Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe (https://www.trojaner-board.de/113233-bundespolizei-virus-ch8l0-exe-c-user-username-appdata-local-temp-ch810-exe.html)

hummel1980 06.04.2012 11:35
Bundespolizei Virus ch8l0.exe in C:\User\USERNAME\Appdata\Local\Temp\ch810.exe
 
Hallo,

habe mir auch beagten Virus eingefangen. Habe mich etwas eingelesen und deshalb malwarebites und OTL durchlaufen lassen.

Malwarebites hat auch den Virus gefunden und gelöscht.

Jetzt habe ich noch eine Fehlermeldung beim straten das besagte ch810.exe fehlt.


So hier die logs

Code:

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.06.02

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.XXXXX
XXXX :: XXXX-VAIO [Administrator]

Schutz: Deaktiviert

06.04.2012 10:33:07
mbam-log-2012-04-06 (10-33-07).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 357424
Laufzeit: 38 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Alex\AppData\Local\Temp\ch8l0.exe (Spyware.Passwords) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Nintendo\ganjin_ktr_2012.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:
OTL logfile created on: 06.04.2012 11:24:07 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = H:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 67,28% Memory free
7,71 Gb Paging File | 6,29 Gb Available in Paging File | 81,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,45 Gb Total Space | 96,58 Gb Free Space | 65,95% Space Free | Partition Type: NTFS
Drive D: | 142,35 Gb Total Space | 74,23 Gb Free Space | 52,15% Space Free | Partition Type: NTFS
Drive H: | 1,86 Gb Total Space | 0,13 Gb Free Space | 6,99% Space Free | Partition Type: FAT
 
Computer Name: XXXX-VAIO | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.06 10:21:20 | 000,593,920 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2011.04.08 14:50:02 | 000,542,264 | ---- | M] (Google) -- D:\Handy\Google Calender Sync\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011.01.20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2010.11.19 23:17:32 | 000,326,256 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.11.19 23:17:08 | 000,399,984 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
PRC - [2010.01.08 14:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWlan.exe
PRC - [2009.12.14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.12.07 13:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
PRC - [2009.12.01 23:03:52 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
PRC - [2009.11.21 01:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.11.21 01:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.10.24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009.09.12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009.09.12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2009.08.26 20:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
PRC - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.18 17:09:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.18 17:08:48 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.18 17:08:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.18 17:08:29 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.18 17:08:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.18 17:08:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.18 17:08:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.10.12 18:57:58 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2009.12.24 22:06:05 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.09.23 15:37:08 | 001,429,608 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2011.04.27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.02.18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2011.01.20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2011.01.20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.11.19 23:17:32 | 000,326,256 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.11.19 23:17:08 | 000,399,984 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.10.25 18:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2010.10.12 16:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010.09.27 16:13:26 | 000,074,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.10 09:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010.09.10 09:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.12.17 16:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009.12.14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.12.14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.12.07 13:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe -- (Realtek87B)
SRV - [2009.11.30 20:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.11.21 01:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.10.24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.09.04 23:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.08.31 02:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.08.31 02:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.09.21 09:23:16 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.09.21 09:23:14 | 000,095,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.04.27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.19 23:18:44 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.11.19 23:18:38 | 000,076,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.11.19 23:18:38 | 000,064,624 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.11.19 23:18:36 | 000,029,808 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd2)
DRV:64bit: - [2010.11.19 23:18:34 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.11.19 17:02:46 | 000,038,960 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.11.19 17:02:46 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010.11.19 17:02:46 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010.10.08 08:55:08 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.08.16 14:45:56 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVicHW64.sys -- (TVICHW64)
DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.03.02 00:46:31 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.03.02 00:46:31 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.01.07 05:20:22 | 000,448,512 | R--- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8187.sys -- (RTL8187)
DRV:64bit: - [2009.12.24 22:06:08 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.12.24 22:06:08 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009.12.17 16:18:52 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009.12.16 22:03:59 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009.12.16 22:03:04 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.12.16 04:49:48 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.14 22:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.11.21 01:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.18 06:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.11.18 06:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.11.18 06:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.11.18 06:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 06:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.11.13 22:08:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.11.12 22:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.11.12 22:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.06 22:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009.11.04 11:59:59 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.09.15 22:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009.09.08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009.08.19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb80236.sys -- (usbrndis6)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 15:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.05.20 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.03.25 13:44:39 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp)
DRV:64bit: - [2008.04.28 13:03:46 | 000,047,160 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools64)
DRV:64bit: - [2007.10.22 08:58:43 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2007.04.17 12:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2007.04.17 12:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (6077757b)
DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (6077757b)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKCU\..\SearchScopes,DefaultScope = {4818C373-4036-4DBF-90A0-A28BF7E90735}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4818C373-4036-4DBF-90A0-A28BF7E90735}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2010.11.19 12:11:36 | 000,000,998 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.0\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.0\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DD0B22D-C026-4940-9700-1362E8BA5673}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9994384A-65FD-48EA-BB18-6DD5C60F3C8B}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAE4F192-2640-4841-9374-33158C668981}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD9CB8B8-B045-4C70-BF22-3EB04D68DE1C}: DhcpNameServer = 192.168.1.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.06 10:31:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2012.04.06 10:31:17 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.06 10:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.06 10:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.02 22:15:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Sojka
[2012.03.28 22:06:09 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Mp3tag
[2012.03.28 21:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.03.22 23:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.03.22 23:25:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012.03.14 11:56:43 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.03.14 11:56:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.03.14 11:56:42 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.03.14 11:54:04 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.03.14 11:54:04 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.03.14 11:54:04 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.03.14 11:54:04 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.03.14 11:54:02 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.03.14 11:54:02 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012.03.09 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Silvia
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.06 11:22:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.06 11:22:10 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.06 10:28:56 | 001,513,636 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.06 10:28:56 | 000,658,962 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.06 10:28:56 | 000,620,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.06 10:28:56 | 000,132,260 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.06 10:28:56 | 000,108,650 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.05 23:27:31 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.05 23:27:31 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.05 23:18:31 | 000,001,025 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ch8l0.exe.lnk
[2012.04.05 18:39:14 | 000,001,096 | ---- | M] () -- C:\Users\Alex\Desktop\Gutachten.lnk
[2012.04.04 21:29:21 | 000,002,485 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.04.03 11:28:36 | 000,001,055 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2012.04.03 11:28:36 | 000,000,460 | ---- | M] () -- C:\Users\Public\Desktop\Google Calendar.lnk
[2012.04.02 22:09:53 | 000,016,478 | ---- | M] () -- C:\Users\Alex\Desktop\Hochschulsport - Anmeldebestätigung.mht
[2012.04.02 11:06:57 | 000,011,590 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\SmarThruOptions.xml
[2012.04.01 20:50:41 | 000,094,518 | ---- | M] () -- C:\Users\Alex\Desktop\Signature.bmp
[2012.03.28 21:55:02 | 000,004,608 | ---- | M] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.28 11:08:33 | 000,062,879 | ---- | M] () -- C:\Users\Alex\Desktop\DNI.pdf
[2012.03.27 19:19:59 | 000,232,165 | ---- | M] () -- C:\Users\Alex\Desktop\Documento excención responsabilidad.pdf
[2012.03.27 19:18:49 | 000,232,165 | ---- | M] () -- C:\Users\Alex\Desktop\exencion.pdf
[2012.03.23 12:40:20 | 000,347,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.14 11:05:04 | 000,012,687 | ---- | M] () -- C:\Users\Alex\Desktop\Hausarbeit.pdf
[2012.03.10 20:52:25 | 000,761,211 | ---- | M] () -- C:\test.xml
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.05 23:18:31 | 000,001,025 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ch8l0.exe.lnk
[2012.04.03 11:28:36 | 000,001,055 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2012.04.03 11:28:36 | 000,000,460 | ---- | C] () -- C:\Users\Public\Desktop\Google Calendar.lnk
[2012.04.02 22:09:53 | 000,016,478 | ---- | C] () -- C:\Users\Alex\Desktop\Hochschulsport - Anmeldebestätigung.mht
[2012.04.01 20:49:08 | 000,094,518 | ---- | C] () -- C:\Users\Alex\Desktop\Signature.bmp
[2012.03.28 21:55:01 | 000,004,608 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.28 11:08:33 | 000,062,879 | ---- | C] () -- C:\Users\Alex\Desktop\DNI.pdf
[2012.03.27 19:19:59 | 000,232,165 | ---- | C] () -- C:\Users\Alex\Desktop\Documento excención responsabilidad.pdf
[2012.03.27 19:18:49 | 000,232,165 | ---- | C] () -- C:\Users\Alex\Desktop\exencion.pdf
[2012.03.14 11:05:04 | 000,012,687 | ---- | C] () -- C:\Users\Alex\Desktop\Hausarbeit.pdf
[2012.01.10 16:56:16 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012.01.10 16:54:31 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll
[2012.01.10 16:53:03 | 001,179,595 | ---- | C] () -- C:\Windows\unins001.exe
[2012.01.10 16:53:03 | 000,012,344 | ---- | C] () -- C:\Windows\unins001.dat
[2012.01.10 16:44:56 | 001,199,175 | ---- | C] () -- C:\Windows\unins000.exe
[2012.01.10 16:44:56 | 000,004,263 | ---- | C] () -- C:\Windows\unins000.dat
[2012.01.09 22:43:49 | 000,017,408 | ---- | C] () -- C:\Users\Alex\AppData\Local\WebpageIcons.db
[2011.11.29 21:48:29 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.11.29 21:48:28 | 003,164,160 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011.11.29 21:48:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.11.29 21:48:28 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.11.29 21:48:28 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011.11.29 21:48:28 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.01 10:28:17 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.06.06 12:33:34 | 001,536,094 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.10.08 08:55:10 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.06.24 12:52:51 | 004,223,268 | ---- | C] () -- C:\ProgramData\SamPCFax000018E00000
[2010.06.03 14:00:59 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.06.03 14:00:50 | 000,011,590 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\SmarThruOptions.xml
[2010.06.03 14:00:39 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2010.06.03 14:00:30 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2010.06.03 14:00:17 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2010.06.03 14:00:08 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2010.06.03 13:58:01 | 000,113,768 | R--- | C] () -- C:\Windows\Wiainst.exe

< End of report >

Code:
OTL Extras logfile created on: 06.04.2012 11:24:07 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = H:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 67,28% Memory free
7,71 Gb Paging File | 6,29 Gb Available in Paging File | 81,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,45 Gb Total Space | 96,58 Gb Free Space | 65,95% Space Free | Partition Type: NTFS
Drive D: | 142,35 Gb Total Space | 74,23 Gb Free Space | 52,15% Space Free | Partition Type: NTFS
Drive H: | 1,86 Gb Total Space | 0,13 Gb Free Space | 6,99% Space Free | Partition Type: FAT
 
