

14:54:53.0016 1144        ReadyComm.DirectRouter - ok

14:54:53.0047 1144        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

14:54:53.0156 1144        RemoteAccess - ok

14:54:53.0234 1144        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

14:54:53.0359 1144        RemoteRegistry - ok

14:54:53.0437 1144        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys

14:54:53.0499 1144        RFCOMM - ok

14:54:53.0577 1144        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

14:54:53.0671 1144        RpcEptMapper - ok

14:54:53.0733 1144        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

14:54:53.0780 1144        RpcLocator - ok

14:54:53.0858 1144        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

14:54:53.0967 1144        RpcSs - ok

14:54:54.0061 1144        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

14:54:54.0186 1144        rspndr - ok

14:54:54.0295 1144        RSUSBSTOR       (5aab4808e8ccae8c2ecda5b791260616) C:\windows\system32\Drivers\RtsUStor.sys

14:54:54.0326 1144        RSUSBSTOR - ok

14:54:54.0420 1144        RTL8167         (3b01789ee4eaee97f5eb46b711387d5e) C:\windows\system32\DRIVERS\Rt64win7.sys

14:54:54.0482 1144        RTL8167 - ok

14:54:54.0545 1144        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

14:54:54.0576 1144        SamSs - ok

14:54:54.0685 1144        SbFw            (cdb954c736d51dc5fa712c039af4f683) C:\windows\system32\drivers\SbFw.sys

14:54:54.0716 1144        SbFw - ok

14:54:54.0794 1144        SBFWIMCL        (5de22e3cb6140213da2e0599b08d525c) C:\windows\system32\DRIVERS\sbfwim.sys

14:54:54.0810 1144        SBFWIMCL - ok

14:54:54.0888 1144        SBFWIMCLMP      (5de22e3cb6140213da2e0599b08d525c) C:\windows\system32\DRIVERS\SBFWIM.sys

14:54:54.0903 1144        SBFWIMCLMP - ok

14:54:54.0981 1144        sbhips          (a5bc45f8c2f30350e7566799c86b2f5d) C:\windows\system32\drivers\sbhips.sys

14:54:55.0013 1144        sbhips - ok

14:54:55.0044 1144        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

14:54:55.0075 1144        sbp2port - ok

14:54:55.0137 1144        SBRE - ok

14:54:55.0262 1144        SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

14:54:55.0325 1144        SBSDWSCService - ok

14:54:55.0418 1144        SbTis           (f9955774a6bf0a5ca696f591c7b80a79) C:\windows\system32\drivers\sbtis.sys

14:54:55.0449 1144        SbTis - ok

14:54:55.0481 1144        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

14:54:55.0605 1144        SCardSvr - ok

14:54:55.0715 1144        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

14:54:55.0824 1144        scfilter - ok

14:54:55.0902 1144        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

14:54:56.0042 1144        Schedule - ok

14:54:56.0136 1144        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

14:54:56.0229 1144        SCPolicySvc - ok

14:54:56.0261 1144        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

14:54:56.0307 1144        SDRSVC - ok

14:54:56.0385 1144        SeaPort         (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

14:54:56.0417 1144        SeaPort - ok

14:54:56.0526 1144        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

14:54:56.0635 1144        secdrv - ok

14:54:56.0666 1144        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

14:54:56.0775 1144        seclogon - ok

14:54:56.0885 1144        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

14:54:56.0994 1144        SENS - ok

14:54:57.0041 1144        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

14:54:57.0072 1144        SensrSvc - ok

14:54:57.0181 1144        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

14:54:57.0212 1144        Serenum - ok

14:54:57.0243 1144        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

14:54:57.0275 1144        Serial - ok

14:54:57.0384 1144        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

14:54:57.0431 1144        sermouse - ok

14:54:57.0477 1144        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

14:54:57.0587 1144        SessionEnv - ok

14:54:57.0649 1144        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

14:54:57.0727 1144        sffdisk - ok

14:54:57.0789 1144        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

14:54:57.0836 1144        sffp_mmc - ok

14:54:57.0883 1144        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

14:54:57.0945 1144        sffp_sd - ok

14:54:58.0023 1144        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

14:54:58.0055 1144        sfloppy - ok

14:54:58.0164 1144        Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys

14:54:58.0226 1144        Sftfs - ok

14:54:58.0335 1144        sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

14:54:58.0367 1144        sftlist - ok

14:54:58.0460 1144        Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys

14:54:58.0491 1144        Sftplay - ok

14:54:58.0538 1144        Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys

14:54:58.0554 1144        Sftredir - ok

14:54:58.0585 1144        Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys

14:54:58.0601 1144        Sftvol - ok

14:54:58.0710 1144        sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

14:54:58.0725 1144        sftvsa - ok

14:54:58.0819 1144        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

14:54:58.0944 1144        SharedAccess - ok

14:54:59.0006 1144        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

14:54:59.0100 1144        ShellHWDetection - ok

14:54:59.0209 1144        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

14:54:59.0240 1144        SiSRaid2 - ok

14:54:59.0271 1144        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

14:54:59.0303 1144        SiSRaid4 - ok

14:54:59.0334 1144        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

14:54:59.0427 1144        Smb - ok

14:54:59.0552 1144        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

14:54:59.0599 1144        SNMPTRAP - ok

14:54:59.0661 1144        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

14:54:59.0677 1144        spldr - ok

14:54:59.0786 1144        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

14:54:59.0911 1144        Spooler - ok

14:55:00.0067 1144        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

14:55:00.0254 1144        sppsvc - ok

14:55:00.0348 1144        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

14:55:00.0457 1144        sppuinotify - ok

14:55:00.0535 1144        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

14:55:00.0597 1144        srv - ok

14:55:00.0707 1144        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

14:55:00.0753 1144        srv2 - ok

14:55:00.0785 1144        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

14:55:00.0847 1144        srvnet - ok

14:55:00.0941 1144        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

14:55:01.0065 1144        SSDPSRV - ok

14:55:01.0097 1144        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

14:55:01.0190 1144        SstpSvc - ok

14:55:01.0299 1144        StarOpen - ok

14:55:01.0331 1144        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

14:55:01.0362 1144        stexstor - ok

14:55:01.0424 1144        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

14:55:01.0487 1144        stisvc - ok

14:55:01.0580 1144        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys

14:55:01.0611 1144        swenum - ok

14:55:01.0658 1144        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

14:55:01.0767 1144        swprv - ok

14:55:01.0908 1144        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

14:55:02.0017 1144        SysMain - ok

14:55:02.0126 1144        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

14:55:02.0173 1144        TabletInputService - ok

14:55:02.0220 1144        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

14:55:02.0329 1144        TapiSrv - ok

14:55:02.0423 1144        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

14:55:02.0516 1144        TBS - ok

14:55:02.0610 1144        Tcpip           (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys

14:55:02.0735 1144        Tcpip - ok

14:55:02.0891 1144        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys

14:55:03.0000 1144        TCPIP6 - ok

14:55:03.0171 1144        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

14:55:03.0265 1144        tcpipreg - ok

14:55:03.0296 1144        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

14:55:03.0343 1144        TDPIPE - ok

14:55:03.0437 1144        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

14:55:03.0483 1144        TDTCP - ok

14:55:03.0546 1144        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

14:55:03.0639 1144        tdx - ok

14:55:03.0733 1144        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys

14:55:03.0764 1144        TermDD - ok

14:55:03.0811 1144        TermService     (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

14:55:03.0951 1144        TermService - ok

14:55:04.0045 1144        TFsExDisk       (48d9d00c2e0e72c3d4f52772c80355f6) C:\windows\System32\Drivers\TFsExDisk.sys

14:55:04.0061 1144        TFsExDisk - ok

14:55:04.0107 1144        Themes          (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

14:55:04.0154 1144        Themes - ok

14:55:04.0248 1144        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

14:55:04.0357 1144        THREADORDER - ok

14:55:04.0404 1144        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

14:55:04.0513 1144        TrkWks - ok

14:55:04.0591 1144        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

14:55:04.0700 1144        TrustedInstaller - ok

14:55:04.0778 1144        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

14:55:04.0887 1144        tssecsrv - ok

14:55:04.0934 1144        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

14:55:04.0981 1144        TsUsbFlt - ok

14:55:05.0090 1144        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

14:55:05.0184 1144        tunnel - ok

14:55:05.0246 1144        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

14:55:05.0277 1144        uagp35 - ok

14:55:05.0371 1144        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

14:55:05.0480 1144        udfs - ok

14:55:05.0558 1144        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

14:55:05.0605 1144        UI0Detect - ok

14:55:05.0683 1144        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

14:55:05.0714 1144        uliagpkx - ok

14:55:05.0777 1144        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys

