Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Artemis Trojaner Beseitigung (https://www.trojaner-board.de/117056-artemis-trojaner-beseitigung.html)

JeS 11.06.2012 15:10
Artemis Trojaner Beseitigung
 
Hallo,
ich versuche mich an die Checkliste zu halten, um Eure Geduld nicht unnötig zu strapazieren. Aber ich habe keine Ahnung von Trojanern & Co. und brauche daher Hilfe. :heilig:

Ich hab Avira Free Antivirus als Virenschutzprogramm installiert, und hatte McAffee (war auf dem PC vorinstalliert, kostenfrei, Festplatte wurde regelmäßig automatisch gescannt). Letzteres gab mir eine Warnmeldung bei einem Scan, ich hätte einen Trojaner: Artemis und irgendeine Zahlenfolge. Und wenn ich mich recht erinnere, wurde folgender Link angegeben: C:\Users\Jessica\AppData\Local\Temp\1352388.dll
Ich hab die Warnmeldung leider nicht gespeichert und McAffee deinstalliert, da ich gelesen hab, zwei Programme können sich behindern.
Also erfolgte ein Update von Avira und ein Scan, der mir zwar 28 Warnungen zu kennwortgeschützten Datein gebracht hat (die nicht ich geschützt hab, soweit ich das sehe), aber keinen Trojaner anzeigte.

Also befolge ich jetzt ganz artig Eure Checkliste und Eure Ratschläge... :o

OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 11.06.2012 14:07:56 - Run 2
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Users\Jessica\Desktop
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,56 Mb Total Physical Memory | 267,91 Mb Available Physical Memory | 29,95% Memory free
2,00 Gb Paging File | 0,90 Gb Available in Paging File | 45,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,59 Gb Total Space | 106,15 Gb Free Space | 46,64% Space Free | Partition Type: NTFS
 
Computer Name: JESSICA-PC | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jessica\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\MobMapUpdater\MobMapUpdater.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Programme\Common Files\Lenovo\Logger\logmon.exe ()
PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
PRC - C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Windows\System32\PELMICED.EXE (Primax Electronics Ltd.)
PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Jessica\AppData\Local\Temp\1352388.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxslt.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programme\ICQ7.2\MDb.dll ()
MOD - C:\Users\Jessica\AppData\Local\Temp\CmdLineExt03.dll ()
MOD - C:\Programme\MobMapUpdater\MobMapUpdater.exe ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\PSPad editor\PSPadShell.dll ()
MOD - C:\Programme\Common Files\Lenovo\CDRecord.dll ()
MOD - C:\Programme\Common Files\Lenovo\xml4cmessages5_5.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\System32\DLAAPI_W.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (tvtnetwk) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (IPSSVC) -- C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ldiskl) -- C:\Users\Jessica\AppData\Local\Temp\ldiskl.sys ()
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (PROCDD) -- C:\Windows\System32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (pelusblf) -- C:\Windows\System32\drivers\PELUSBLF.SYS (Primax Electronics Ltd.)
DRV - (pelmouse) -- C:\Windows\System32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D8994606-7F13-4A62-90A6-AD34D52079DB}
IE - HKLM\..\SearchScopes\{D8994606-7F13-4A62-90A6-AD34D52079DB}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kaninchenschutzforum.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{D8994606-7F13-4A62-90A6-AD34D52079DB}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.06 17:44:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.05 16:02:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.18 09:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.04.22 21:30:35 | 000,000,000 | ---D | M]
 