Computer Name: XXXX-VAIO | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1C6B6716-84AC-412A-A296-247D41EBB7FB}" = Setup_msm_VCMS_x64
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java(TM) 6 Update 30 (64-bit)
"{35A50BE1-FDD7-4FC7-CCE5-03D2A63D4CF4}" = AMD Catalyst Install Manager
"{3C32C938-3071-BEF0-1EA5-403A420031A0}" = ccc-utility64
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}" = VAIO Content Metadata Intelligent Network Service Manager
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{7ECD4ACB-E1B6-425B-B8AA-5761A59B77E0}" = Setup_VEP_x64_Contain_SSDB
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86, x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FE3CF66-4484-4D39-B47D-DEBBA173619D}" = VAIO Content Metadata Manager Settings
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C58294-36D8-4594-8A49-7AB4AE096504}" = VAIO Content Metadata XML Interface Library
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A1255354-11F3-4D25-95CC-C9B1C2320761}" = VAIO Content Metadata Intelligent Analyzing Manager
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C69A835B-67A5-4542-AD24-FE36E3140BA9}" = Setup_msm_VOFS_x64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBB823F3-E8BD-4578-9D16-42AF176FD777}" = VAIO Personalization Manager
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{01169717-5E26-9395-A544-DC9098896147}" = Catalyst Control Center InstallProxy
"{01513E3B-EB4C-BD2E-07F0-E2D9CEFCB580}" = CCC Help Italian
"{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform
"{04EAE65A-CDCF-480F-B754-5C3A9364239C}" = VAIO Original Funktion Einstellungen
"{054E7727-CAAE-FE78-F75C-7DAA3B86DCC3}" = CCC Help Spanish
"{06C05B90-2127-4933-8ABA-61833BDE13FA}" = Einstellungen für VAIO-Inhaltsüberwachung
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3
"{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix Online Plug-in (Web)
"{0C04BB3F-863B-E348-8633-03769E7A9097}" = CCC Help French
"{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility
"{116B3E3B-2FBD-1585-3A41-7C033434E585}" = CCC Help Japanese
"{13EC74A6-4707-4D26-B9B9-E173403F3B08}" = Quick Web Access
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = PMB VAIO Edition Plug-in
"{2461E016-9FB4-B233-A74D-91D11A664342}" = CCC Help English
"{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2F3BC248-F857-F353-247C-CDC433D52DD7}" = CCC Help Swedish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{34E86173-00D0-7BA5-12D2-EE1248F99406}" = CCC Help Chinese Standard
"{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E915CB7-511A-0851-CC8C-4EEAFFCCD229}" = CCC Help Portuguese
"{3FB9DC57-ED98-1720-F5E7-A184EF7F4300}" = CCC Help Finnish
"{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French
"{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DC613E6-AE72-A110-0D0A-FC764B738C04}" = CCC Help Korean
"{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese
"{51002784-18FA-8FF9-9A1A-2468E7FCA096}" = Catalyst Control Center Graphics Previews Common
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix Online Plug-in (USB)
"{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65B138AE-F636-4D4C-BA5D-A06E21E47C53}" = Remote-Tastatur mit PlayStation 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Energie Verwaltung
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix Online Plug-in (HDX)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing
"{88976B46-967A-9B1A-14AC-DC388AE2DF09}" = CCC Help Polish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOKR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9A00A308-1FFC-3E4E-976D-429E349CB5E0}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9DCA1423-F8DA-BE40-BE79-A2F60B418B01}" = CCC Help Hungarian
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B061ACC7-5819-B01A-87B5-712E713143A4}" = CCC Help Dutch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{BB9B32B9-FD41-6C73-0196-D11E4B5135BF}" = CCC Help German
"{BEBFE0AC-97E2-DE43-AF13-40F86DAEB1CA}" = CCC Help Thai
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BEF78FDE-9635-C229-60D2-FF606DF30765}" = CCC Help Chinese Traditional
"{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista
"{C454E7DD-A09A-6D06-7FF9-59753475FC09}" = Catalyst Control Center
"{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish
"{CE23BD08-F6FD-3337-D8BC-5B55E69263A5}" = Catalyst Control Center InstallProxy
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix Online Plug-in (DV)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D34598D1-07B8-4EB6-AD9A-DBDF58FFC19F}" = Adobe Shockwave Player 11.6
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch
"{DA109884-7CDC-5F21-5F0B-742AA74F84E1}" = Catalyst Control Center Localization All
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E19490CD-5380-4F37-B0A7-624D635605DC}" = Catalyst Control Center - Branding
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E7A7CD0A-8047-6241-1924-7F781A95BD85}" = CCC Help Norwegian
"{E847D16E-AA7A-33A3-AB9E-AC37B3D1E74F}" = CCC Help Russian
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish
"{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0439D76-7759-DC14-652B-6947C005196E}" = CCC Help Czech
"{F07A428D-232A-5D06-E394-2BED0F311005}" = CCC Help Turkish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46C88AD-6239-474A-8690-F9329BD36D7F}" = Remote Play with PlayStation 3
"{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All
"{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek
"{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FDB16CB6-48A0-5C95-5184-AECFF8B9716D}" = CCC Help Greek
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AMD GPU Clock Tool" = AMD GPU Clock Tool
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"Google Calendar Sync" = Google Calendar Sync
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{22008CF9-2B54-4022-AFD8-3B7D42C89E6B}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mp3tag" = Mp3tag v2.50
"OpenAL" = OpenAL
"Opera 11.62.1347" = Opera 11.62
"OUTLOOKR" = Microsoft Office Outlook 2007
"Replay Music3.98" = Replay Music
"SmarThru PC Fax" = SmarThru PC Fax
"splashtop" = Quick Web Access
"VAIO Help and Support" =
"VAIO screensaver" = VAIO screensaver
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.04.2011 14:31:13 | Computer Name = Alex-VAIO | Source = Windows Backup | ID = 4103
Description =
 
Error - 17.04.2011 17:10:30 | Computer Name = Alex-VAIO | Source = Windows Backup | ID = 4103
Description =
 
Error - 24.04.2011 13:25:01 | Computer Name = Alex-VAIO | Source = Windows Backup | ID = 4103
Description =
 
Error - 24.04.2011 13:34:56 | Computer Name = Alex-VAIO | Source = Windows Backup | ID = 4103
Description =
 
Error - 29.04.2011 01:40:01 | Computer Name = Alex-VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: VESMgrSub.exe, Version: 5.0.0.4270,
 Zeitstempel: 0x49f5774b  Name des fehlerhaften Moduls: VESColorMgr.dll, Version:
5.1.0.11300, Zeitstempel: 0x4b13a839  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000e260
ID
 des fehlerhaften Prozesses: 0xc08  Startzeit der fehlerhaften Anwendung: 0x01cc062fcd19e95f
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Sony\VAIO Event Service\VESColorMgr.dll
Berichtskennung:
 1faf2f8a-7223-11e0-b2e9-506313e03e6e
 
Error - 01.05.2011 16:08:44 | Computer Name = Alex-VAIO | Source = Windows Backup | ID = 4103
Description =
 
Error - 08.05.2011 13:00:01 | Computer Name = Alex-VAIO | Source = Windows Backup | ID = 4103
Description =
 
[ Cisco AnyConnect VPN Client Events ]
Error - 10.04.2010 08:27:56 | Computer Name = Alex-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CTunnelStateMgr::OnTunnelInitiateComplete File: .\TunnelStateMgr.cpp
Line:
 1038 Invoked Function: ITunnelProtocol::initiateTunnel Return Code: -31719410 (0xFE1C000E)
Description:
 TLSPROTOCOL_ERROR_MAX_RETRANSMITS_EXCEEDED callback
 
Error - 10.04.2010 08:27:56 | Computer Name = Alex-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CCdtpProtocol::OnTunnelInitiateComplete File: .\CdtpProtocol.cpp
Line:
 506 Invoked Function: initiateTunnel Return Code: -31522792 (0xFE1F0018) Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN_BY_USER
 
Error - 10.04.2010 08:47:46 | Computer Name = Alex-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1257 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
 Eine vorhandene Verbindung wurde vom Remotehost geschlossen. 
 
Error - 10.04.2010 08:47:46 | Computer Name = Alex-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1258 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
 unknown
 
Error - 10.04.2010 08:47:46 | Computer Name = Alex-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 823 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
 
Error - 10.04.2010 08:47:46 | Computer Name = Alex-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 811 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
 
Error - 10.04.2010 08:47:46 | Computer Name = Alex-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1644 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
 Verbindung wurde vom Remotehost geschlossen. 
 
Error - 10.04.2010 08:47:46 | Computer Name = Alex-VAIO | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 385 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
 
Error - 10.04.2010 08:47:54 | Computer Name = Alex-VAIO | Source = vpnagent | ID = 67110873
Description = Termination reason code 5: The user is logging off the system.
 
Error - 10.04.2010 08:47:54 | Computer Name = Alex-VAIO | Source = vpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\BrowserProxy.cpp Line:
 1040 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: Das System
 kann die angegebene Datei nicht finden. 
 
[ OSession Events ]
Error - 16.12.2011 11:50:18 | Computer Name = Alex-VAIO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 06.04.2012 05:21:11 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 06.04.2012 05:21:11 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 06.04.2012 05:21:11 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 06.04.2012 05:22:31 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%577
 
Error - 06.04.2012 05:22:31 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 06.04.2012 05:22:31 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%577
 
Error - 06.04.2012 05:22:33 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "regi" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%2
 
Error - 06.04.2012 05:22:33 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Roxio Upnp Server 10 erreicht.
 
Error - 06.04.2012 05:22:36 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Vstor2 WS60 Virtual Storage Driver" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%3
 
Error - 06.04.2012 05:22:38 | Computer Name = Alex-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "VMware Authorization Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%2
 
 
< End of report >

Tausend Dank für die Hilfe

Alex

cosinus 06.04.2012 16:25
Zitat:
D:\Nintendo\ganjin_ktr_2012.exe (Trojan.Agent.CK)
Was soll das sein?
Quelle? Sind und Zweck dieser Datei?

hummel1980 06.04.2012 18:56
Hallo,
das ist ein Programm das dazu dient vollen Zugang auf seine Wii zu bekommen.
Brauche es auch nicht mehr.

cosinus 06.04.2012 19:44
Ok, dann schmeiß es weg.
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

hummel1980 06.04.2012 20:36
Hallo Arne,

habe nochmal nachgeschaut, ich habe nur ein Log in malwarebytes.


Danke

Alex

cosinus 06.04.2012 20:59
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


hummel1980 06.04.2012 22:56
Hoffe es stimmt so,

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e02225a38809994b9ff5ee8fdd3dfb7f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-06 09:52:26
# local_time=2012-04-06 11:52:26 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 6584331 85374673 0 0
# compatibility_mode=8192 67108863 100 0 217 217 0 0
# scanned=180779
# found=1
# cleaned=0
# scan_time=4323
C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\a4bded1-6e91b701        a variant of Java/Exploit.CVE-2012-0507.H trojan (unable to clean)        00000000000000000000000000000000        I

cosinus 06.04.2012 23:13
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

hummel1980 07.04.2012 08:26
Hallo Arne,

der normale Modus geht wieder uneingeschränkt.
Im Startmenü war der Ordner RivaTuner leer. Das Programm funktioniert aber und muss auch nicht wieder ins Startmenü.