14:55:05.0839 1144        umbus - ok

14:55:05.0901 1144        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

14:55:05.0933 1144        UmPass - ok

14:55:06.0120 1144        UNS             (af905f4966cfc8b973623ab150cd4b2b) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

14:55:06.0229 1144        UNS - ok

14:55:06.0307 1144        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

14:55:06.0432 1144        upnphost - ok

14:55:06.0494 1144        USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys

14:55:06.0510 1144        USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning

14:55:06.0510 1144        USBAAPL64 - detected UnsignedFile.Multi.Generic (1)

14:55:06.0635 1144        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys

14:55:06.0666 1144        usbaudio - ok

14:55:06.0713 1144        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

14:55:06.0759 1144        usbccgp - ok

14:55:06.0853 1144        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

14:55:06.0915 1144        usbcir - ok

14:55:06.0947 1144        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys

14:55:06.0993 1144        usbehci - ok

14:55:07.0103 1144        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

14:55:07.0165 1144        usbhub - ok

14:55:07.0196 1144        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

14:55:07.0227 1144        usbohci - ok

14:55:07.0337 1144        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

14:55:07.0383 1144        usbprint - ok

14:55:07.0415 1144        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

14:55:07.0461 1144        usbscan - ok

14:55:07.0586 1144        usbsmi          (f379a62017f92a7d60002d53000dd126) C:\windows\system32\DRIVERS\SMIksdrv.sys

14:55:07.0633 1144        usbsmi - ok

14:55:07.0680 1144        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

14:55:07.0711 1144        USBSTOR - ok

14:55:07.0820 1144        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

14:55:07.0867 1144        usbuhci - ok

14:55:07.0914 1144        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys

14:55:07.0976 1144        usbvideo - ok

14:55:08.0070 1144        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

14:55:08.0179 1144        UxSms - ok

14:55:08.0226 1144        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

14:55:08.0257 1144        VaultSvc - ok

14:55:08.0335 1144        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

14:55:08.0366 1144        vdrvroot - ok

14:55:08.0413 1144        vds             (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

14:55:08.0538 1144        vds - ok

14:55:08.0647 1144        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

14:55:08.0694 1144        vga - ok

14:55:08.0709 1144        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

14:55:08.0819 1144        VgaSave - ok

14:55:08.0881 1144        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

14:55:08.0912 1144        vhdmp - ok

14:55:09.0006 1144        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

14:55:09.0037 1144        viaide - ok

14:55:09.0084 1144        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

14:55:09.0099 1144        volmgr - ok

14:55:09.0162 1144        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

14:55:09.0193 1144        volmgrx - ok

14:55:09.0302 1144        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

14:55:09.0333 1144        volsnap - ok

14:55:09.0380 1144        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

14:55:09.0411 1144        vsmraid - ok

14:55:09.0552 1144        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

14:55:09.0723 1144        VSS - ok

14:55:09.0817 1144        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

14:55:09.0879 1144        vwifibus - ok

14:55:09.0911 1144        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

14:55:09.0957 1144        vwififlt - ok

14:55:09.0989 1144        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

14:55:10.0098 1144        W32Time - ok

14:55:10.0207 1144        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

14:55:10.0254 1144        WacomPen - ok

14:55:10.0379 1144        WANARP          (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

14:55:10.0488 1144        WANARP - ok

14:55:10.0503 1144        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

14:55:10.0597 1144        Wanarpv6 - ok

14:55:10.0659 1144        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

14:55:10.0753 1144        wbengine - ok

14:55:10.0847 1144        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

14:55:10.0893 1144        WbioSrvc - ok

14:55:10.0940 1144        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

14:55:11.0003 1144        wcncsvc - ok

14:55:11.0049 1144        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

14:55:11.0096 1144        WcsPlugInService - ok

14:55:11.0159 1144        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

14:55:11.0190 1144        Wd - ok

14:55:11.0268 1144        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

14:55:11.0315 1144        Wdf01000 - ok

14:55:11.0361 1144        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

14:55:11.0455 1144        WdiServiceHost - ok

14:55:11.0455 1144        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

14:55:11.0517 1144        WdiSystemHost - ok

14:55:11.0611 1144        wdmirror        (2a444acf7dd446505bcc801f8f6ae5fd) C:\windows\system32\DRIVERS\WDMirror.sys

14:55:11.0642 1144        wdmirror - ok

14:55:11.0673 1144        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

14:55:11.0736 1144        WebClient - ok

14:55:11.0829 1144        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

14:55:11.0939 1144        Wecsvc - ok

14:55:12.0017 1144        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

14:55:12.0126 1144        wercplsupport - ok

14:55:12.0204 1144        WerSvc          (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

14:55:12.0329 1144        WerSvc - ok

14:55:12.0391 1144        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

14:55:12.0485 1144        WfpLwf - ok

14:55:12.0609 1144        WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys

14:55:12.0641 1144        WimFltr - ok

14:55:12.0672 1144        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

14:55:12.0703 1144        WIMMount - ok

14:55:12.0750 1144        WinDefend - ok

14:55:12.0750 1144        WinHttpAutoProxySvc - ok

14:55:12.0875 1144        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

14:55:12.0999 1144        Winmgmt - ok

14:55:13.0140 1144        WinRM           (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

14:55:13.0296 1144        WinRM - ok

14:55:13.0499 1144        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

14:55:13.0545 1144        WinUsb - ok

14:55:13.0608 1144        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

14:55:13.0701 1144        Wlansvc - ok

14:55:13.0811 1144        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

14:55:13.0842 1144        WmiAcpi - ok

14:55:13.0920 1144        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

14:55:13.0982 1144        wmiApSrv - ok

14:55:14.0045 1144        WMPNetworkSvc - ok

14:55:14.0154 1144        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

14:55:14.0201 1144        WPCSvc - ok

14:55:14.0247 1144        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

14:55:14.0279 1144        WPDBusEnum - ok

14:55:14.0372 1144        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

14:55:14.0481 1144        ws2ifsl - ok

14:55:14.0528 1144        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll

14:55:14.0575 1144        wscsvc - ok

14:55:14.0637 1144        WSearch - ok

14:55:14.0684 1144        wsvd            (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys

14:55:14.0715 1144        wsvd - ok

14:55:14.0809 1144        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll

14:55:14.0996 1144        wuauserv - ok

14:55:15.0105 1144        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

14:55:15.0199 1144        WudfPf - ok

14:55:15.0246 1144        WUDFRd          (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

14:55:15.0355 1144        WUDFRd - ok

14:55:15.0464 1144        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

14:55:15.0558 1144        wudfsvc - ok

14:55:15.0589 1144        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

14:55:15.0651 1144        WwanSvc - ok

14:55:15.0683 1144        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

14:55:15.0792 1144        \Device\Harddisk0\DR0 - ok

14:55:15.0792 1144        Boot (0x1200)   (7ccb044c7e6964773caa3eab6719a790) \Device\Harddisk0\DR0\Partition0

14:55:15.0792 1144        \Device\Harddisk0\DR0\Partition0 - ok

14:55:15.0823 1144        Boot (0x1200)   (14ce666e094802c52b4beac4f4b3460c) \Device\Harddisk0\DR0\Partition1

14:55:15.0823 1144        \Device\Harddisk0\DR0\Partition1 - ok

14:55:15.0870 1144        Boot (0x1200)   (d4cf8f75105fd1fa657f497f50bc7577) \Device\Harddisk0\DR0\Partition2

14:55:15.0870 1144        \Device\Harddisk0\DR0\Partition2 - ok

14:55:15.0870 1144        ============================================================

14:55:15.0870 1144        Scan finished

14:55:15.0870 1144        ============================================================

14:55:15.0885 2528        Detected object count: 7

14:55:15.0885 2528        Actual detected object count: 7

14:57:53.0061 2528        hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

14:57:53.0061 2528        hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:57:53.0061 2528        hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

14:57:53.0061 2528        hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:57:53.0077 2528        HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

14:57:53.0077 2528        HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:57:53.0093 2528        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

14:57:53.0093 2528        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:57:53.0093 2528        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

14:57:53.0093 2528        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:57:53.0108 2528        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

14:57:53.0108 2528        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

14:57:53.0108 2528        USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user

14:57:53.0108 2528        USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus

10.04.2012 15:18

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

catwiesel39

10.04.2012 19:02

Hallo hier ist die Comi

Combofix Logfile:

Code:

ComboFix 12-04-10.01 - cocco 10.04.2012  19:47:11.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.2810 [GMT 2:00]

ausgeführt von::\ComboFix.exe

FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\s.bat

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-03-10 bis 2012-04-10  ))))))))))))))))))))))))))))))

.