[2010.08.27 00:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\mozilla\Extensions
[2010.08.27 00:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.02 21:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\cct9xnkl.default\extensions
[2010.09.18 18:33:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\cct9xnkl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.24 00:17:45 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\cct9xnkl.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.06.08 21:52:18 | 000,000,944 | ---- | M] () -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\cct9xnkl.default\searchplugins\icqplugin.xml
[2012.06.06 17:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.06 17:44:24 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.24 09:57:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.24 09:57:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.24 09:57:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.24 09:57:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.24 09:57:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.24 09:57:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [MobMapUpdater] C:\Program Files\MobMapUpdater\MobMapUpdater.exe ()
O4 - HKCU..\Run: [office] C:\Users\Jessica\AppData\Local\Temp\1352388.dll ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Programme\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57830F4C-ABCE-4441-8D3A-66A271F11368}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{874A84A7-FB13-4667-8D00-383368682399}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3ED041C-EEB7-4C10-8D21-76E3E83BF2F9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.11 13:46:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
[2012.06.09 23:17:23 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Local\Macromedia
[2012.06.05 16:02:04 | 000,476,960 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.06.05 16:02:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.06.05 16:02:03 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.06.05 16:02:02 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.12.19 10:31:25 | 001,159,680 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\ur.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.11 14:05:01 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.06.11 13:59:09 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 13:59:09 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 13:51:16 | 000,302,592 | ---- | M] () -- C:\Users\Jessica\Desktop\891g4vti.exe
[2012.06.11 13:46:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
[2012.06.11 13:45:01 | 000,000,000 | ---- | M] () -- C:\Users\Jessica\defogger_reenable
[2012.06.11 13:42:50 | 000,050,477 | ---- | M] () -- C:\Users\Jessica\Desktop\Defogger.exe
[2012.06.11 13:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.11 09:01:38 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2012.06.11 08:59:21 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.06.11 08:59:15 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2012.06.11 08:59:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.11 08:58:52 | 938,663,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.09 22:09:41 | 000,708,082 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.09 22:09:41 | 000,664,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.09 22:09:41 | 000,144,434 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.09 22:09:41 | 000,124,938 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.09 21:54:41 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.09 21:54:41 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.05 16:01:42 | 000,476,960 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012.06.05 16:01:42 | 000,472,864 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.06.05 16:01:42 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.06.05 16:01:42 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.06.05 16:01:42 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.05.28 10:17:16 | 000,001,356 | ---- | M] () -- C:\Users\Jessica\AppData\Local\d3d9caps.dat
[2012.05.24 15:18:53 | 000,025,715 | ---- | M] () -- C:\Users\Jessica\***.elfo
 
========== Files Created - No Company Name ==========
 
[2012.06.11 13:51:12 | 000,302,592 | ---- | C] () -- C:\Users\Jessica\Desktop\891g4vti.exe
[2012.06.11 13:45:01 | 000,000,000 | ---- | C] () -- C:\Users\Jessica\defogger_reenable
[2012.06.11 13:42:12 | 000,050,477 | ---- | C] () -- C:\Users\Jessica\Desktop\Defogger.exe
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.18 07:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.11.13 15:19:26 | 000,000,466 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.17 23:05:52 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.12.19 10:31:27 | 000,000,160 | ---- | C] () -- C:\Program Files\Common Files\c.reg
[2010.09.06 15:11:34 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.09.06 15:11:28 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
 
========== LOP Check ==========
 
[2010.02.17 18:12:41 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Buhl Data Service
[2012.05.06 14:16:54 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\elsterformular
[2012.02.23 23:53:57 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\FileZilla
[2012.06.11 09:02:21 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ICQ
[2010.08.22 14:27:13 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\InterTrust
[2009.08.22 22:06:26 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\InterVideo
[2008.07.14 00:35:14 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Lenovo
[2009.05.03 13:38:24 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\MobMapUpdater
[2009.03.25 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Nvu
[2011.12.07 20:56:14 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\OpenOffice.org
[2010.04.30 20:55:45 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ScummVM
[2010.07.03 10:46:19 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\T-Online
[2010.08.27 00:58:23 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Thunderbird
[2012.06.11 14:05:01 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.06.10 23:00:57 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---

Extras.txt:OTL Logfile:
Code:
OTL Extras logfile created on: 11.06.2012 14:07:56 - Run 2
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Users\Jessica\Desktop
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,56 Mb Total Physical Memory | 267,91 Mb Available Physical Memory | 29,95% Memory free
2,00 Gb Paging File | 0,90 Gb Available in Paging File | 45,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,59 Gb Total Space | 106,15 Gb Free Space | 46,64% Space Free | Partition Type: NTFS
 