Was mir noch aufgefallen ist im Startmenü unter Autostart steht immer noch die ch810.exe drin.

Danke

Alex

cosinus 07.04.2012 17:54
SOnst keine leeren Ordner? Der Müll ch810.exe kann natürlich weg.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

hummel1980 07.04.2012 18:25
Code:
OTL logfile created on: 07.04.2012 19:14:48 - Run 2
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Alex\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 64,53% Memory free
7,71 Gb Paging File | 6,07 Gb Available in Paging File | 78,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,45 Gb Total Space | 95,66 Gb Free Space | 65,32% Space Free | Partition Type: NTFS
Drive D: | 142,35 Gb Total Space | 74,23 Gb Free Space | 52,15% Space Free | Partition Type: NTFS
 
Computer Name: XXXX-VAIO | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.07 09:30:52 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2011.01.20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2010.11.19 23:17:32 | 000,326,256 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.11.19 23:17:08 | 000,399,984 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
PRC - [2009.12.14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.12.07 13:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
PRC - [2009.12.01 23:03:52 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
PRC - [2009.11.21 01:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.11.21 01:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.10.24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009.09.12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009.09.12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2009.08.26 20:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
PRC - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.18 17:09:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.18 17:08:48 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.18 17:08:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.18 17:08:29 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.18 17:08:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.18 17:08:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.18 17:08:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.10.12 18:57:58 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2009.12.24 22:06:05 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.09.23 15:37:08 | 001,429,608 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2011.04.27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.02.18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2011.01.20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2011.01.20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.11.19 23:17:32 | 000,326,256 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.11.19 23:17:08 | 000,399,984 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.10.25 18:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2010.10.12 16:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010.09.27 16:13:26 | 000,074,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.10 09:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010.09.10 09:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.12.17 16:32:32 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009.12.14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.12.14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.12.07 13:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe -- (Realtek87B)
SRV - [2009.11.30 20:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.11.21 01:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.10.24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.09.04 23:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.08.31 02:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.08.31 02:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 11:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007.07.24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007.01.04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.09.21 09:23:16 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.09.21 09:23:14 | 000,095,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.04.27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.19 23:18:44 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.11.19 23:18:38 | 000,076,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.11.19 23:18:38 | 000,064,624 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.11.19 23:18:36 | 000,029,808 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd2)
DRV:64bit: - [2010.11.19 23:18:34 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.11.19 17:02:46 | 000,038,960 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.11.19 17:02:46 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010.11.19 17:02:46 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010.10.08 08:55:08 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.08.16 14:45:56 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVicHW64.sys -- (TVICHW64)
DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.03.02 00:46:31 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.03.02 00:46:31 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.01.07 05:20:22 | 000,448,512 | R--- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8187.sys -- (RTL8187)
DRV:64bit: - [2009.12.24 22:06:08 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.12.24 22:06:08 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009.12.17 16:18:52 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009.12.16 22:03:59 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009.12.16 22:03:04 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.12.16 04:49:48 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.14 22:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.11.21 01:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.18 06:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.11.18 06:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.11.18 06:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.11.18 06:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 06:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.11.13 22:08:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.11.12 22:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.11.12 22:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.06 22:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009.11.04 11:59:59 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.09.15 22:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009.09.08 18:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009.08.19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb80236.sys -- (usbrndis6)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 15:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.05.20 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.03.25 13:44:39 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp)
DRV:64bit: - [2008.04.28 13:03:46 | 000,047,160 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools64)
DRV:64bit: - [2007.10.22 08:58:43 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2007.04.17 12:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2007.04.17 12:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (6077757b)
DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010.03.01 19:14:27 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\OverClocking\RivaTuner v2.24\RivaTuner64.sys -- (RivaTuner64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)
DRV - [2007.04.17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (6077757b)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-118624394-4124834387-1832857713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKU\S-1-5-21-118624394-4124834387-1832857713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-118624394-4124834387-1832857713-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKU\S-1-5-21-118624394-4124834387-1832857713-1000\..\SearchScopes,DefaultScope = {4818C373-4036-4DBF-90A0-A28BF7E90735}
IE - HKU\S-1-5-21-118624394-4124834387-1832857713-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-118624394-4124834387-1832857713-1000\..\SearchScopes\{4818C373-4036-4DBF-90A0-A28BF7E90735}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
IE - HKU\S-1-5-21-118624394-4124834387-1832857713-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-118624394-4124834387-1832857713-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
O1 HOSTS File: ([2010.11.19 12:11:36 | 000,000,998 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.0\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.0\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - CC:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 131.188.0.10 131.188.0.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DD0B22D-C026-4940-9700-1362E8BA5673}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9994384A-65FD-48EA-BB18-6DD5C60F3C8B}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAE4F192-2640-4841-9374-33158C668981}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD9CB8B8-B045-4C70-BF22-3EB04D68DE1C}: DhcpNameServer = 192.168.1.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B}: DhcpNameServer = 131.188.0.10 131.188.0.11
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - D:\Programme\ICQ7.0\ICQ7.2\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: PMBVolumeWatcher - hkey= - key= - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX:64bit: >{DB562198-3A06-4B5D-86EF-D9ED5AD005BC} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\Windows\SysWow64\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
Drivers32: VIDC.VP70 - C:\Windows\SysWow64\vp7vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.07 09:30:52 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012.04.06 22:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.04.06 22:36:24 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Alex\Desktop\esetsmartinstaller_enu.exe
[2012.04.06 10:31:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2012.04.06 10:31:17 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.04.06 10:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.06 10:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.02 22:15:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Sojka
[2012.03.28 22:06:09 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Mp3tag
[2012.03.28 21:47:59 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.03.22 23:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.03.22 23:25:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2012.03.09 21:43:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Silvia
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.07 12:48:12 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.07 12:48:12 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.07 12:40:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.07 12:40:06 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.07 09:30:52 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012.04.06 22:37:03 | 001,513,636 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.06 22:37:03 | 000,659,212 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.06 22:37:03 | 000,621,054 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.06 22:37:03 | 000,132,478 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.06 22:37:03 | 000,108,860 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.06 22:36:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Alex\Desktop\esetsmartinstaller_enu.exe
[2012.04.05 18:39:14 | 000,001,096 | ---- | M] () -- C:\Users\Alex\Desktop\Gutachten.lnk
[2012.04.04 21:29:21 | 000,002,485 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.04.03 11:28:36 | 000,001,055 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2012.04.03 11:28:36 | 000,000,460 | ---- | M] () -- C:\Users\Public\Desktop\Google Calendar.lnk
[2012.04.02 22:09:53 | 000,016,478 | ---- | M] () -- C:\Users\Alex\Desktop\Hochschulsport - Anmeldebestätigung.mht
[2012.04.02 11:06:57 | 000,011,590 | ---- | M] () -- C:\Users\Alex\AppData\Roaming\SmarThruOptions.xml
[2012.04.01 20:50:41 | 000,094,518 | ---- | M] () -- C:\Users\Alex\Desktop\Signature.bmp
[2012.03.28 21:55:02 | 000,004,608 | ---- | M] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.28 11:08:33 | 000,062,879 | ---- | M] () -- C:\Users\Alex\Desktop\DNI.pdf
[2012.03.27 19:19:59 | 000,232,165 | ---- | M] () -- C:\Users\Alex\Desktop\Documento excención responsabilidad.pdf
[2012.03.27 19:18:49 | 000,232,165 | ---- | M] () -- C:\Users\Alex\Desktop\exencion.pdf
[2012.03.23 12:40:20 | 000,347,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.14 11:05:04 | 000,012,687 | ---- | M] () -- C:\Users\Alex\Desktop\Hausarbeit.pdf
[2012.03.10 20:52:25 | 000,761,211 | ---- | M] () -- C:\test.xml
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Users\Alex\Desktop\*.tmp files -> C:\Users\Alex\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.03 11:28:36 | 000,001,055 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
[2012.04.03 11:28:36 | 000,000,460 | ---- | C] () -- C:\Users\Public\Desktop\Google Calendar.lnk
[2012.04.02 22:09:53 | 000,016,478 | ---- | C] () -- C:\Users\Alex\Desktop\Hochschulsport - Anmeldebestätigung.mht
[2012.04.01 20:49:08 | 000,094,518 | ---- | C] () -- C:\Users\Alex\Desktop\Signature.bmp
[2012.03.28 21:55:01 | 000,004,608 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.28 11:08:33 | 000,062,879 | ---- | C] () -- C:\Users\Alex\Desktop\DNI.pdf
[2012.03.27 19:19:59 | 000,232,165 | ---- | C] () -- C:\Users\Alex\Desktop\Documento excención responsabilidad.pdf
[2012.03.27 19:18:49 | 000,232,165 | ---- | C] () -- C:\Users\Alex\Desktop\exencion.pdf
[2012.03.14 11:05:04 | 000,012,687 | ---- | C] () -- C:\Users\Alex\Desktop\Hausarbeit.pdf
[2012.01.10 16:56:16 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012.01.10 16:54:31 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll
[2012.01.10 16:53:03 | 001,179,595 | ---- | C] () -- C:\Windows\unins001.exe
[2012.01.10 16:53:03 | 000,012,344 | ---- | C] () -- C:\Windows\unins001.dat
[2012.01.10 16:44:56 | 001,199,175 | ---- | C] () -- C:\Windows\unins000.exe
[2012.01.10 16:44:56 | 000,004,263 | ---- | C] () -- C:\Windows\unins000.dat
[2012.01.09 22:43:49 | 000,017,408 | ---- | C] () -- C:\Users\Alex\AppData\Local\WebpageIcons.db
[2011.11.29 21:48:29 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.11.29 21:48:28 | 003,164,160 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2011.11.29 21:48:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.11.29 21:48:28 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.11.29 21:48:28 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011.11.29 21:48:28 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.01 10:28:17 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.06.06 12:33:34 | 001,536,094 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.10.08 08:55:10 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.06.24 12:52:51 | 004,223,268 | ---- | C] () -- C:\ProgramData\SamPCFax000018E00000
[2010.06.03 14:00:59 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.06.03 14:00:50 | 000,011,590 | ---- | C] () -- C:\Users\Alex\AppData\Roaming\SmarThruOptions.xml
[2010.06.03 14:00:39 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2010.06.03 14:00:30 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2010.06.03 14:00:17 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2010.06.03 14:00:08 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2010.06.03 13:58:01 | 000,113,768 | R--- | C] () -- C:\Windows\Wiainst.exe
 