.

2012-04-10 17:54 . 2012-04-10 17:54        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-04-10 17:49 . 2012-04-10 17:49        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{54E963D7-7AF9-4DF5-8DCA-54297AAC55A5}\offreg.dll

2012-04-10 08:31 . 2012-03-20 01:51        8669240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{54E963D7-7AF9-4DF5-8DCA-54297AAC55A5}\mpengine.dll

2012-04-10 06:19 . 2012-04-10 06:19        --------        d-----w-        C:\_OTL

2012-04-09 11:06 . 2012-04-09 11:06        --------        d-----w-        C:\dell

2012-04-09 10:07 . 2012-04-09 10:07        --------        d-----w-        C:\Drivers

2012-04-09 06:41 . 2012-04-09 06:41        --------        d-----w-        c:\users\cocco\Doctor Web

2012-04-09 06:39 . 2012-04-09 06:39        --------        d-----w-        c:\program files\Common Files\Doctor Web

2012-04-09 06:39 . 2012-04-09 10:00        --------        d-----w-        c:\program files (x86)\DrWeb

2012-04-09 06:27 . 2012-04-09 06:39        --------        d-----w-        c:\programdata\Doctor Web

2012-04-09 05:12 . 2012-04-09 05:17        --------        d-----w-        c:\users\cocco\DoctorWeb

2012-04-09 04:40 . 2012-04-09 04:40        --------        d-----w-        c:\users\cocco\AppData\Local\Comodo

2012-04-09 04:29 . 2012-04-09 04:29        --------        d-----w-        c:\users\cocco\AppData\Roaming\SUPERAntiSpyware.com

2012-04-09 04:29 . 2012-04-09 10:39        --------        d-----w-        c:\program files\SUPERAntiSpyware

2012-04-09 04:29 . 2012-04-09 04:29        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com

2012-04-09 04:04 . 2012-04-10 07:20        --------        d-----w-        c:\programdata\CPA_VA

2012-04-09 03:56 . 2012-04-10 07:14        --------        d-----w-        c:\programdata\Comodo

2012-04-09 03:56 . 2012-04-10 08:35        --------        d-----w-        c:\program files\COMODO

2012-04-09 03:56 . 2012-04-10 07:10        --------        d-----w-        c:\program files (x86)\Comodo

2012-04-07 14:49 . 2012-04-07 14:49        --------        d-----w-        c:\users\cocco\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}

2012-04-07 14:49 . 2012-04-07 14:49        --------        d-----w-        c:\programdata\Virtualized Applications

2012-04-07 13:59 . 2010-02-19 12:53        249736        ----a-w-        c:\windows\ETDUninst.dll

2012-04-07 08:27 . 2012-04-07 13:45        --------        d-----w-        c:\program files (x86)\Eusing Free Registry Cleaner

2012-04-07 07:14 . 2012-04-07 07:14        16200        ----a-w-        c:\windows\stinger.sys

2012-04-07 07:13 . 2012-04-07 13:45        --------        d-----w-        c:\program files (x86)\stinger

2012-04-07 07:07 . 2011-04-05 15:35        60504        ----a-w-        c:\windows\system32\drivers\sbhips.sys

2012-04-07 07:07 . 2011-04-05 15:35        94296        ----a-w-        c:\windows\system32\drivers\sbtis.sys

2012-04-07 07:06 . 2011-04-05 15:35        253528        ----a-w-        c:\windows\system32\drivers\SbFw.sys

2012-04-07 07:06 . 2011-02-08 07:14        84568        ----a-w-        c:\windows\system32\drivers\SbFwIm.sys

2012-04-07 07:06 . 2012-04-07 13:55        --------        d-----w-        c:\program files (x86)\Ad-Aware Antivirus

2012-04-07 07:00 . 2012-04-07 13:25        --------        d-----w-        c:\users\cocco\AppData\Roaming\Ad-Aware Antivirus

2012-04-06 14:10 . 2012-04-06 14:10        --------        d-----w-        c:\users\cocco\AppData\Roaming\Malwarebytes

2012-04-06 14:09 . 2012-04-06 14:09        --------        d-----w-        c:\programdata\Malwarebytes

2012-04-06 09:26 . 2012-04-06 09:26        8767136        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-06 08:42 . 2012-04-06 09:26        418464        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-06 08:42 . 2012-04-07 13:45        --------        d-----w-        c:\windows\system32\Macromed

2012-04-06 07:38 . 2012-04-06 09:26        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-06 07:19 . 2012-04-07 13:45        --------        d-----w-        c:\users\cocco\SecurityScans

2012-04-06 07:19 . 2012-04-07 13:45        --------        d-----w-        c:\program files\Microsoft Baseline Security Analyzer 2

2012-04-06 06:59 . 2012-04-06 06:59        --------        d-----w-        c:\program files (x86)\Common Files\Java

2012-04-02 19:32 . 2012-04-02 19:32        51496        ----a-w-        c:\windows\system32\drivers\stflt.sys

2012-04-02 19:22 . 2012-04-02 19:22        --------        d-----w-        c:\users\cocco\AppData\Roaming\Avira

2012-04-02 19:18 . 2012-01-31 06:56        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-04-02 19:18 . 2012-01-31 06:56        132320        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-04-02 19:18 . 2011-09-16 14:08        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-04-02 19:18 . 2012-04-02 19:18        --------        d-----w-        c:\programdata\Avira

2012-04-02 19:18 . 2012-04-02 19:18        --------        d-----w-        c:\program files (x86)\Avira

2012-04-02 18:36 . 2012-04-02 19:11        --------        d---a-w-        C:\Kaspersky Rescue Disk 10.0

2012-03-18 05:54 . 2012-03-18 05:54        592824        ----a-w-        c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-18 05:54 . 2012-03-18 05:54        44472        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-14 15:50 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-03-14 15:50 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 15:50 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 10:17 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys

2012-03-14 10:17 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll

2012-03-14 10:17 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll

2012-03-14 10:16 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll

2012-03-14 10:16 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll

2012-03-14 10:16 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe

2012-03-14 10:16 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll

2012-03-14 10:16 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll

2012-03-14 10:16 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-03-14 10:16 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys

2012-03-12 15:00 . 2012-03-12 15:00        --------        d-----w-        c:\program files\iPod

2012-03-12 14:59 . 2012-03-12 15:00        --------        d-----w-        c:\program files\iTunes

2012-03-12 14:59 . 2012-03-12 15:00        --------        d-----w-        c:\program files (x86)\iTunes

2012-03-12 14:56 . 2012-03-12 14:56        --------        d-----w-        c:\program files\Bonjour

2012-03-12 14:56 . 2012-03-12 14:56        --------        d-----w-        c:\program files (x86)\Bonjour

2012-03-11 19:13 . 2012-03-11 19:13        577824        ----a-w-        c:\windows\system32\drivers\cmdGuard.sys

2012-03-11 19:13 . 2012-03-11 19:13        43248        ----a-w-        c:\windows\system32\drivers\cmdhlp.sys

2012-03-11 19:13 . 2012-03-11 19:13        22696        ----a-w-        c:\windows\system32\drivers\cmderd.sys

2012-03-11 19:13 . 2012-03-11 19:13        41200        ----a-w-        c:\windows\system32\cmdcsr.dll

2012-03-11 19:13 . 2012-03-11 19:13        301224        ----a-w-        c:\windows\SysWow64\guard32.dll

2012-03-11 19:13 . 2012-03-11 19:13        389840        ----a-w-        c:\windows\system32\guard64.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-06 06:59 . 2011-01-07 16:35        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-02-23 07:18 . 2010-11-24 23:17        279656        ------w-        c:\windows\system32\MpSigStub.exe

2012-02-03 17:27 . 2012-02-03 17:27        93200        ----a-w-        c:\windows\system32\drivers\inspect.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]

"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]

"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-08 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]

R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]

R3 cpuz134;cpuz134;c:\users\PC\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-08 136176]

R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]

R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]

R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]

R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]

S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]

S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]

S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]

S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

IgrsSvcs        REG_MULTI_SZ           ReadyComm.DirectRouter PS_MDP

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 09:26]

.