Computer Name: JESSICA-PC | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AAFB2F5-D408-434C-83D5-E2A6C9206AEF}" = lport=6897 | protocol=6 | dir=in | name=warcraft |
"{10FA7BB8-4C69-43C5-AA68-5F890A65F0C7}" = lport=137 | protocol=17 | dir=in | app=system |
"{15C811C1-A9AD-492A-8BEF-863C43AFE70E}" = lport=6892 | protocol=6 | dir=in | name=warcraft |
"{22762B39-1792-4341-9CF8-4DC1E141D5D9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{246642D0-4D51-4AC1-AB57-55496A2838E1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{27282EAB-4EA8-4A21-BF52-0F6DF67BA6E2}" = lport=6888 | protocol=6 | dir=in | name=warcraft |
"{2C228E56-96DC-4FBA-9A8C-15BE2AE60D7E}" = lport=6894 | protocol=6 | dir=in | name=warcraft |
"{3E4A2641-1175-47C6-9E16-832F3C5FEDE7}" = lport=6893 | protocol=6 | dir=in | name=warcraft |
"{437863D8-6B00-4923-A83A-4DC583987F79}" = lport=6886 | protocol=6 | dir=in | name=warcraft |
"{49356645-1649-4D03-ADDB-8CAE64F1F913}" = lport=6883 | protocol=6 | dir=in | name=warcraft |
"{4A496971-899A-44A2-B58E-BA55ACE467FA}" = lport=6884 | protocol=6 | dir=in | name=warcraft |
"{5E17228D-7E86-4797-A73F-AEC8C5545C83}" = lport=6899 | protocol=6 | dir=in | name=warcraft |
"{660F5554-49FA-4619-BC07-F63F0FAD33CF}" = lport=6881 | protocol=6 | dir=in | name=warcraft |
"{6D334C3B-0D71-4A5F-BCF1-117E3A717272}" = rport=445 | protocol=6 | dir=out | app=system |
"{8AFBCBF2-BD62-4F57-9075-AF492954643B}" = lport=138 | protocol=17 | dir=in | app=system |
"{92D753DF-977E-4378-8687-6AC3BCADDCD6}" = lport=445 | protocol=6 | dir=in | app=system |
"{94B031A5-EA29-4247-B433-4555C157DD39}" = lport=6890 | protocol=6 | dir=in | name=warcraft |
"{9932D11E-662F-4A4A-8A77-F7FBB5BF59A1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A33C714E-AD18-4E85-9981-A1CAF35C4519}" = rport=137 | protocol=17 | dir=out | app=system |
"{AB842988-FF42-4F00-9218-16BA0EEA62E4}" = lport=6112 | protocol=6 | dir=in | name=warcraft |
"{AE32C075-DA3E-4F2E-94D5-A1240D4A3AC8}" = lport=6882 | protocol=6 | dir=in | name=warcraft |
"{AF7933E8-D474-446C-982B-388A5C8B130C}" = lport=139 | protocol=6 | dir=in | app=system |
"{B1C5C629-2347-452E-BD8C-781E56391C1D}" = lport=6891 | protocol=6 | dir=in | name=warcraft |
"{BA01FEBC-CD6B-49A4-B831-A2A99CD3791D}" = rport=138 | protocol=17 | dir=out | app=system |
"{BB22EEB1-C811-4E9B-946C-E0E53A0790C2}" = lport=6885 | protocol=6 | dir=in | name=warcraft |
"{BD84D130-1116-4D2F-9F1F-01A92710EC2B}" = lport=6889 | protocol=6 | dir=in | name=warcraft |
"{D2C70930-1E2C-4F77-ADA2-5A39802276A8}" = lport=6895 | protocol=6 | dir=in | name=warcraft |
"{EEA0F502-B91E-42CC-90B9-CCD4B746A543}" = rport=139 | protocol=6 | dir=out | app=system |
"{F1423DA7-062A-4290-9A5C-4CAAD49C29B0}" = lport=6887 | protocol=6 | dir=in | name=warcraft |
"{F59A84AB-24EB-4518-AC10-D7A144A70F4F}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C6D7A6-0F1F-49E2-93E8-57F54E50E319}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{075CF213-6C01-42B7-A1B0-225FEEDE7D88}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{0EE319CD-0A1E-4F8E-A3F8-BBCC3D46EBF3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{13138912-F394-4822-9F2F-A1E75D5E78D5}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{198469BF-6B0C-4BD2-ABF3-0C970598A13E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{204F7AED-0ACE-401E-BCCA-D38A1373B054}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe |
"{295A28D6-DF41-49C6-B5D3-0EA703C06487}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{2B6948DD-549B-4D4A-9E51-B66B8A09B1B8}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{3D5A5FF0-6C6E-4454-A2A9-F1DD94ACD500}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3E629453-8473-4D33-9D75-93534B4F586C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{44172A52-621A-4978-9F73-5D578F279267}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{49564934-380A-4A94-9604-AE6970A0886A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5875837D-A59C-41E6-9439-14728629BA75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{703848E8-905E-4D3E-84C3-FDF8D273E120}