========== LOP Check ==========
 
[2010.03.02 17:10:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\AppData\Roaming\.#
[2010.03.02 16:22:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Auslogics
[2012.01.24 22:35:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dropbox
[2010.04.16 20:30:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ICAClient
[2011.08.28 21:48:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ICQ
[2012.03.28 22:23:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mp3tag
[2011.09.08 09:52:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Notepad++
[2012.01.11 00:09:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Opera
[2011.12.21 23:29:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Samsung
[2010.12.02 13:09:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SanDisk
[2010.06.03 14:00:53 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SmarThru4
[2011.06.07 19:02:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spotify
[2012.01.21 18:49:43 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Windows Live Writer
[2012.03.27 14:49:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.03.02 17:10:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\AppData\Roaming\.#
[2010.03.02 17:16:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Adobe
[2010.03.01 21:49:49 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ArcSoft
[2010.03.01 11:38:00 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ATI
[2010.03.02 16:22:03 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Auslogics
[2010.03.01 20:40:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Corel
[2012.01.24 22:35:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dropbox
[2010.03.01 20:19:41 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\dvdcss
[2010.03.01 11:58:36 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Google
[2010.04.16 20:30:44 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ICAClient
[2011.08.28 21:48:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ICQ
[2010.03.01 11:20:58 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Identities
[2011.09.08 11:48:12 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\IDMComp
[2010.05.13 20:01:20 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\InstallShield
[2010.03.01 11:38:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Intel Corporation
[2010.03.01 12:12:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Macromedia
[2012.04.06 10:31:24 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Malwarebytes
[2009.12.26 04:08:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Media Center Programs
[2012.04.01 20:52:08 | 000,000,000 | --SD | M] -- C:\Users\Alex\AppData\Roaming\Microsoft
[2012.03.28 22:23:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Mp3tag
[2011.12.29 20:01:02 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Nero
[2011.09.08 09:52:56 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Notepad++
[2012.01.11 00:09:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Opera
[2010.06.28 22:18:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Roxio
[2011.12.21 23:29:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Samsung
[2010.12.02 13:09:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SanDisk
[2010.03.06 20:19:53 | 000,000,000 | RH-D | M] -- C:\Users\Alex\AppData\Roaming\SecuROM
[2012.04.04 23:00:05 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Skype
[2010.06.03 14:00:53 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SmarThru4
[2010.03.02 17:49:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sony Corporation
[2011.06.07 19:02:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spotify
[2012.01.08 20:07:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\VMware
[2012.01.21 18:49:43 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Windows Live Writer
[2011.10.30 16:44:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.12.05 21:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.12.05 21:17:50 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alex\AppData\Roaming\Dropbox\bin\Uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.11.21 01:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.11.21 01:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_53f33454d751d4bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >

cosinus 07.04.2012 19:06
Ist unauffällig

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

hummel1980 07.04.2012 20:44
Hallo,

ich konnte bein TDSS Killer keine Häckchen setzen. Er hat aber auch ncihts gefunden.