2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-08 08:46]

.

2012-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-08 08:46]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736]

"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube Download - c:\users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\cocco\AppData\Roaming\Mozilla\Firefox\Profiles\85ly5gs5.default\

FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/|hxxp://signin.ebay.de/ws/eBayISAPI.dll?SignOutConfirm&i=.0794001190006900076001200003500055000920005400022|hxxp://www.t-online.de/

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

URLSearchHooks-{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - (no file)

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-04-10  19:58:32

ComboFix-quarantined-files.txt  2012-04-10 17:58

.

Vor Suchlauf: 13 Verzeichnis(se), 232.562.200.576 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 232.260.636.672 Bytes frei

.

- - End Of File - - 661F044458DEF7BD1A51F7E5ECBC4BC9

--- --- ---

mal so ein frage
was sieht man eigentlich so
auf den ganzen log dateien
ist ja immer ziemlich viel

gruß kai

cosinus

11.04.2012 10:20

Zitat:

FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

Du solltest Comodo doch deinstallieren :(
Oder ist das nur eine falsche Anzeige?

catwiesel39

12.04.2012 20:16

entschuldigung war mein fehler

Combofix Logfile:

Code:

ComboFix 12-04-10.01 - 04.2012  20:56:10.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3959.2804 [GMT 2:00]

ausgeführt von:: c:\

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-03-12 bis 2012-04-12  ))))))))))))))))))))))))))))))

.

.

2012-04-12 19:06 . 2012-04-12 19:06        --------        d-----w-        c:\users\PC\AppData\Local\temp

2012-04-12 19:06 . 2012-04-12 19:06        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-04-12 18:52 . 2012-04-12 18:52        --------        d-----w-        c:\programdata\Comodo

2012-04-11 15:15 . 2012-03-06 06:53        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-04-11 15:15 . 2012-03-06 05:59        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2012-04-11 15:15 . 2012-03-06 05:59        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2012-04-11 15:13 . 2012-03-01 06:46        23408        ----a-w-        c:\windows\system32\drivers\fs_rec.sys

2012-04-11 15:13 . 2012-03-01 06:33        81408        ----a-w-        c:\windows\system32\imagehlp.dll

2012-04-11 15:13 . 2012-03-01 05:33        159232        ----a-w-        c:\windows\SysWow64\imagehlp.dll

2012-04-11 15:13 . 2012-03-01 05:37        172544        ----a-w-        c:\windows\SysWow64\wintrust.dll

2012-04-11 15:13 . 2012-03-01 06:38        220672        ----a-w-        c:\windows\system32\wintrust.dll

2012-04-11 15:13 . 2012-03-01 06:28        5120        ----a-w-        c:\windows\system32\wmi.dll

2012-04-11 15:13 . 2012-03-01 05:29        5120        ----a-w-        c:\windows\SysWow64\wmi.dll

2012-04-10 08:31 . 2012-03-20 01:51        8669240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{54E963D7-7AF9-4DF5-8DCA-54297AAC55A5}\mpengine.dll

2012-04-10 06:19 . 2012-04-10 06:19        --------        d-----w-        C:\_OTL

2012-04-09 11:06 . 2012-04-09 11:06        --------        d-----w-        C:\dell

2012-04-09 10:07 . 2012-04-09 10:07        --------        d-----w-        C:\Drivers

2012-04-09 06:41 . 2012-04-09 06:41        --------        d-----w-        c:\users\cocco\Doctor Web

2012-04-09 06:39 . 2012-04-09 06:39        --------        d-----w-        c:\program files\Common Files\Doctor Web

2012-04-09 06:39 . 2012-04-09 10:00        --------        d-----w-        c:\program files (x86)\DrWeb

2012-04-09 06:27 . 2012-04-09 06:39        --------        d-----w-        c:\programdata\Doctor Web

2012-04-09 05:12 . 2012-04-09 05:17        --------        d-----w-        c:\users\cocco\DoctorWeb

2012-04-09 04:40 . 2012-04-12 18:52        --------        d-----w-        c:\users\cocco\AppData\Local\Comodo

2012-04-09 04:29 . 2012-04-09 04:29        --------        d-----w-        c:\users\cocco\AppData\Roaming\SUPERAntiSpyware.com

2012-04-09 04:29 . 2012-04-09 10:39        --------        d-----w-        c:\program files\SUPERAntiSpyware

2012-04-09 04:29 . 2012-04-09 04:29        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com

2012-04-09 04:04 . 2012-04-12 18:53        --------        d-----w-        c:\programdata\CPA_VA

2012-04-09 03:56 . 2012-04-12 18:53        --------        d-----w-        c:\program files\COMODO

2012-04-09 03:56 . 2012-04-12 18:52        --------        d-----w-        c:\program files (x86)\Comodo

2012-04-07 14:49 . 2012-04-07 14:49        --------        d-----w-        c:\users\cocco\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}

2012-04-07 14:49 . 2012-04-07 14:49        --------        d-----w-        c:\programdata\Virtualized Applications

2012-04-07 13:59 . 2010-02-19 12:53        249736        ----a-w-        c:\windows\ETDUninst.dll

2012-04-07 08:27 . 2012-04-07 13:45        --------        d-----w-        c:\program files (x86)\Eusing Free Registry Cleaner

2012-04-07 07:14 . 2012-04-07 07:14        16200        ----a-w-        c:\windows\stinger.sys

2012-04-07 07:13 . 2012-04-07 13:45        --------        d-----w-        c:\program files (x86)\stinger

2012-04-07 07:07 . 2011-04-05 15:35        60504        ----a-w-        c:\windows\system32\drivers\sbhips.sys

2012-04-07 07:07 . 2011-04-05 15:35        94296        ----a-w-        c:\windows\system32\drivers\sbtis.sys

2012-04-07 07:06 . 2011-04-05 15:35        253528        ----a-w-        c:\windows\system32\drivers\SbFw.sys

2012-04-07 07:06 . 2011-02-08 07:14        84568        ----a-w-        c:\windows\system32\drivers\SbFwIm.sys

2012-04-07 07:06 . 2012-04-07 13:55        --------        d-----w-        c:\program files (x86)\Ad-Aware Antivirus

2012-04-07 07:00 . 2012-04-07 13:25        --------        d-----w-        c:\users\cocco\AppData\Roaming\Ad-Aware Antivirus

2012-04-06 14:10 . 2012-04-06 14:10        --------        d-----w-        c:\users\cocco\AppData\Roaming\Malwarebytes

2012-04-06 14:09 . 2012-04-06 14:09        --------        d-----w-        c:\programdata\Malwarebytes

2012-04-06 09:26 . 2012-04-06 09:26        8767136        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-06 08:42 . 2012-04-06 09:26        418464        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-06 08:42 . 2012-04-07 13:45        --------        d-----w-        c:\windows\system32\Macromed

2012-04-06 07:38 . 2012-04-06 09:26        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-06 07:19 . 2012-04-07 13:45        --------        d-----w-        c:\users\cocco\SecurityScans

2012-04-06 07:19 . 2012-04-07 13:45        --------        d-----w-        c:\program files\Microsoft Baseline Security Analyzer 2

2012-04-06 06:59 . 2012-04-06 06:59        --------        d-----w-        c:\program files (x86)\Common Files\Java

2012-04-02 19:32 . 2012-04-02 19:32        51496        ----a-w-        c:\windows\system32\drivers\stflt.sys

2012-04-02 19:22 . 2012-04-02 19:22        --------        d-----w-        c:\users\cocco\AppData\Roaming\Avira

2012-04-02 19:18 . 2012-01-31 06:56        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-04-02 19:18 . 2012-01-31 06:56        132320        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-04-02 19:18 . 2011-09-16 14:08        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-04-02 19:18 . 2012-04-02 19:18        --------        d-----w-        c:\programdata\Avira

2012-04-02 19:18 . 2012-04-02 19:18        --------        d-----w-        c:\program files (x86)\Avira

2012-04-02 18:36 . 2012-04-02 19:11        --------        d---a-w-        C:\Kaspersky Rescue Disk 10.0

2012-03-18 05:54 . 2012-03-18 05:54        592824        ----a-w-        c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-18 05:54 . 2012-03-18 05:54        44472        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-14 10:17 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys

2012-03-14 10:17 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll

2012-03-14 10:17 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll

2012-03-14 10:16 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll

2012-03-14 10:16 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll

2012-03-14 10:16 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe

2012-03-14 10:16 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll

2012-03-14 10:16 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll

2012-03-14 10:16 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-03-14 10:16 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-06 06:59 . 2011-01-07 16:35        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-02-23 07:18 . 2010-11-24 23:17        279656        ------w-        c:\windows\system32\MpSigStub.exe

.