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{729DDD11-15C2-4FDF-B603-93EED0BA58E4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{854FFD66-C394-4DFF-AD3F-23C74D7CBFBF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{8857D513-2047-478F-9273-BD2CE08F912F}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"{8D294E9E-5B34-4DE7-B417-BEBF27EED3B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9178168A-A80F-46B9-AA6E-1B9E5F5FC843}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{9FFF7299-6617-4CF8-8DD6-4111B9D533B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A378D293-46EC-46C2-ADE0-D3D33977B8AE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{A61D0354-9328-4E41-A5FC-E8CE835BAD1D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B6C38F84-7D66-4C54-B252-A820369C95C3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-2.4.3-to-3.0.2-dede-win-final-downloader.exe |
"{C0E2CB13-A0B4-498A-AD8F-C43E1767902E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{C2DD66A3-9721-4F4E-828D-27C8DACB50A9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{C3BD7305-BF33-4EA7-8B95-559645C60D46}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{CC0DF373-D7F3-494A-BF98-F219885EA173}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{CE330FD6-F45E-4D35-AAF3-8D135C3428DA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CF708E4B-D9B1-481C-A55C-8BC4CD0D3850}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D3CA65A2-AC64-4923-8CC7-D4478A2F64CD}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{D7E9BE23-C362-45F6-960D-150493F19322}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{DC29BEF7-4AF6-4D8B-AD12-3CCADCA2E343}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{DC743195-E2C4-49DC-B60A-F05B3310CFA0}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{DF89C6CB-37D2-49DA-8EE0-7AB15C3D1860}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{EB411E9D-AE42-4373-A40F-43FC4A0DAB43}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{0B34EFED-4B03-40D8-A8B9-20FD3E07C830}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{220D1776-6D98-4EB0-9B0E-2E5DE7170312}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{2DD5C03D-C785-4B59-96DE-BEFC45D07CC8}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{4160B1CA-7358-415C-AF3C-AC95114CC81D}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{456A1574-6DB4-4EBA-84E9-C76E97236599}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{4AEC7DAD-DBD2-405A-99BD-2C032CE965A0}C:\program files\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"TCP Query User{638F524B-1DF0-4891-AF45-4BBAA93EE7D9}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{643F4490-9C67-4400-A193-E4386E3525DE}C:\users\jessica\appdata\local\temp\blizzard launcher temporary - 81801d68\launcher.exe" = protocol=6 | dir=in | app=c:\users\jessica\appdata\local\temp\blizzard launcher temporary - 81801d68\launcher.exe |
"TCP Query User{98D15096-E473-4482-A186-A929D4AE0102}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{D2FB90AD-4B1D-4B87-9A31-C8E569070EFB}C:\program files\curse\curseclient.exe" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"UDP Query User{13D85FE1-A0EB-4504-A8F9-F17649BFB8CD}C:\program files\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"UDP Query User{2ECD4D4D-FD31-454B-9B50-0716CF65D4BA}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{310BAF31-4AC4-4EB6-84BC-93127E8A047A}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{82E6B1C7-3B31-4226-9B50-2CB9CAC49BBE}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{D1BE3847-3BE6-41F4-A06D-70FB3807F8A1}C:\users\jessica\appdata\local\temp\blizzard launcher temporary - 81801d68\launcher.exe" = protocol=17 | dir=in | app=c:\users\jessica\appdata\local\temp\blizzard launcher temporary - 81801d68\launcher.exe |