Code:
21:38:13.0165 2196        TDSS rootkit removing tool 2.7.26.0 Apr  4 2012 19:52:02
21:38:13.0243 2196        ============================================================
21:38:13.0243 2196        Current date / time: 2012/04/07 21:38:13.0243
21:38:13.0243 2196        SystemInfo:
21:38:13.0243 2196       
21:38:13.0243 2196        OS Version: 6.1.7601 ServicePack: 1.0
21:38:13.0243 2196        Product type: Workstation
21:38:13.0243 2196        ComputerName: ALEX-VAIO
21:38:13.0243 2196        UserName: Alex
21:38:13.0243 2196        Windows directory: C:\Windows
21:38:13.0243 2196        System windows directory: C:\Windows
21:38:13.0243 2196        Running under WOW64
21:38:13.0243 2196        Processor architecture: Intel x64
21:38:13.0243 2196        Number of processors: 4
21:38:13.0243 2196        Page size: 0x1000
21:38:13.0243 2196        Boot type: Normal boot
21:38:13.0243 2196        ============================================================
21:38:13.0820 2196        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:38:13.0836 2196        \Device\Harddisk0\DR0:
21:38:13.0836 2196        MBR used
21:38:13.0836 2196        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1264800, BlocksNum 0x32000
21:38:13.0836 2196        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1296800, BlocksNum 0x124E52B0
21:38:13.0852 2196        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1377C800, BlocksNum 0x11CB1800
21:38:13.0930 2196        Initialize success
21:38:13.0930 2196        ============================================================
21:38:52.0930 4228        ============================================================
21:38:52.0930 4228        Scan started
21:38:52.0930 4228        Mode: Manual;
21:38:52.0930 4228        ============================================================
21:38:53.0476 4228        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:38:53.0491 4228        1394ohci - ok
21:38:53.0616 4228        6077757b        (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
21:38:53.0616 4228        6077757b - ok
21:38:53.0694 4228        ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:38:53.0694 4228        ACDaemon - ok
21:38:53.0803 4228        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:38:53.0803 4228        ACPI - ok
21:38:53.0897 4228        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:38:53.0897 4228        AcpiPmi - ok
21:38:54.0006 4228        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:38:54.0006 4228        adp94xx - ok
21:38:54.0100 4228        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:38:54.0100 4228        adpahci - ok
21:38:54.0193 4228        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:38:54.0193 4228        adpu320 - ok
21:38:54.0271 4228        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:38:54.0271 4228        AeLookupSvc - ok
21:38:54.0381 4228        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:38:54.0396 4228        AFD - ok
21:38:54.0474 4228        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:38:54.0474 4228        agp440 - ok
21:38:54.0552 4228        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:38:54.0552 4228        ALG - ok
21:38:54.0646 4228        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:38:54.0646 4228        aliide - ok
21:38:54.0724 4228        AMD External Events Utility (0773999e53bce395f2c76df004f1b814) C:\Windows\system32\atiesrxx.exe
21:38:54.0724 4228        AMD External Events Utility - ok
21:38:54.0817 4228        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:38:54.0817 4228        amdide - ok
21:38:54.0911 4228        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:38:54.0911 4228        AmdK8 - ok
21:38:55.0176 4228        amdkmdag        (89a3d56ce4044f35b9d08dd37193bbfc) C:\Windows\system32\DRIVERS\atikmdag.sys
21:38:55.0301 4228        amdkmdag - ok
21:38:55.0410 4228        amdkmdap        (dca6e341a4a7c31ea8a14c6166c9b249) C:\Windows\system32\DRIVERS\atikmpag.sys
21:38:55.0410 4228        amdkmdap - ok
21:38:55.0504 4228        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:38:55.0504 4228        AmdPPM - ok
21:38:55.0597 4228        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:38:55.0613 4228        amdsata - ok
21:38:55.0691 4228        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:38:55.0691 4228        amdsbs - ok
21:38:55.0800 4228        AmdTools64      (deda72a4ab5416ad0a09faecfa6056c2) C:\Windows\system32\DRIVERS\AmdTools64.sys
21:38:55.0800 4228        AmdTools64 - ok
21:38:55.0894 4228        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:38:55.0894 4228        amdxata - ok
21:38:55.0941 4228        AODDriver - ok
21:38:56.0034 4228        ApfiltrService  (1661f9c9e4b0049fa0a5e30264375a87) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:38:56.0034 4228        ApfiltrService - ok
21:38:56.0128 4228        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:38:56.0128 4228        AppID - ok
21:38:56.0190 4228        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:38:56.0190 4228        AppIDSvc - ok
21:38:56.0268 4228        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:38:56.0284 4228        Appinfo - ok
21:38:56.0377 4228        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:38:56.0377 4228        arc - ok
21:38:56.0455 4228        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:38:56.0455 4228        arcsas - ok
21:38:56.0549 4228        ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
21:38:56.0549 4228        ArcSoftKsUFilter - ok
21:38:56.0643 4228        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:38:56.0643 4228        AsyncMac - ok
21:38:56.0736 4228        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:38:56.0736 4228        atapi - ok
21:38:56.0908 4228        athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
21:38:56.0923 4228        athr - ok
21:38:57.0220 4228        atikmdag        (89a3d56ce4044f35b9d08dd37193bbfc) C:\Windows\system32\DRIVERS\atikmdag.sys
21:38:57.0251 4228        atikmdag - ok
21:38:57.0298 4228        atillk64 - ok
21:38:57.0376 4228        atksgt          (4aef9ec86818375495fb78ca58df4e18) C:\Windows\system32\DRIVERS\atksgt.sys
21:38:57.0391 4228        atksgt - ok
21:38:57.0485 4228        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:38:57.0485 4228        AudioEndpointBuilder - ok
21:38:57.0501 4228        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:38:57.0516 4228        AudioSrv - ok
21:38:57.0594 4228        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:38:57.0594 4228        AxInstSV - ok
21:38:57.0688 4228        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:38:57.0688 4228        b06bdrv - ok
21:38:57.0781 4228        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:38:57.0781 4228        b57nd60a - ok
21:38:57.0859 4228        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:38:57.0875 4228        BDESVC - ok
21:38:57.0953 4228        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:38:57.0953 4228        Beep - ok
21:38:58.0047 4228        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:38:58.0062 4228        BFE - ok
21:38:58.0171 4228        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:38:58.0187 4228        BITS - ok
21:38:58.0265 4228        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
21:38:58.0265 4228        blbdrive - ok
21:38:58.0468 4228        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:38:58.0468 4228        bowser - ok
21:38:58.0546 4228        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:38:58.0561 4228        BrFiltLo - ok
21:38:58.0639 4228        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:38:58.0639 4228        BrFiltUp - ok
21:38:58.0733 4228        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:38:58.0733 4228        Browser - ok
21:38:58.0827 4228        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:38:58.0827 4228        Brserid - ok
21:38:58.0905 4228        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:38:58.0905 4228        BrSerWdm - ok
21:38:58.0998 4228        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:38:58.0998 4228        BrUsbMdm - ok
21:38:59.0076 4228        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:38:59.0076 4228        BrUsbSer - ok
21:38:59.0139 4228        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:38:59.0139 4228        BthEnum - ok
21:38:59.0232 4228        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:38:59.0232 4228        BTHMODEM - ok
21:38:59.0326 4228        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:38:59.0326 4228        BthPan - ok
21:38:59.0419 4228        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
21:38:59.0435 4228        BTHPORT - ok
21:38:59.0529 4228        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:38:59.0529 4228        bthserv - ok
21:38:59.0716 4228        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
21:38:59.0716 4228        BTHUSB - ok
21:38:59.0794 4228        btusbflt        (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
21:38:59.0794 4228        btusbflt - ok
21:38:59.0872 4228        btwaudio        (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
21:38:59.0872 4228        btwaudio - ok
21:38:59.0965 4228        btwavdt        (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
21:38:59.0965 4228        btwavdt - ok
21:39:00.0059 4228        btwdins        (31da517946ffe416442e864592548f8a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:39:00.0075 4228        btwdins - ok
21:39:00.0153 4228        btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:39:00.0153 4228        btwl2cap - ok
21:39:00.0246 4228        btwrchid        (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
21:39:00.0246 4228        btwrchid - ok
21:39:00.0324 4228        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:39:00.0324 4228        cdfs - ok
21:39:00.0418 4228        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:39:00.0418 4228        cdrom - ok
21:39:00.0511 4228        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:39:00.0511 4228        CertPropSvc - ok
21:39:00.0589 4228        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:39:00.0589 4228        circlass - ok
21:39:00.0667 4228        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:39:00.0667 4228        CLFS - ok
21:39:00.0745 4228        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:39:00.0745 4228        clr_optimization_v2.0.50727_32 - ok
21:39:00.0839 4228        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:39:00.0839 4228        clr_optimization_v2.0.50727_64 - ok
21:39:00.0933 4228        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:39:00.0933 4228        clr_optimization_v4.0.30319_32 - ok
21:39:01.0057 4228        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:39:01.0057 4228        clr_optimization_v4.0.30319_64 - ok
21:39:01.0151 4228        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:39:01.0151 4228        CmBatt - ok
21:39:01.0245 4228        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:39:01.0245 4228        cmdide - ok
21:39:01.0354 4228        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:39:01.0354 4228        CNG - ok
21:39:01.0447 4228        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:39:01.0447 4228        Compbatt - ok
21:39:01.0541 4228        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:39:01.0541 4228        CompositeBus - ok
21:39:01.0588 4228        COMSysApp - ok
21:39:01.0650 4228        cpuz130 - ok
21:39:01.0744 4228        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:39:01.0744 4228        crcdisk - ok
21:39:01.0822 4228        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:39:01.0822 4228        CryptSvc - ok
21:39:01.0915 4228        ctxusbm        (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
21:39:01.0915 4228        ctxusbm - ok
21:39:02.0009 4228        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:39:02.0009 4228        DcomLaunch - ok
21:39:02.0103 4228        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:39:02.0103 4228        defragsvc - ok
21:39:02.0196 4228        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:39:02.0196 4228        DfsC - ok
21:39:02.0274 4228        dgderdrv - ok
21:39:02.0368 4228        DgiVecp        (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys
21:39:02.0368 4228        DgiVecp - ok
21:39:02.0477 4228        dg_ssudbus      (3ce3066ab1ccc094b4f0f1285cda4609) C:\Windows\system32\DRIVERS\ssudbus.sys
21:39:02.0477 4228        dg_ssudbus - ok
21:39:02.0586 4228        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:39:02.0586 4228        Dhcp - ok
21:39:02.0664 4228        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:39:02.0664 4228        discache - ok
21:39:02.0758 4228        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:39:02.0758 4228        Disk - ok
21:39:02.0851 4228        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:39:02.0851 4228        Dnscache - ok
21:39:02.0929 4228        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:39:02.0945 4228        dot3svc - ok
21:39:03.0023 4228        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:39:03.0023 4228        DPS - ok
21:39:03.0117 4228        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:39:03.0117 4228        drmkaud - ok
21:39:03.0226 4228        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:39:03.0241 4228        DXGKrnl - ok
21:39:03.0304 4228        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:39:03.0319 4228        EapHost - ok
21:39:03.0460 4228        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:39:03.0569 4228        ebdrv - ok
21:39:03.0631 4228        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:39:03.0631 4228        EFS - ok
21:39:03.0709 4228        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:39:03.0709 4228        ehRecvr - ok
21:39:03.0741 4228        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:39:03.0741 4228        ehSched - ok
21:39:03.0834 4228        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:39:03.0834 4228        elxstor - ok
21:39:03.0943 4228        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:39:03.0943 4228        ErrDev - ok
21:39:04.0037 4228        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:39:04.0037 4228        EventSystem - ok
21:39:04.0131 4228        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:39:04.0131 4228        exfat - ok
21:39:04.0224 4228        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:39:04.0224 4228        fastfat - ok
21:39:04.0318 4228        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:39:04.0318 4228        Fax - ok
21:39:04.0411 4228        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:39:04.0411 4228        fdc - ok
21:39:04.0489 4228        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:39:04.0489 4228        fdPHost - ok
21:39:04.0567 4228        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:39:04.0567 4228        FDResPub - ok
21:39:04.0661 4228        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:39:04.0661 4228        FileInfo - ok
21:39:04.0739 4228        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:39:04.0739 4228        Filetrace - ok
21:39:04.0833 4228        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:39:04.0833 4228        flpydisk - ok
21:39:04.0942 4228        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:39:04.0942 4228        FltMgr - ok
21:39:05.0051 4228        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:39:05.0082 4228        FontCache - ok
21:39:05.0160 4228        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:39:05.0160 4228        FontCache3.0.0.0 - ok
21:39:05.0223 4228        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:39:05.0238 4228        FsDepends - ok
21:39:05.0301 4228        fssfltr        (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
21:39:05.0301 4228        fssfltr - ok
21:39:05.0425 4228        fsssvc          (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:39:05.0441 4228        fsssvc - ok
21:39:05.0535 4228        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:39:05.0535 4228        Fs_Rec - ok
21:39:05.0628 4228        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:39:05.0628 4228        fvevol - ok
21:39:05.0722 4228        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:39:05.0722 4228        gagp30kx - ok
21:39:05.0800 4228        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:39:05.0815 4228        gpsvc - ok
21:39:05.0909 4228        hcmon          (b845992aaf60d1b61c0d5fa73193efaa) C:\Windows\system32\drivers\hcmon.sys
21:39:05.0909 4228        hcmon - ok
21:39:05.0987 4228        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:39:05.0987 4228        hcw85cir - ok
21:39:06.0096 4228        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:39:06.0096 4228        HdAudAddService - ok
21:39:06.0174 4228        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:39:06.0174 4228        HDAudBus - ok
21:39:06.0268 4228        HECIx64        (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys
21:39:06.0268 4228        HECIx64 - ok
21:39:06.0361 4228        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:39:06.0361 4228        HidBatt - ok
21:39:06.0455 4228        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:39:06.0455 4228        HidBth - ok
21:39:06.0533 4228        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:39:06.0533 4228        HidIr - ok
21:39:06.0627 4228        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:39:06.0642 4228        hidserv - ok
21:39:06.0736 4228        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:39:06.0736 4228        HidUsb - ok
21:39:06.0829 4228        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:39:06.0829 4228        hkmsvc - ok
21:39:06.0923 4228        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:39:06.0923 4228        HomeGroupListener - ok
21:39:07.0001 4228        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:39:07.0001 4228        HomeGroupProvider - ok
21:39:07.0095 4228        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:39:07.0095 4228        HpSAMD - ok
21:39:07.0204 4228        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:39:07.0204 4228        HTTP - ok
21:39:07.0313 4228        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:39:07.0313 4228        hwpolicy - ok
21:39:07.0407 4228        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:39:07.0407 4228        i8042prt - ok
21:39:07.0516 4228        iaStor          (073a606333b6f7bbf20aa856df7f0997) C:\Windows\system32\drivers\iaStor.sys
21:39:07.0516 4228        iaStor - ok
21:39:07.0563 4228        IAStorDataMgrSvc (cc800d2d9fd467542bac7c186c4774ad) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:39:07.0563 4228        IAStorDataMgrSvc - ok
21:39:07.0672 4228        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:39:07.0672 4228        iaStorV - ok
21:39:07.0797 4228        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:39:07.0797 4228        idsvc - ok
21:39:08.0046 4228        igfx            (31d1aff484d8a0906cf8d44251ec390f) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:39:08.0218 4228        igfx - ok
21:39:08.0311 4228        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:39:08.0311 4228        iirsp - ok
21:39:08.0389 4228        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:39:08.0405 4228        IKEEXT - ok
21:39:08.0499 4228        Impcd          (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
21:39:08.0499 4228        Impcd - ok
21:39:08.0655 4228        IntcAzAudAddService (0f144e5f46cb9043004b5e84aa4bca6a) C:\Windows\system32\drivers\RTKVHD64.sys