.

(((((((((((((((((((((((((((((   SnapShot@2012-04-10_17.54.57   )))))))))))))))))))))))))))))))))))))))))

.

- 2012-02-17 06:21 . 2011-12-14 02:50        72704              c:\windows\SysWOW64\mshtmled.dll

+ 2012-04-11 15:16 . 2012-02-28 01:03        72704              c:\windows\SysWOW64\mshtmled.dll

+ 2012-04-11 15:16 . 2012-02-28 01:08        66048              c:\windows\SysWOW64\migration\WininetPlugin.dll

- 2012-02-17 06:21 . 2011-12-14 02:54        66048              c:\windows\SysWOW64\migration\WininetPlugin.dll

+ 2012-04-11 15:16 . 2012-02-28 01:08        65024              c:\windows\SysWOW64\jsproxy.dll

- 2012-02-17 06:21 . 2011-12-14 02:54        65024              c:\windows\SysWOW64\jsproxy.dll

+ 2012-04-12 18:50 . 2012-04-12 18:50        13282              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2012-04-10 13:18 . 2012-04-10 13:18        13282              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

+ 2010-06-18 11:09 . 2012-04-12 18:53        64158              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-04-12 18:53        44212              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-07-23 13:17 . 2012-04-12 18:53        16392              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1267310097-3752901941-3059132480-1004_UserData.bin

- 2012-02-17 06:21 . 2011-12-14 06:57        96256              c:\windows\system32\mshtmled.dll

+ 2012-04-11 15:16 . 2012-02-28 06:43        96256              c:\windows\system32\mshtmled.dll

+ 2012-04-11 15:16 . 2012-02-28 06:47        86528              c:\windows\system32\migration\WininetPlugin.dll

- 2012-02-17 06:21 . 2011-12-14 07:02        86528              c:\windows\system32\migration\WininetPlugin.dll

- 2012-02-17 06:21 . 2011-12-14 07:01        85504              c:\windows\system32\jsproxy.dll

+ 2012-04-11 15:16 . 2012-02-28 06:47        85504              c:\windows\system32\jsproxy.dll

+ 2010-11-24 16:15 . 2012-04-12 18:51        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-11-24 16:15 . 2012-04-10 17:07        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-04-10 07:14 . 2012-04-10 17:07        49152              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2012-04-10 07:14 . 2012-04-12 18:51        49152              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-10 17:07        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-12 18:51        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-04-12 08:29        96016              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-04-11 15:20 . 2012-04-11 15:20        87408              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        87408              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        93024              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        93024              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        35688              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        35688              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        11120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        11120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        17784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        17784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        58240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        58240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        44920              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        44920              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        37240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        37240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        64352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        64352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        51032              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        51032              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        50552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        50552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        81784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        81784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        81800              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        81800              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        39784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        39784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        68952              c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        68952              c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        12128              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        12128              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        97680              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        97680              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        17240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        17240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        94552              c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        94552              c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        91488              c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        91488              c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2012-04-11 15:19 . 2012-04-11 15:19        78168              c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        78168              c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll

+ 2012-04-11 15:19 . 2012-04-11 15:19        81248              c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        81248              c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

+ 2012-04-12 05:45 . 2012-04-12 05:45        36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\1371ed674fc04f510cb41524e2d4322d\System.Web.DynamicData.Design.ni.dll

+ 2012-04-11 05:15 . 2010-11-12 23:26        24576              c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.Resources.dll

- 2010-06-18 02:44 . 2010-06-18 02:44        24576              c:\windows\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Drawing.Resources.dll

+ 2012-04-12 18:50 . 2012-04-12 18:50        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-04-10 17:07 . 2012-04-10 17:07        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-12 18:50 . 2012-04-12 18:50        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-04-10 17:07 . 2012-04-10 17:07        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-04-11 15:16 . 2012-02-28 01:09        231936              c:\windows\SysWOW64\url.dll

- 2012-02-17 06:21 . 2011-12-14 02:55        231936              c:\windows\SysWOW64\url.dll

+ 2012-04-11 15:16 . 2012-02-28 01:06        716800              c:\windows\SysWOW64\jscript.dll

- 2012-02-17 06:21 . 2011-12-14 02:53        716800              c:\windows\SysWOW64\jscript.dll

+ 2012-04-11 15:16 . 2012-02-28 00:59        176640              c:\windows\SysWOW64\ieui.dll

- 2012-02-17 06:21 . 2011-12-14 02:47        176640              c:\windows\SysWOW64\ieui.dll

+ 2010-11-24 22:19 . 2012-04-12 05:37        309860              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2012-04-11 15:16 . 2012-02-28 06:48        237056              c:\windows\system32\url.dll

- 2012-02-17 06:21 . 2011-12-14 07:03        237056              c:\windows\system32\url.dll

- 2009-07-14 02:36 . 2012-04-10 17:12        616694              c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-04-12 16:21        616694              c:\windows\system32\perfh009.dat

- 2010-06-18 02:45 . 2012-04-10 17:12        654852              c:\windows\system32\perfh007.dat

+ 2010-06-18 02:45 . 2012-04-12 16:21        654852              c:\windows\system32\perfh007.dat

+ 2009-07-14 02:36 . 2012-04-12 16:21        106816              c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-04-10 17:12        106816              c:\windows\system32\perfc009.dat

+ 2010-06-18 02:45 . 2012-04-12 16:21        130434              c:\windows\system32\perfc007.dat

- 2010-06-18 02:45 . 2012-04-10 17:12        130434              c:\windows\system32\perfc007.dat

+ 2012-04-11 15:16 . 2012-02-28 06:45        818688              c:\windows\system32\jscript.dll

- 2012-02-17 06:21 . 2011-12-14 07:00        818688              c:\windows\system32\jscript.dll

+ 2012-04-11 15:16 . 2012-02-28 06:39        248320              c:\windows\system32\ieui.dll

- 2012-02-17 06:21 . 2011-12-14 06:53        248320              c:\windows\system32\ieui.dll

+ 2009-07-14 05:12 . 2012-04-12 18:51        245760              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:12 . 2012-04-10 17:07        245760              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:01 . 2012-04-12 18:50        292324              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-04-10 13:18        292324              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2012-04-09 04:06 . 2012-04-10 13:18        293092              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

+ 2012-04-09 04:06 . 2012-04-12 17:30        293092              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

+ 2012-01-21 15:40 . 2012-01-21 15:40        616216              c:\windows\Microsoft.NET\Framework64\v4.0.30319\System.Drawing.dll

+ 2012-04-11 05:16 . 2012-01-26 23:31        630784              c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Drawing.dll

+ 2012-01-21 15:40 . 2012-01-21 15:40        616216              c:\windows\Microsoft.NET\Framework\v4.0.30319\System.Drawing.dll

+ 2012-04-11 05:16 . 2012-01-26 23:33        630784              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        350592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        350592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        163168              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        163168              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        138592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        138592              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        699224              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        699224              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        857960              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        857960              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        675672              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        675672              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        113512              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        113512              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        129912              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        129912              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        390008              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        390008              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        505208              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        505208              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        261472              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        261472              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        122264              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        122264              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        291184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        291184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        349568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        349568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        236880              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        236880              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        253280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        253280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        378720              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        378720              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        134528              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        134528              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        123736              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        123736              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        392552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        392552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        125816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        125816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        120152              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        120152              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        616216              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        395120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        395120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        182144              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        182144              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        285072              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        285072              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        829280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        829280              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        747360              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        747360              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        436600              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        436600              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        683872              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        683872              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        409448              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        409448              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        210816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        210816              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        149848              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        149848              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        122248              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        122248              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        525704              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        525704              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        112976              c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        112976              c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        581464              c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        581464              c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        832856              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        832856              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        194424              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        194424              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        478576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        478576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        167288              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        167288              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        232304              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        232304              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        661352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        661352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        349576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        349576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        387960              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        387960              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        746336              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        746336              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        505184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        505184              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        288616              c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        288616              c:\windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        335712              c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        335712              c:\windows\Microsoft.NET\assembly\GAC_64\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        125440              c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        125440              c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        237424              c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        237424              c:\windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        187776              c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        187776              c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        269672              c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        269672              c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        334688              c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        334688              c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll

+ 2012-04-11 15:19 . 2012-04-11 15:19        109568              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        109568              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        246128              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

+ 2012-04-11 15:19 . 2012-04-11 15:19        246128              c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        170368              c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2012-04-11 15:19 . 2012-04-11 15:19        170368              c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll

+ 2012-04-12 05:45 . 2012-04-12 05:45        219136              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\62c9a6fe14577f82bcd2a8420b8fa2db\Microsoft.VisualBasic.Compatibility.Data.ni.dll

+ 2012-04-12 05:17 . 2012-04-12 05:17        295424              c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\2ea95f3113ace6c1adf4ab9f9fc4285e\System.ServiceProcess.ni.dll

+ 2012-04-12 05:20 . 2012-04-12 05:20        783360              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Messaging\c5bef7173a92e1a66e3f7a34eeed891f\System.Messaging.ni.dll

+ 2012-04-12 05:17 . 2012-04-12 05:17        288768              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing.Desi#\a94125636875d06389922fcd86b7a615\System.Drawing.Design.ni.dll

+ 2012-04-12 05:20 . 2012-04-12 05:20        389120              c:\windows\assembly\NativeImages_v2.0.50727_64\ehExtHost\2c9f3eaa3e79d491c1e29ab58fdcc54a\ehExtHost.ni.exe

+ 2012-04-12 05:45 . 2012-04-12 05:45        240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\688abb339fb8301c37b0889a0d01dfa3\WindowsFormsIntegration.ni.dll

+ 2012-04-12 05:45 . 2012-04-12 05:45        245248              c:\windows\assembly\NativeImages_v2.0.50727_32\TaskScheduler\97d8bd8f21969a91b7c5171031250d1e\TaskScheduler.ni.dll

+ 2012-04-12 05:45 . 2012-04-12 05:45        129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\2d9aab831590b771aa70cd6991f7af88\System.Web.Routing.ni.dll

+ 2012-04-12 05:45 . 2012-04-12 05:45        860160              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\47e3f7fa0b07e85e269f2e152e0e5e29\System.Web.Extensions.Design.ni.dll

+ 2012-04-12 05:45 . 2012-04-12 05:45        328192              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\3595f5769afb7d38aa5a05abef97364c\System.Web.Entity.ni.dll

+ 2012-04-12 05:45 . 2012-04-12 05:45        301568              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\7485eeab1b46532b35d7ab5814a43a30\System.Web.Entity.Design.ni.dll

+ 2012-04-12 05:45 . 2012-04-12 05:45        547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\ec083a1d2f94e4c565545f9d090c5039\System.Web.DynamicData.ni.dll

+ 2012-04-12 05:45 . 2012-04-12 05:45        141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\88430faf21e241f93d02711e35173de6\System.Web.Abstractions.ni.dll

+ 2012-04-12 05:20 . 2012-04-12 05:20        212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c2c7f68605a42caef1b7a19c51de58b4\System.ServiceProcess.ni.dll

+ 2012-04-12 05:43 . 2012-04-12 05:43        593408              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\69b1de7425d09eb9fe42f81882d2896e\System.Messaging.ni.dll

+ 2012-04-12 05:20 . 2012-04-12 05:20        208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\b64b898fd099d1644a8673137ac56011\System.Drawing.Design.ni.dll

+ 2012-04-12 05:44 . 2012-04-12 05:44        723456              c:\windows\assembly\NativeImages_v2.0.50727_32\napsnap\2ffec892832457d3530d59a9da07324c\napsnap.ni.dll

+ 2012-04-12 05:44 . 2012-04-12 05:44        117760              c:\windows\assembly\NativeImages_v2.0.50727_32\napinit\1167a79ab309e2a4e6da2bd2dbea01a6\napinit.ni.dll

+ 2012-04-12 05:44 . 2012-04-12 05:44        287232              c:\windows\assembly\NativeImages_v2.0.50727_32\MMCFxCommon\c83df01d683dbeb36be10218cc50ff03\MMCFxCommon.ni.dll

+ 2012-04-12 05:44 . 2012-04-12 05:44        561664              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Managemen#\68842b507f3ad7fa603bf57c813c6a0c\Microsoft.ManagementConsole.ni.dll

+ 2012-04-12 05:43 . 2012-04-12 05:43        553472              c:\windows\assembly\NativeImages_v2.0.50727_32\EventViewer\4e2b9e7e956dcee6a9721b57c8ccde60\EventViewer.ni.dll

+ 2012-04-12 05:43 . 2012-04-12 05:43        254464              c:\windows\assembly\NativeImages_v2.0.50727_32\ehExtHost32\380a1283ad9a74eb337feb276453a87f\ehExtHost32.ni.exe

+ 2012-04-11 05:16 . 2012-01-26 23:33        630784              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

- 2012-02-17 06:21 . 2011-12-14 02:57        1127424              c:\windows\SysWOW64\wininet.dll

+ 2012-04-11 15:16 . 2012-02-28 01:11        1127424              c:\windows\SysWOW64\wininet.dll

+ 2012-04-11 15:16 . 2012-02-28 01:12        1103360              c:\windows\SysWOW64\urlmon.dll

- 2012-02-17 06:21 . 2011-12-14 02:57        1103360              c:\windows\SysWOW64\urlmon.dll

+ 2012-04-11 15:16 . 2012-02-28 01:18        1799168              c:\windows\SysWOW64\jscript9.dll

- 2012-02-17 06:21 . 2011-12-14 02:52        1792000              c:\windows\SysWOW64\iertutil.dll

+ 2012-04-11 15:16 . 2012-02-28 01:04        1792000              c:\windows\SysWOW64\iertutil.dll

+ 2012-04-11 15:16 . 2012-02-28 01:27        9705984              c:\windows\SysWOW64\ieframe.dll

- 2012-02-17 06:21 . 2011-12-14 07:04        1390080              c:\windows\system32\wininet.dll

+ 2012-04-11 15:16 . 2012-02-28 06:49        1390080              c:\windows\system32\wininet.dll

+ 2012-04-11 15:16 . 2012-02-28 06:50        1345536              c:\windows\system32\urlmon.dll

- 2012-02-17 06:21 . 2011-12-14 07:04        1345536              c:\windows\system32\urlmon.dll

+ 2012-04-11 15:16 . 2012-02-28 06:56        2311168              c:\windows\system32\jscript9.dll

- 2012-02-17 06:21 . 2011-12-14 06:59        2144256              c:\windows\system32\iertutil.dll

+ 2012-04-11 15:16 . 2012-02-28 06:43        2144256              c:\windows\system32\iertutil.dll

- 2009-07-14 04:45 . 2012-03-15 09:29        7173215              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2012-04-12 05:14        7173215              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2011-07-23 18:55 . 2012-04-10 13:18        2539992              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1267310097-3752901941-3059132480-1004-8192.dat

+ 2011-07-23 18:55 . 2012-04-12 17:30        2539992              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1267310097-3752901941-3059132480-1004-8192.dat

+ 2012-04-11 15:20 . 2012-04-11 15:20        1368920              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        1368920              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsBase\v4.0_4.0.0.0__31bf3856ad364e35\WindowsBase.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        3512072              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        3512072              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        2207568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        2207568              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        5028200              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        5028200              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        1711496              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        1711496              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        6097256              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        6097256              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        1026936              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        1026936              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        4464480              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        4464480              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        1354584              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        1354584              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        1199968              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        1199968              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        1462648              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        1462648              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Presentation.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        6428520              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        6428520              c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        3116376              c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        3116376              c:\windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        3824480              c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        3824480              c:\windows\Microsoft.NET\assembly\GAC_64\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        4970768              c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        4970768              c:\windows\Microsoft.NET\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        3563408              c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

- 2012-02-28 14:13 . 2012-02-28 14:13        3563408              c:\windows\Microsoft.NET\assembly\GAC_64\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2012-04-11 15:19 . 2012-04-11 15:19        2975064              c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        2975064              c:\windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll

+ 2012-04-11 15:20 . 2012-04-11 15:20        3788128              c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        3788128              c:\windows\Microsoft.NET\assembly\GAC_32\PresentationCore\v4.0_4.0.0.0__31bf3856ad364e35\PresentationCore.dll

+ 2012-04-11 15:19 . 2012-04-11 15:19        5201168              c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        5201168              c:\windows\Microsoft.NET\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll

+ 2012-04-11 15:19 . 2012-04-11 15:19        2989456              c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

- 2012-02-28 14:12 . 2012-02-28 14:12        2989456              c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.VisualBasic.Activities.Compiler\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Activities.Compiler.dll

+ 2012-01-22 08:20 . 2012-01-22 08:20        1707520              c:\windows\Installer\9d7b91.msp

+ 2012-04-11 15:21 . 2012-04-11 15:21        3858432              c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\02ea3ff3b5908b51da47e1aeb9e75b04\WindowsBase.ni.dll

+ 2012-04-12 05:46 . 2012-04-12 05:46        1060864              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Printing\7175344bfab919484674d37de776a82f\System.Printing.ni.dll

+ 2012-04-11 15:21 . 2012-04-11 15:21        1665536              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll

+ 2012-04-12 05:46 . 2012-04-12 05:46        1880064              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\d0ae88ebdc709e940fbd0c6bafcab13c\System.Deployment.ni.dll

+ 2012-04-12 05:46 . 2012-04-12 05:46        1641984              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\3e896ba1c3cc8d62c267508dccd7aa5a\PresentationUI.ni.dll

+ 2012-04-12 05:45 . 2012-04-12 05:45        1136640              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\c078f61cba33cffc3d7648509f7a3b54\Microsoft.VisualBasic.Compatibility.ni.dll

+ 2012-04-12 05:45 . 2012-04-12 05:45        1838080              c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\1f54c28f39e25b121c374480ad50d384\Microsoft.VisualBasic.ni.dll

+ 2012-04-12 05:17 . 2012-04-12 05:17        5957632              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\d26e6d07c2e10bc55c2bfd2440ec14bc\System.Workflow.ComponentModel.ni.dll

+ 2012-04-12 05:17 . 2012-04-12 05:17        3895296              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\f044eaa5dc79454c4081bdbea81bf67e\System.Workflow.Activities.ni.dll

+ 2012-04-12 05:15 . 2012-04-12 05:15        1463808              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Printing\7e62d5f06809c96b0e957cc948d98d7c\System.Printing.ni.dll

+ 2012-04-12 05:13 . 2012-04-12 05:13        2317312              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\95d41ace5d8803b9318366ad5f0fbdff\System.Drawing.ni.dll

+ 2012-04-12 05:13 . 2012-04-12 05:13        2444288              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\7e705656ef1ee9078e0d51699d9e0858\System.Deployment.ni.dll

+ 2012-04-12 05:15 . 2012-04-12 05:15        3116032              c:\windows\assembly\NativeImages_v2.0.50727_64\ReachFramework\df3b4d20eaf81da80db9be811947e475\ReachFramework.ni.dll

+ 2012-04-12 05:15 . 2012-04-12 05:15        2109952              c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationUI\8e76dcfa3f4676022f95437037c8ad51\PresentationUI.ni.dll

+ 2012-04-12 05:20 . 2012-04-12 05:20        1516544              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\8dff78b6458b3995288e7e89aa7ae34a\Microsoft.MediaCenter.ni.dll

+ 2012-04-12 05:21 . 2012-04-12 05:21        8979456              c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\88b7272ddb53920b927a7ef59fd3ad6a\Microsoft.MediaCenter.UI.ni.dll

+ 2012-04-12 05:21 . 2012-04-12 05:21        2801664              c:\windows\assembly\NativeImages_v2.0.50727_64\mcstore\a1c741fa6d3e2635dd2a2a77890c87b5\mcstore.ni.dll

+ 2012-04-12 05:45 . 2012-04-12 05:45        1358336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\d362f68d3bf954ba55a4494a659492af\System.WorkflowServices.ni.dll

+ 2012-04-12 05:20 . 2012-04-12 05:20        4516352              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\6d2f8bad410dae6049507d7bc097a62d\System.Workflow.ComponentModel.ni.dll

+ 2012-04-12 05:20 . 2012-04-12 05:20        2995200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\31fd6842b7ccb502dc2f5f11c1f991bd\System.Workflow.Activities.ni.dll

+ 2012-04-12 05:45 . 2012-04-12 05:45        2209792              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\a118322b0f5ffc0e67c06658e8788e1d\System.Web.Mobile.ni.dll

+ 2012-04-12 05:45 . 2012-04-12 05:45        2404352              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\e6747d0470e8a42907df14af10862844\System.Web.Extensions.ni.dll

+ 2012-04-12 05:19 . 2012-04-12 05:19        1044480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\0b27d6da6e6bc319c3805435b818c1e5\System.Printing.ni.dll

+ 2012-04-12 05:18 . 2012-04-12 05:18        1590784              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll

+ 2012-04-12 05:18 . 2012-04-12 05:18        1806848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\e45611cad86870a7011bb18b9e993861\System.Deployment.ni.dll

+ 2012-04-12 05:43 . 2012-04-12 05:43        1310720              c:\windows\assembly\NativeImages_v2.0.50727_32\SmartAudio\ff2c6b1d75558dabc3fc64358c09bc2c\SmartAudio.ni.exe

+ 2012-04-12 05:19 . 2012-04-12 05:19        2157056              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\ffe872f5d03f8bf4d1e1aca71274aec4\ReachFramework.ni.dll

+ 2012-04-12 05:19 . 2012-04-12 05:19        1658368              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\167ae650f54f5cd46c07329972f179ad\PresentationUI.ni.dll

+ 2012-04-12 05:44 . 2012-04-12 05:44        2623488              c:\windows\assembly\NativeImages_v2.0.50727_32\Narrator\a61a4567bd8a09a0068db7fcc46151e1\Narrator.ni.exe

+ 2012-04-12 05:44 . 2012-04-12 05:44        1545216              c:\windows\assembly\NativeImages_v2.0.50727_32\MMCEx\a8ac3e062a13d75ff8d632bed75358b0\MMCEx.ni.dll

+ 2012-04-12 05:44 . 2012-04-12 05:44        6438912              c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\2a348513f0f83117bedeb39a7d10b034\MIGUIControls.ni.dll

+ 2012-04-12 05:43 . 2012-04-12 05:43        1670144              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll

+ 2012-04-12 05:44 . 2012-04-12 05:44        3724288              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\a7364db379808ebdee5cd876d5af2656\Microsoft.PowerShell.Editor.ni.dll

+ 2012-04-12 05:44 . 2012-04-12 05:44        1681920              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\2a9dff80feb7cf8dbac17adb959159ca\Microsoft.PowerShell.Commands.Utility.ni.dll

+ 2012-04-12 05:43 . 2012-04-12 05:43        6499840              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\4a603d10666b9ee9487e7f0ce27c1c68\Microsoft.MediaCenter.UI.ni.dll

+ 2012-04-12 05:43 . 2012-04-12 05:43        1009664              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\142b59a72b233db75ede02941b86291d\Microsoft.MediaCenter.ni.dll

+ 2012-04-12 05:44 . 2012-04-12 05:44        1361408              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\ffc29e128c4ddebb991189d617ed1bf7\Microsoft.Ink.ni.dll

+ 2012-04-12 05:44 . 2012-04-12 05:44        1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\0c9d80e810caa6aeb85bd4d253281434\Microsoft.Build.Tasks.ni.dll

+ 2012-04-12 05:44 . 2012-04-12 05:44        1970176              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\008b235de7df9c690e3f289f3c776eda\Microsoft.Build.Tasks.v3.5.ni.dll

+ 2012-04-12 05:43 . 2012-04-12 05:43        2035712              c:\windows\assembly\NativeImages_v2.0.50727_32\mcstore\227b7eaefe6ae6b78190516516793b4b\mcstore.ni.dll

+ 2012-04-11 15:16 . 2012-02-28 01:52        12281856              c:\windows\SysWOW64\mshtml.dll

+ 2009-07-14 02:34 . 2012-04-12 05:10        11010048              c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2012-04-11 15:16 . 2012-02-28 07:34        17790976              c:\windows\system32\mshtml.dll