21:39:08.0670 4228        IntcAzAudAddService - ok
21:39:08.0764 4228        IntcDAud        (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:39:08.0764 4228        IntcDAud - ok
21:39:08.0857 4228        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:39:08.0873 4228        intelide - ok
21:39:08.0951 4228        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
21:39:08.0951 4228        intelppm - ok
21:39:09.0029 4228        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:39:09.0029 4228        IPBusEnum - ok
21:39:09.0123 4228        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:39:09.0123 4228        IpFilterDriver - ok
21:39:09.0216 4228        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:39:09.0216 4228        iphlpsvc - ok
21:39:09.0325 4228        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:39:09.0325 4228        IPMIDRV - ok
21:39:09.0419 4228        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:39:09.0419 4228        IPNAT - ok
21:39:09.0513 4228        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:39:09.0513 4228        IRENUM - ok
21:39:09.0591 4228        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:39:09.0606 4228        isapnp - ok
21:39:09.0700 4228        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:39:09.0700 4228        iScsiPrt - ok
21:39:09.0747 4228        IviRegMgr      (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:39:09.0762 4228        IviRegMgr - ok
21:39:09.0871 4228        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:39:09.0871 4228        kbdclass - ok
21:39:09.0949 4228        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:39:09.0965 4228        kbdhid - ok
21:39:10.0043 4228        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:39:10.0043 4228        KeyIso - ok
21:39:10.0152 4228        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:39:10.0152 4228        KSecDD - ok
21:39:10.0246 4228        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:39:10.0246 4228        KSecPkg - ok
21:39:10.0339 4228        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:39:10.0355 4228        ksthunk - ok
21:39:10.0433 4228        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:39:10.0433 4228        KtmRm - ok
21:39:10.0511 4228        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:39:10.0527 4228        LanmanServer - ok
21:39:10.0605 4228        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:39:10.0605 4228        LanmanWorkstation - ok
21:39:10.0698 4228        lirsgt          (b658b7076b1acaa5876524595630f183) C:\Windows\system32\DRIVERS\lirsgt.sys
21:39:10.0698 4228        lirsgt - ok
21:39:10.0792 4228        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:39:10.0792 4228        lltdio - ok
21:39:10.0870 4228        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:39:10.0870 4228        lltdsvc - ok
21:39:10.0948 4228        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:39:10.0963 4228        lmhosts - ok
21:39:11.0057 4228        LMS            (5460828f8951d310b42b442877603b8d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:39:11.0073 4228        LMS - ok
21:39:11.0166 4228        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:39:11.0166 4228        LSI_FC - ok
21:39:11.0260 4228        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:39:11.0260 4228        LSI_SAS - ok
21:39:11.0338 4228        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:39:11.0353 4228        LSI_SAS2 - ok
21:39:11.0431 4228        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:39:11.0431 4228        LSI_SCSI - ok
21:39:11.0525 4228        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:39:11.0525 4228        luafv - ok
21:39:11.0634 4228        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:39:11.0650 4228        MBAMProtector - ok
21:39:11.0743 4228        MBAMService    (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:39:11.0743 4228        MBAMService - ok
21:39:11.0837 4228        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:39:11.0837 4228        Mcx2Svc - ok
21:39:11.0931 4228        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:39:11.0931 4228        megasas - ok
21:39:12.0009 4228        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:39:12.0024 4228        MegaSR - ok
21:39:12.0102 4228        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:39:12.0102 4228        MMCSS - ok
21:39:12.0180 4228        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:39:12.0180 4228        Modem - ok
21:39:12.0258 4228        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:39:12.0258 4228        monitor - ok
21:39:12.0352 4228        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:39:12.0352 4228        mouclass - ok
21:39:12.0461 4228        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:39:12.0461 4228        mouhid - ok
21:39:12.0555 4228        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:39:12.0555 4228        mountmgr - ok
21:39:12.0945 4228        MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
21:39:12.0945 4228        MpFilter - ok
21:39:13.0038 4228        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:39:13.0038 4228        mpio - ok
21:39:13.0147 4228        MpNWMon        (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:39:13.0147 4228        MpNWMon - ok
21:39:13.0241 4228        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:39:13.0241 4228        mpsdrv - ok
21:39:13.0335 4228        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:39:13.0350 4228        MpsSvc - ok
21:39:13.0444 4228        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:39:13.0444 4228        MRxDAV - ok
21:39:13.0537 4228        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:39:13.0553 4228        mrxsmb - ok
21:39:13.0647 4228        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:39:13.0647 4228        mrxsmb10 - ok
21:39:13.0740 4228        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:39:13.0740 4228        mrxsmb20 - ok
21:39:13.0849 4228        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:39:13.0849 4228        msahci - ok
21:39:13.0943 4228        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:39:13.0943 4228        msdsm - ok
21:39:14.0021 4228        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:39:14.0021 4228        MSDTC - ok
21:39:14.0115 4228        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:39:14.0115 4228        Msfs - ok
21:39:14.0193 4228        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:39:14.0193 4228        mshidkmdf - ok
21:39:14.0286 4228        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:39:14.0286 4228        msisadrv - ok
21:39:14.0364 4228        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:39:14.0364 4228        MSiSCSI - ok
21:39:14.0411 4228        msiserver - ok
21:39:14.0458 4228        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:39:14.0458 4228        MSKSSRV - ok
21:39:14.0583 4228        MsMpSvc        (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
21:39:14.0583 4228        MsMpSvc - ok
21:39:14.0661 4228        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:39:14.0661 4228        MSPCLOCK - ok
21:39:14.0754 4228        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:39:14.0754 4228        MSPQM - ok
21:39:14.0848 4228        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:39:14.0863 4228        MsRPC - ok
21:39:14.0957 4228        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:39:14.0957 4228        mssmbios - ok
21:39:15.0035 4228        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:39:15.0035 4228        MSTEE - ok
21:39:15.0129 4228        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:39:15.0129 4228        MTConfig - ok
21:39:15.0222 4228        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:39:15.0222 4228        Mup - ok
21:39:15.0300 4228        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:39:15.0316 4228        napagent - ok
21:39:15.0409 4228        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:39:15.0409 4228        NativeWifiP - ok
21:39:15.0534 4228        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:39:15.0550 4228        NDIS - ok
21:39:15.0628 4228        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:39:15.0628 4228        NdisCap - ok
21:39:15.0737 4228        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:39:15.0737 4228        NdisTapi - ok
21:39:15.0831 4228        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:39:15.0831 4228        Ndisuio - ok
21:39:15.0924 4228        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:39:15.0924 4228        NdisWan - ok
21:39:16.0018 4228        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:39:16.0018 4228        NDProxy - ok
21:39:16.0111 4228        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:39:16.0111 4228        NetBIOS - ok
21:39:16.0221 4228        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:39:16.0236 4228        NetBT - ok
21:39:16.0299 4228        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:39:16.0299 4228        Netlogon - ok
21:39:16.0392 4228        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:39:16.0392 4228        Netman - ok
21:39:16.0470 4228        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:39:16.0486 4228        netprofm - ok
21:39:16.0579 4228        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:39:16.0579 4228        NetTcpPortSharing - ok
21:39:16.0673 4228        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:39:16.0673 4228        nfrd960 - ok
21:39:16.0798 4228        NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:39:16.0798 4228        NisDrv - ok
21:39:16.0923 4228        NisSrv          (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
21:39:16.0923 4228        NisSrv - ok
21:39:17.0016 4228        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:39:17.0032 4228        NlaSvc - ok
21:39:17.0110 4228        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:39:17.0110 4228        Npfs - ok
21:39:17.0188 4228        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:39:17.0188 4228        nsi - ok
21:39:17.0297 4228        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:39:17.0297 4228        nsiproxy - ok
21:39:17.0437 4228        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:39:17.0453 4228        Ntfs - ok
21:39:17.0547 4228        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:39:17.0547 4228        Null - ok
21:39:17.0640 4228        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:39:17.0640 4228        nvraid - ok
21:39:17.0749 4228        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:39:17.0749 4228        nvstor - ok
21:39:17.0843 4228        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:39:17.0859 4228        nv_agp - ok
21:39:17.0952 4228        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:39:17.0968 4228        odserv - ok
21:39:18.0061 4228        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:39:18.0061 4228        ohci1394 - ok
21:39:18.0124 4228        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:39:18.0124 4228        ose - ok
21:39:18.0264 4228        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:39:18.0280 4228        p2pimsvc - ok
21:39:18.0373 4228        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:39:18.0373 4228        p2psvc - ok
21:39:18.0451 4228        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:39:18.0467 4228        Parport - ok
21:39:18.0545 4228        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:39:18.0545 4228        partmgr - ok
21:39:18.0623 4228        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:39:18.0639 4228        PcaSvc - ok
21:39:18.0732 4228        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:39:18.0732 4228        pci - ok
21:39:18.0826 4228        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:39:18.0826 4228        pciide - ok
21:39:18.0935 4228        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:39:18.0951 4228        pcmcia - ok
21:39:19.0060 4228        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:39:19.0060 4228        pcw - ok
21:39:19.0216 4228        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:39:19.0216 4228        PEAUTH - ok
21:39:19.0512 4228        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:39:19.0512 4228        PerfHost - ok
21:39:19.0699 4228        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:39:19.0840 4228        pla - ok
21:39:19.0933 4228        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:39:19.0949 4228        PlugPlay - ok
21:39:20.0027 4228        PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
21:39:20.0058 4228        PMBDeviceInfoProvider - ok
21:39:20.0136 4228        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:39:20.0136 4228        PNRPAutoReg - ok
21:39:20.0214 4228        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:39:20.0214 4228        PNRPsvc - ok
21:39:20.0308 4228        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:39:20.0323 4228        PolicyAgent - ok
21:39:20.0401 4228        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:39:20.0417 4228        Power - ok
21:39:20.0511 4228        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:39:20.0511 4228        PptpMiniport - ok
21:39:20.0604 4228        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:39:20.0604 4228        Processor - ok
21:39:20.0698 4228        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:39:20.0698 4228        ProfSvc - ok
21:39:20.0776 4228        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:39:20.0791 4228        ProtectedStorage - ok
21:39:20.0885 4228        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:39:20.0885 4228        Psched - ok
21:39:20.0932 4228        PSI_SVC_2      (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
21:39:20.0947 4228        PSI_SVC_2 - ok
21:39:21.0088 4228        PxHlpa64        (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
21:39:21.0088 4228        PxHlpa64 - ok
21:39:21.0197 4228        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:39:21.0213 4228        ql2300 - ok
21:39:21.0306 4228        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:39:21.0306 4228        ql40xx - ok
21:39:21.0384 4228        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:39:21.0400 4228        QWAVE - ok
21:39:21.0478 4228        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:39:21.0493 4228        QWAVEdrv - ok
21:39:21.0571 4228        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:39:21.0571 4228        RasAcd - ok
21:39:21.0665 4228        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:39:21.0665 4228        RasAgileVpn - ok
21:39:21.0727 4228        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:39:21.0743 4228        RasAuto - ok
21:39:21.0837 4228        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:39:21.0837 4228        Rasl2tp - ok
21:39:21.0946 4228        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:39:21.0946 4228        RasMan - ok
21:39:22.0039 4228        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:39:22.0039 4228        RasPppoe - ok
21:39:22.0117 4228        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:39:22.0133 4228        RasSstp - ok
21:39:22.0227 4228        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:39:22.0227 4228        rdbss - ok
21:39:22.0320 4228        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:39:22.0320 4228        rdpbus - ok
21:39:22.0414 4228        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:39:22.0414 4228        RDPCDD - ok
21:39:22.0507 4228        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:39:22.0507 4228        RDPENCDD - ok
21:39:22.0601 4228        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:39:22.0601 4228        RDPREFMP - ok
21:39:22.0695 4228        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:39:22.0695 4228        RDPWD - ok
21:39:22.0788 4228        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:39:22.0804 4228        rdyboost - ok
21:39:22.0913 4228        Realtek87B      (bbfcac1c23b867ae5d7ef96df40680c5) C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
21:39:22.0913 4228        Realtek87B - ok
21:39:23.0007 4228        regi            (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
21:39:23.0007 4228        regi - ok
21:39:23.0085 4228        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:39:23.0085 4228        RemoteAccess - ok
21:39:23.0147 4228        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:39:23.0163 4228        RemoteRegistry - ok
21:39:23.0256 4228        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:39:23.0256 4228        RFCOMM - ok
21:39:23.0350 4228        rimspci        (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\drivers\rimssne64.sys
21:39:23.0350 4228        rimspci - ok
21:39:23.0443 4228        risdsnpe        (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\drivers\risdsne64.sys
21:39:23.0443 4228        risdsnpe - ok
21:39:23.0506 4228        RivaTuner64    (a10b40cf9eb57d24e44717a2d38a00f4) D:\OverClocking\RivaTuner v2.24\RivaTuner64.sys
21:39:23.0506 4228        RivaTuner64 - ok
21:39:23.0599 4228        Roxio UPnP Renderer 10 (d151224bc11078895a60fa970728ff59) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
21:39:23.0599 4228        Roxio UPnP Renderer 10 - ok
21:39:23.0724 4228        Roxio Upnp Server 10 (5022a927944878bd750960bd21e751af) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
21:39:23.0740 4228        Roxio Upnp Server 10 - ok
21:39:23.0818 4228        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:39:23.0833 4228        RpcEptMapper - ok
21:39:23.0896 4228        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:39:23.0896 4228        RpcLocator - ok
21:39:23.0989 4228        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:39:23.0989 4228        RpcSs - ok
21:39:24.0083 4228        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:39:24.0083 4228        rspndr - ok
21:39:24.0177 4228        RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\Windows\system32\drivers\RtHDMIVX.sys
21:39:24.0177 4228        RTHDMIAzAudService - ok
21:39:24.0301 4228        RTL8187        (333224d4d25f9bcca488e08345083e1c) C:\Windows\system32\DRIVERS\rtl8187.sys
21:39:24.0301 4228        RTL8187 - ok
21:39:24.0442 4228        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:39:24.0442 4228        SamSs - ok
21:39:24.0442 4228        SANDRA - ok
21:39:24.0535 4228        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:39:24.0535 4228        sbp2port - ok
21:39:24.0613 4228        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:39:24.0629 4228        SCardSvr - ok
21:39:24.0723 4228        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:39:24.0723 4228        scfilter - ok
21:39:24.0801 4228        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:39:24.0832 4228        Schedule - ok
21:39:24.0910 4228        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:39:24.0910 4228        SCPolicySvc - ok
21:39:25.0003 4228        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
21:39:25.0003 4228        sdbus - ok
21:39:25.0081 4228        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:39:25.0097 4228        SDRSVC - ok
21:39:25.0175 4228        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:39:25.0175 4228        secdrv - ok
21:39:25.0253 4228        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:39:25.0253 4228        seclogon - ok
21:39:25.0284 4228        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:39:25.0284 4228        SENS - ok
21:39:25.0362 4228        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:39:25.0362 4228        SensrSvc - ok
21:39:25.0440 4228        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:39:25.0440 4228        Serenum - ok
21:39:25.0534 4228        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:39:25.0549 4228        Serial - ok
21:39:25.0643 4228        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:39:25.0643 4228        sermouse - ok
21:39:25.0737 4228        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:39:25.0752 4228        SessionEnv - ok
21:39:25.0830 4228        SFEP            (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\drivers\SFEP.sys
21:39:25.0830 4228        SFEP - ok
21:39:25.0924 4228        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:39:25.0924 4228        sffdisk - ok
21:39:26.0017 4228        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:39:26.0017 4228        sffp_mmc - ok
21:39:26.0095 4228        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:39:26.0095 4228        sffp_sd - ok
21:39:26.0189 4228        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:39:26.0189 4228        sfloppy - ok
21:39:26.0298 4228        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:39:26.0298 4228        SharedAccess - ok
21:39:26.0407 4228        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:39:26.0407 4228        ShellHWDetection - ok
21:39:26.0501 4228        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:39:26.0501 4228        SiSRaid2 - ok
21:39:26.0595 4228        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:39:26.0595 4228        SiSRaid4 - ok
21:39:26.0688 4228        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:39:26.0688 4228        Smb - ok
21:39:26.0766 4228        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:39:26.0766 4228        SNMPTRAP - ok
21:39:26.0844 4228        SOHCImp        (c3e69db0a4e59564230e053232f39ac7) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
21:39:26.0860 4228        SOHCImp - ok
21:39:26.0922 4228        SOHDms          (65cc4779a29c3e82b987bd4961790dff) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
21:39:26.0938 4228        SOHDms - ok
21:39:26.0969 4228        SOHDs          (f47d75cee1844eef4a9ea6ee768828fb) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
21:39:26.0969 4228        SOHDs - ok
21:39:27.0047 4228        speedfan        (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
21:39:27.0047 4228        speedfan - ok
21:39:27.0219 4228        SpfService      (65e5659e9c2a0762d05657c0e22a7ca2) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
21:39:27.0219 4228        SpfService - ok
21:39:27.0328 4228        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:39:27.0328 4228        spldr - ok
21:39:27.0406 4228        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:39:27.0421 4228        Spooler - ok
21:39:27.0562 4228        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:39:27.0640 4228        sppsvc - ok
21:39:27.0718 4228        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:39:27.0733 4228        sppuinotify - ok
21:39:27.0827 4228        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:39:27.0827 4228        srv - ok
21:39:27.0936 4228        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:39:27.0936 4228        srv2 - ok
21:39:28.0045 4228        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:39:28.0045 4228        srvnet - ok
21:39:28.0123 4228        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:39:28.0123 4228        SSDPSRV - ok
21:39:28.0217 4228        SSPORT          (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
21:39:28.0217 4228        SSPORT - ok
21:39:28.0279 4228        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:39:28.0295 4228        SstpSvc - ok
21:39:28.0560 4228        ssudmdm        (c683e87ac3f8eb55735338a6ad5cc096) C:\Windows\system32\DRIVERS\ssudmdm.sys
21:39:28.0560 4228        ssudmdm - ok
21:39:28.0654 4228        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:39:28.0654 4228        stexstor - ok
21:39:28.0732 4228        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:39:28.0747 4228        stisvc - ok
21:39:28.0841 4228        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:39:28.0841 4228        swenum - ok
21:39:28.0919 4228        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:39:28.0935 4228        swprv - ok
21:39:29.0091 4228        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:39:29.0137 4228        SysMain - ok
21:39:29.0247 4228        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:39:29.0247 4228        TabletInputService - ok
21:39:29.0340 4228        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:39:29.0356 4228        TapiSrv - ok
21:39:29.0496 4228        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:39:29.0496 4228        TBS - ok
21:39:29.0683 4228        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:39:29.0746 4228        Tcpip - ok
21:39:29.0886 4228        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:39:29.0902 4228        TCPIP6 - ok
21:39:30.0027 4228        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:39:30.0042 4228        tcpipreg - ok
21:39:30.0136 4228        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:39:30.0136 4228        TDPIPE - ok
21:39:30.0214 4228        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:39:30.0214 4228        TDTCP - ok
21:39:30.0323 4228        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:39:30.0323 4228        tdx - ok
21:39:30.0432 4228        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:39:30.0448 4228        TermDD - ok
21:39:30.0588 4228        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:39:30.0588 4228        TermService - ok
21:39:30.0713 4228        TFsExDisk      (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
21:39:30.0713 4228        TFsExDisk - ok
21:39:30.0791 4228        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:39:30.0807 4228        Themes - ok
21:39:30.0885 4228        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:39:30.0900 4228        THREADORDER - ok
21:39:31.0041 4228        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:39:31.0041 4228        TrkWks - ok
21:39:31.0134 4228        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:39:31.0134 4228        TrustedInstaller - ok
21:39:31.0243 4228        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:39:31.0243 4228        tssecsrv - ok
21:39:31.0415 4228        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:39:31.0415 4228        TsUsbFlt - ok
21:39:31.0524 4228        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:39:31.0524 4228        tunnel - ok
21:39:31.0665 4228        TVICHW64        (1a006963644c7fde5be60036f3a43e68) C:\Windows\system32\DRIVERS\TVICHW64.SYS
21:39:31.0665 4228        TVICHW64 - ok
21:39:31.0774 4228        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:39:31.0774 4228        uagp35 - ok
21:39:31.0852 4228        uCamMonitor    (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
21:39:31.0867 4228        uCamMonitor - ok
21:39:31.0992 4228        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:39:31.0992 4228        udfs - ok
21:39:32.0008 4228        ufad-ws60 - ok
21:39:32.0117 4228        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:39:32.0117 4228        UI0Detect - ok
21:39:32.0226 4228        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:39:32.0226 4228        uliagpkx - ok
21:39:32.0320 4228        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:39:32.0335 4228        umbus - ok
21:39:32.0429 4228        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:39:32.0429 4228        UmPass - ok
21:39:32.0569 4228        UNS            (9e89c2d6945389270de067ce51ff7425) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:39:32.0585 4228        UNS - ok
21:39:32.0694 4228        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:39:32.0710 4228        upnphost - ok
21:39:32.0803 4228        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:39:32.0819 4228        usbccgp - ok
21:39:32.0913 4228        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:39:32.0913 4228        usbcir - ok
21:39:33.0006 4228        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:39:33.0006 4228        usbehci - ok
21:39:33.0100 4228        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:39:33.0100 4228        usbhub - ok
21:39:33.0193 4228        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:39:33.0193 4228        usbohci - ok
21:39:33.0287 4228        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:39:33.0287 4228        usbprint - ok
21:39:33.0396 4228        usbrndis6      (54eaffd31c377c8c1055d33e6b6b4b27) C:\Windows\system32\DRIVERS\usb80236.sys
21:39:33.0396 4228        usbrndis6 - ok
21:39:33.0490 4228        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:39:33.0490 4228        usbscan - ok
21:39:33.0646 4228        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:39:33.0646 4228        USBSTOR - ok
21:39:33.0724 4228        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:39:33.0724 4228        usbuhci - ok
21:39:33.0833 4228        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:39:33.0849 4228        usbvideo - ok
21:39:33.0942 4228        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:39:33.0942 4228        UxSms - ok
21:39:34.0005 4228        VAIO Entertainment TV Device Arbitration Service (8e68e4aa2d7abbf7c9159d9d2a38ae0f) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
21:39:34.0005 4228        VAIO Entertainment TV Device Arbitration Service - ok
21:39:34.0083 4228        VAIO Event Service (6b31c9cb94927dbeeb62e15275f4cc54) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
21:39:34.0098 4228        VAIO Event Service - ok
21:39:34.0192 4228        VAIO Power Management (b8c9a7010afd5cbbe194cb9ef7c4fd14) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
21:39:34.0192 4228        VAIO Power Management - ok
21:39:34.0301 4228        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:39:34.0301 4228        VaultSvc - ok
21:39:34.0379 4228        VCFw            (d00058c1fff3f3de990444a5734e9639) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
21:39:34.0395 4228        VCFw - ok
21:39:34.0519 4228        VcmIAlzMgr      (f19275655b42086c884abcdae2c659ae) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
21:39:34.0519 4228        VcmIAlzMgr - ok
21:39:34.0613 4228        VcmINSMgr      (cbb9f0d1017e0bed4cb5bbc0ebf26dc1) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
21:39:34.0629 4228        VcmINSMgr - ok
21:39:34.0691 4228        VcmXmlIfHelper  (32a3735f6874b7783c6209ed5ca36d9d) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
21:39:34.0691 4228        VcmXmlIfHelper - ok
21:39:34.0785 4228        VCService      (d347d3abe070aa09c22fc37121555d52) C:\Program Files\Sony\VAIO Care\VCService.exe
21:39:34.0785 4228        VCService - ok
21:39:34.0894 4228        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:39:34.0894 4228        vdrvroot - ok
21:39:34.0987 4228        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:39:35.0003 4228        vds - ok
21:39:35.0097 4228        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:39:35.0097 4228        vga - ok
21:39:35.0190 4228        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:39:35.0190 4228        VgaSave - ok
21:39:35.0315 4228        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:39:35.0315 4228        vhdmp - ok
21:39:35.0409 4228        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:39:35.0409 4228        viaide - ok
21:39:35.0424 4228        VMAuthdService - ok
21:39:35.0518 4228        vmci            (379b54bac83b6972e20d4fe29dd90af9) C:\Windows\system32\drivers\vmci.sys
21:39:35.0518 4228        vmci - ok
21:39:35.0611 4228        vmkbd2          (0e015ba3d40af89005aedda2563bda4e) C:\Windows\system32\drivers\VMkbd.sys
21:39:35.0611 4228        vmkbd2 - ok
21:39:35.0736 4228        VMnetAdapter    (3c37a81c995aee1802c9d8dd9ea0e835) C:\Windows\system32\DRIVERS\vmnetadapter.sys
21:39:35.0736 4228        VMnetAdapter - ok
21:39:35.0845 4228        VMnetBridge    (d3b25ed3a6796fe3078475d8cfcd6024) C:\Windows\system32\DRIVERS\vmnetbridge.sys
21:39:35.0861 4228        VMnetBridge - ok
21:39:35.0923 4228        VMnetDHCP - ok
21:39:36.0033 4228        VMnetuserif    (bffec8f43973cb5bace5f3cfac2896dc) C:\Windows\system32\drivers\vmnetuserif.sys
21:39:36.0033 4228        VMnetuserif - ok
21:39:36.0157 4228        vmusb          (5d5c96c4ad3cfcffb8d5691dd749322a) C:\Windows\system32\Drivers\vmusb.sys
21:39:36.0157 4228        vmusb - ok
21:39:36.0220 4228        VMware NAT Service - ok
21:39:36.0313 4228        vmx86          (e683ff4a612e35d584b33a6060a87692) C:\Windows\system32\drivers\vmx86.sys
21:39:36.0313 4228        vmx86 - ok
21:39:36.0407 4228        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:39:36.0407 4228        volmgr - ok
21:39:36.0516 4228        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:39:36.0532 4228        volmgrx - ok
21:39:36.0657 4228        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:39:36.0672 4228        volsnap - ok
21:39:36.0750 4228        vpnagent        (5ea22cb6b100212837a97f281edb3c47) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
21:39:36.0750 4228        vpnagent - ok
21:39:36.0859 4228        vpnva          (0e4df91e83da5739ffb18535d4db10aa) C:\Windows\system32\DRIVERS\vpnva64.sys
21:39:36.0859 4228        vpnva - ok
21:39:36.0953 4228        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:39:36.0969 4228        vsmraid - ok
21:39:37.0109 4228        VSNService      (047f22bdfdae6df6f1e47e747a1237a2) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
21:39:37.0125 4228        VSNService - ok
21:39:37.0249 4228        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:39:37.0265 4228        VSS - ok
21:39:37.0483 4228        vstor2-ws60 - ok
21:39:37.0608 4228        VUAgent        (d62d16e057be87f5b84a54d1b83822c4) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
21:39:37.0624 4228        VUAgent - ok
21:39:37.0717 4228        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:39:37.0717 4228        vwifibus - ok
21:39:37.0811 4228        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:39:37.0811 4228        vwififlt - ok
21:39:37.0905 4228        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:39:37.0905 4228        vwifimp - ok
21:39:37.0983 4228        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:39:37.0998 4228        W32Time - ok
21:39:38.0092 4228        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:39:38.0092 4228        WacomPen - ok
21:39:38.0185 4228        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:38.0185 4228        WANARP - ok
21:39:38.0201 4228        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:39:38.0201 4228        Wanarpv6 - ok
21:39:38.0326 4228        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:39:38.0341 4228        WatAdminSvc - ok
21:39:38.0451 4228        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:39:38.0482 4228        wbengine - ok
21:39:38.0560 4228        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:39:38.0575 4228        WbioSrvc - ok
21:39:38.0669 4228        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:39:38.0685 4228        wcncsvc - ok
21:39:38.0763 4228        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:39:38.0763 4228        WcsPlugInService - ok
21:39:38.0856 4228        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:39:38.0856 4228        Wd - ok
21:39:38.0965 4228        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:39:38.0965 4228        Wdf01000 - ok
21:39:39.0059 4228        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:39:39.0059 4228        WdiServiceHost - ok
21:39:39.0059 4228        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:39:39.0075 4228        WdiSystemHost - ok
21:39:39.0153 4228        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:39:39.0153 4228        WebClient - ok
21:39:39.0246 4228        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:39:39.0246 4228        Wecsvc - ok
21:39:39.0324 4228        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:39:39.0324 4228        wercplsupport - ok
21:39:39.0402 4228        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:39:39.0402 4228        WerSvc - ok
21:39:39.0496 4228        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:39:39.0496 4228        WfpLwf - ok
21:39:39.0589 4228        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:39:39.0589 4228        WIMMount - ok
21:39:39.0621 4228        WinDefend - ok
21:39:39.0636 4228        WinHttpAutoProxySvc - ok
21:39:39.0730 4228        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:39:39.0730 4228        Winmgmt - ok
21:39:39.0855 4228        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:39:39.0886 4228        WinRM - ok
21:39:39.0979 4228        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:39:39.0979 4228        WinUsb - ok
21:39:40.0073 4228        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:39:40.0089 4228        Wlansvc - ok
21:39:40.0182 4228        wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:39:40.0182 4228        wlcrasvc - ok
21:39:40.0323 4228        wlidsvc        (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:39:40.0354 4228        wlidsvc - ok
21:39:40.0463 4228        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:39:40.0463 4228        WmiAcpi - ok
21:39:40.0572 4228        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:39:40.0572 4228        wmiApSrv - ok
21:39:40.0619 4228        WMPNetworkSvc - ok
21:39:40.0713 4228        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:39:40.0713 4228        WPCSvc - ok
21:39:40.0822 4228        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:39:40.0822 4228        WPDBusEnum - ok
21:39:40.0915 4228        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:39:40.0915 4228        ws2ifsl - ok
21:39:40.0993 4228        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:39:41.0009 4228        wscsvc - ok
21:39:41.0056 4228        WSearch - ok
21:39:41.0149 4228        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:39:41.0196 4228        wuauserv - ok
21:39:41.0290 4228        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:39:41.0290 4228        WudfPf - ok
21:39:41.0383 4228        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:39:41.0399 4228        WUDFRd - ok
21:39:41.0477 4228        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:39:41.0477 4228        wudfsvc - ok
21:39:41.0571 4228        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:39:41.0571 4228        WwanSvc - ok
21:39:41.0680 4228        yukonw7        (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
21:39:41.0680 4228        yukonw7 - ok
21:39:41.0805 4228        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:39:41.0867 4228        \Device\Harddisk0\DR0 - ok
21:39:41.0867 4228        Boot (0x1200)  (31886c94391e3dd54a2e82a4ac87885b) \Device\Harddisk0\DR0\Partition0
21:39:41.0867 4228        \Device\Harddisk0\DR0\Partition0 - ok
21:39:41.0883 4228        Boot (0x1200)  (86f433e3df0eff3de5de0b5e2e6b7bef) \Device\Harddisk0\DR0\Partition1
21:39:41.0883 4228        \Device\Harddisk0\DR0\Partition1 - ok
21:39:41.0914 4228        Boot (0x1200)  (b750c2cae0857e71fead3658d419b0d5) \Device\Harddisk0\DR0\Partition2
21:39:41.0914 4228        \Device\Harddisk0\DR0\Partition2 - ok
21:39:41.0914 4228        ============================================================
21:39:41.0914 4228        Scan finished
21:39:41.0914 4228        ============================================================
21:39:41.0929 5100        Detected object count: 0
21:39:41.0929 5100        Actual detected object count: 0