+ 2010-12-17 04:28 . 2012-04-11 15:13        57249312              c:\windows\system32\MRT.exe

+ 2012-04-11 15:16 . 2012-02-28 07:02        10888704              c:\windows\system32\ieframe.dll

+ 2012-04-11 15:21 . 2012-04-11 15:21        13197312              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll

+ 2012-04-11 15:22 . 2012-04-11 15:22        18000384              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7786f3e95a399a8b6691170ae2fe0e1c\PresentationFramework.ni.dll

+ 2012-04-11 15:21 . 2012-04-11 15:21        11450880              c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\239eba799555dbe10760ee80c8c8df7c\PresentationCore.ni.dll

+ 2012-04-12 05:14 . 2012-04-12 05:14        17379840              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\3466442b4168ba11787961fcfd410adf\System.Windows.Forms.ni.dll

+ 2012-04-12 05:16 . 2012-04-12 05:16        15270912              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\79c8a2e836c01784bb8e3e2d0ed26850\System.Web.ni.dll

+ 2012-04-12 05:17 . 2012-04-12 05:17        13609472              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\552733f73f5483946cce9229b27bdcb2\System.Design.ni.dll

+ 2012-04-12 05:15 . 2012-04-12 05:15        19195392              c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\b87e4cff3eb13680c55a5f4ee9786b56\PresentationFramework.ni.dll

+ 2012-04-12 05:13 . 2012-04-12 05:13        16540160              c:\windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\1233412b58120995b639428b5e6d998e\PresentationCore.ni.dll

+ 2012-04-12 05:18 . 2012-04-12 05:18        12433408              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll

+ 2012-04-12 05:19 . 2012-04-12 05:19        11833344              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll

+ 2012-04-12 05:20 . 2012-04-12 05:20        10580480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\846a51eb446bee41a26a6914a95e38cd\System.Design.ni.dll

+ 2012-04-12 05:19 . 2012-04-12 05:19        14339072              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll

+ 2012-04-12 05:18 . 2012-04-12 05:18        12234752              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll

.

-- Snapshot auf jetziges Datum zurückgesetzt --

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 786760]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"YouCam Mirror Tray icon"="c:\program files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"

"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-08 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]

R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]

R3 cpuz134;cpuz134;c:\users\PC\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-08 136176]

R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]

R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]

R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]

R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]

S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]

S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

IgrsSvcs        REG_MULTI_SZ           ReadyComm.DirectRouter PS_MDP

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 09:26]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-08 08:46]

.

2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-08 08:46]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736]

"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Free YouTube Download - c:\users\cocco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\cocco\AppData\Roaming\Mozilla\Firefox\Profiles\85ly5gs5.default\

FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/|hxxp://signin.ebay.de/ws/eBayISAPI.dll?SignOutConfirm&i=.0794001190006900076001200003500055000920005400022|hxxp://www.t-online.de/

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-04-12  21:09:06

ComboFix-quarantined-files.txt  2012-04-12 19:09

ComboFix2.txt  2012-04-10 17:58

.

Vor Suchlauf: 17 Verzeichnis(se), 231.480.889.344 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 231.077.384.192 Bytes frei

.

- - End Of File - - CCCB53D16B07A23DE27E1226D0E3CA67

--- --- ---

cosinus

12.04.2012 22:02

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

catwiesel39

13.04.2012 06:06

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-13 06:51:36
-----------------------------
06:51:36.716 OS Version: Windows x64 6.1.7601 Service Pack 1
06:51:36.717 Number of processors: 4 586 0x2502
06:51:36.718 ComputerName: PC-PC UserName: cocco
06:51:37.614 Initialize success
06:55:00.201 AVAST engine defs: 12041201
06:55:56.317 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
06:55:56.333 Disk 0 Vendor: HITACHI_ PB3Z Size: 305245MB BusType: 3
06:55:56.333 Disk 0 MBR read successfully
06:55:56.348 Disk 0 MBR scan
06:55:56.364 Disk 0 Windows 7 default MBR code
06:55:56.380 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
06:55:56.395 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 260243 MB offset 411648
06:55:56.411 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 533389312
06:55:56.442 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 594198528
06:55:56.489 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 533391360
06:55:56.536 Disk 0 scanning C:\windows\system32\drivers
06:56:13.260 Service scanning
06:56:58.515 Modules scanning
06:56:58.515 Disk 0 trace - called modules:
06:56:58.547 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
06:56:58.547 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006982060]
06:56:58.547 3 CLASSPNP.SYS[fffff88001b6e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004957050]
06:56:59.420 AVAST engine scan C:\windows
06:57:07.439 AVAST engine scan C:\windows\system32
07:00:53.829 AVAST engine scan C:\windows\system32\drivers
07:01:09.252 AVAST engine scan C:\Users\cocco
07:02:20.533 AVAST engine scan C:\ProgramData
07:03:30.886 Scan finished successfully
07:03:49.045 Disk 0 MBR has been saved successfully to "C:\Users\cocco\Desktop\MBR.dat"
07:03:49.061 The log file has been saved successfully to "C:\Users\cocco\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-13 06:51:36
-----------------------------
06:51:36.716 OS Version: Windows x64 6.1.7601 Service Pack 1
06:51:36.717 Number of processors: 4 586 0x2502
06:51:36.718 ComputerName: PC-PC UserName: cocco
06:51:37.614 Initialize success
06:55:00.201 AVAST engine defs: 12041201
06:55:56.317 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
06:55:56.333 Disk 0 Vendor: HITACHI_ PB3Z Size: 305245MB BusType: 3
06:55:56.333 Disk 0 MBR read successfully
06:55:56.348 Disk 0 MBR scan
06:55:56.364 Disk 0 Windows 7 default MBR code
06:55:56.380 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
06:55:56.395 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 260243 MB offset 411648
06:55:56.411 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 533389312
06:55:56.442 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 594198528
06:55:56.489 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 533391360
06:55:56.536 Disk 0 scanning C:\windows\system32\drivers
06:56:13.260 Service scanning
06:56:58.515 Modules scanning
06:56:58.515 Disk 0 trace - called modules:
06:56:58.547 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
06:56:58.547 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006982060]
06:56:58.547 3 CLASSPNP.SYS[fffff88001b6e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004957050]
06:56:59.420 AVAST engine scan C:\windows
06:57:07.439 AVAST engine scan C:\windows\system32
07:00:53.829 AVAST engine scan C:\windows\system32\drivers
07:01:09.252 AVAST engine scan C:\Users\cocco
07:02:20.533 AVAST engine scan C:\ProgramData
07:03:30.886 Scan finished successfully
07:03:49.045 Disk 0 MBR has been saved successfully to "C:\Users\cocco\Desktop\MBR.dat"
07:03:49.061 The log file has been saved successfully to "C:\Users\cocco\Desktop\aswMBR.txt"
07:05:56.732 Disk 0 MBR has been saved successfully to "C:\Users\cocco\Desktop\MBR.dat"
07:05:56.747 The log file has been saved successfully to "C:\Users\cocco\Desktop\aswMBR.txt"

cosinus

13.04.2012 11:02

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

catwiesel39

13.04.2012 17:25

hallo hier sind die 2 logs

Code:

SUPERAntiSpyware Scann-Protokoll

hxxp://www.superantispyware.com
 

Generiert 04/13/2012 bei 05:54 PM
 

Version der Applikation : 5.0.1146
 

Version der Kern-Datenbank : 8451

Version der Spur-Datenbank : 6263
 

Scan Art       : kompletter Scann

Totale Scann-Zeit : 00:59:58
 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Gescannte Speicherelemente  : 528

Erfasste Speicher-Bedrohungen  : 0

Gescannte Register-Elemente  : 65516

Erfasste Register-Bedrohungen  : 0

Gescannte Datei-Elemente     : 70920

Erfasste Datei-Elemente   : 0

cosinus

15.04.2012 14:56

Keine Funde! :daumenhoc
Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

catwiesel39

15.04.2012 16:43

hallo arne

dann möchte ich mich mal bedanken für deine hilfe

mein laptop läuft gut
words geht wieder
alles andere auch

wer kommt denn das geld wenn ich euch eine spende mache

und kann ich mal mein anderen pc von euch auf viren und trojaner checken lassen

gruß kai

cosinus

15.04.2012 17:47

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

catwiesel39

15.04.2012 18:22

danke für die tipps

Alle Zeitangaben in WEZ +1. Es ist jetzt 12:15 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131