cosinus 08.04.2012 16:19
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

hummel1980 09.04.2012 12:29
Hallo,

Combofix Log

Code:
ComboFix 12-04-08.02 - Alex 09.04.2012  12:13:01.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3950.2620 [GMT 2:00]
ausgeführt von:: c:\users\Alex\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\JMHL Loader
c:\programdata\Microsoft\Windows\Start Menu\Programs\Scanner
c:\programdata\Microsoft\Windows\Start Menu\Programs\Scanner\SmarThru 4 Bild-Editor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Scanner\SmarThru 4 deinstallieren.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Scanner\SmarThru 4.lnk
c:\programdata\xmlA737.tmp
c:\programdata\xmlA8BE.tmp
c:\programdata\xmlA90D.tmp
c:\programdata\xmlB28.tmp
c:\programdata\xmlE73.tmp
c:\programdata\xmlF20.tmp
c:\users\Alex\AppData\Roaming\.#
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-09 bis 2012-04-09  ))))))))))))))))))))))))))))))
.
.
2012-04-09 10:33 . 2012-04-09 10:33        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-04-08 11:51 . 2012-03-14 03:27        8669240        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F72C9B68-2223-4482-A497-2B5381B7482D}\mpengine.dll
2012-04-06 20:36 . 2012-04-06 20:36        --------        d-----w-        c:\program files (x86)\ESET
2012-04-06 08:31 . 2012-04-06 08:31        --------        d-----w-        c:\users\Alex\AppData\Roaming\Malwarebytes
2012-04-06 08:31 . 2012-04-06 08:31        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-06 08:31 . 2012-04-06 08:31        --------        d-----w-        c:\programdata\Malwarebytes
2012-04-06 08:31 . 2011-12-10 13:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-28 20:06 . 2012-03-28 20:23        --------        d-----w-        c:\users\Alex\AppData\Roaming\Mp3tag
2012-03-28 19:47 . 2012-03-28 19:47        --------        d-----w-        c:\program files\ATI
2012-03-14 09:56 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-14 09:56 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 09:56 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 09:54 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 09:54 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 09:54 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-14 09:54 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-14 09:54 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-14 09:54 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-03-14 09:54 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-14 09:54 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-14 09:54 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-14 09:54 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 03:27 . 2012-01-25 14:25        8669240        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-25 21:26 . 2010-03-01 18:40        952        --sha-w-        c:\programdata\KGyGaAvL.sys
2012-02-23 16:23 . 2011-01-20 19:40        258520        ----a-w-        c:\windows\system32\aswBoot.exe
2012-02-13 09:01 . 2012-02-13 09:01        927800        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9B3AB653-5A0D-4EB6-AE77-C4CDC68AC678}\gapaengine.dll
2012-01-31 12:44 . 2010-10-03 15:40        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-23 20:59 . 2012-02-13 09:01        917840        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-01-21 16:50 . 2012-01-21 16:42        181064        ----a-w-        c:\windows\PSEXESVC.EXE
2012-01-10 14:53 . 2012-01-10 14:53        1179595        ----a-w-        c:\windows\unins001.exe
2012-01-10 14:50 . 2011-05-28 21:00        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-10 14:50 . 2012-01-10 14:50        525544        ----a-w-        c:\windows\system32\deployJava1.dll
2012-01-10 14:48 . 2010-05-13 15:41        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-01-10 14:44 . 2012-01-10 14:44        1199175        ----a-w-        c:\windows\unins000.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        94208        ----a-w-        c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        94208        ----a-w-        c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        94208        ----a-w-        c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-26 320880]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
Google Calendar Sync.lnk - d:\handy\Google Calender Sync\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 21:03        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AODDriver;AODDriver;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver.sys [x]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 cpuz130;cpuz130;c:\users\Alex\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RivaTuner64;RivaTuner64;d:\overclocking\RivaTuner v2.24\RivaTuner64.sys [2010-03-01 19952]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [x]
R3 usbrndis6;USB-RNDIS6-Adapter;c:\windows\system32\DRIVERS\usb80236.sys [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-18 99104]
R3 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 Realtek87B;Realtek87B;c:\program files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-14 2320920]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-30 571248]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17        97792        ----a-w-        c:\users\Alex\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: SmarThru4 Als HTML speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Auswahl erfassen - c:\program files (x86)\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Markierten Text speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\WebCapture.dll
LSP: d:\vmware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.2.1
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-118624394-4124834387-1832857713-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-118624394-4124834387-1832857713-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-118624394-4124834387-1832857713-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf"
.
[HKEY_USERS\S-1-5-21-118624394-4124834387-1832857713-1000\Software\SecuROM\License information*]
"datasecu"=hex:ba,b9,fa,b0,5a,f9,cd,75,f2,6b,a1,3f,d0,70,b2,b8,90,c8,ac,6d,ad,
  ac,d3,02,33,b3,fa,00,64,41,51,c7,6a,03,8d,1f,d6,db,06,1a,41,ec,46,0c,a9,78,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-09  12:34:43
ComboFix-quarantined-files.txt  2012-04-09 10:34
.
Vor Suchlauf: 13 Verzeichnis(se), 103.541.092.352 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 103.387.492.352 Bytes frei
.
- - End Of File - - 11D1A5FCF4F2688534AF6E4D9F69A9CD

Danke:daumenhoc


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:59 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131