"UDP Query User{DD60E07A-7DDD-46EC-B28F-0AEDAC87583F}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{E23F7932-99F2-414B-9799-34CF0BDF125C}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{F131CD71-0BF1-4E4F-B2C7-D6B1893328DD}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{F95FFA84-DD72-4974-A38B-A6AE2D394A2D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{FFCF7A4F-AFC0-47E5-ABC7-5ED17237EBC9}C:\program files\curse\curseclient.exe" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06973580-503D-B2F8-B932-C6FFF6DE7615}" = CCC Help Chinese Traditional
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0ADB6A81-F35D-4040-36CE-C50206F09737}" = CCC Help Japanese
"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{1438FB49-8B53-D209-2B32-B0F33DA65336}" = Catalyst Control Center Localization Thai
"{18B9E358-08D9-0955-2FF3-EA15FF11DF02}" = Catalyst Control Center Localization Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{27A7337A-765F-AA01-7115-06C3023E88E1}" = CCC Help Czech
"{2A73DA05-35C1-AA35-07D5-36C077D3183F}" = Catalyst Control Center Core Implementation
"{2AFE1AE5-1828-E0AE-B067-6B71620AF388}" = Catalyst Control Center Localization German
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3184A571-E021-817E-378D-9EC6EE412E09}" = Catalyst Control Center Graphics Light
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{36249169-E3FC-6737-9FA7-9BA520BE0DB2}" = CCC Help French
"{37652D83-7BDC-4735-8954-3FE0C2F2AD18}" = ccc-Branding
"{40BCF117-291F-BA1E-FC3E-C5C80F061641}" = CCC Help Hungarian
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4654A4C6-B8C4-CC1C-91C3-2D938EFD12E8}" = Catalyst Control Center Localization Polish
"{46A62B59-10D1-46B9-C32A-D5CA90899A8B}" = Catalyst Control Center Graphics Full Existing
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{47229A8F-CB6D-E104-412D-206B0D68E02A}" = Catalyst Control Center Localization Turkish
"{476796E1-CD51-1300-F212-15B10724A91F}" = CCC Help Russian
"{48B0DEBB-4A67-0523-0DBB-E82D88FA333D}" = Catalyst Control Center Localization Spanish
"{49850071-F9BA-1736-29B8-3B663CE7738C}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BAB05AF-F263-D3FC-217B-33B0F1B9D118}" = Catalyst Control Center Localization Hungarian
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4CFA2AC8-FE0B-C8F8-4C3C-73EC24CD52C8}" = CCC Help German
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51242B4E-E559-29D1-F01C-FAD101303CD3}" = CCC Help Italian
"{53A363EF-AC2C-ED65-7011-8F21641E5FAB}" = Catalyst Control Center Localization Portuguese
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{56AA716F-007D-66D2-EC91-9A4C48947E00}" = CCC Help Swedish
"{577E5938-7280-43C8-6585-CCE7CC0B286C}" = Catalyst Control Center Localization Norwegian
"{5967C9BB-1F4D-AAD2-2EDB-93B57376ECD5}" = Catalyst Control Center Localization Danish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{689C7F35-3627-E074-E17B-A03DC82DF234}" = Catalyst Control Center Localization Japanese
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6BA6EB17-ABA5-32E6-FD02-618F39E07347}" = Catalyst Control Center Localization Czech
"{7104189A-C592-4A56-AC9E-7C0CA135DA3C}" = AGEIA PhysX v6.10.25
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{747B2C81-B13B-F720-9DDC-C31BF1D492DF}" = Catalyst Control Center Localization Korean
"{76A0AADC-437C-10ED-7210-9B9FC38EACE6}" = CCC Help Korean
"{76AB986D-421F-B618-F738-028626176904}" = CCC Help Danish
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
"{7B462657-E26A-BB05-1064-A3A94D84583D}" = CCC Help Polish
"{7C032D1E-DD75-6856-2F78-1FF1FE3712DB}" = CCC Help Norwegian
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{818EA00F-8D02-671E-FE70-C2377EE4F24C}" = Catalyst Control Center Localization Dutch
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8FC6E83A-EE8C-88D6-7C7B-74E6BE7C8667}" = CCC Help Thai
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Multimedia Center For Think Offerings
"{949997C4-6532-8E7A-A1A0-AACBC665123E}" = Catalyst Control Center Localization French
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A6700AA-8775-4DAB-6284-771145BAA661}" = Catalyst Control Center Graphics Full New
"{9AFF5F50-1936-8859-AF93-5F66F785EE63}" = CCC Help Dutch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E478F3F-7A7B-42C5-BE9C-40FC0E07665F}" = Die Spur der Erwachten
"{A1A84D7F-3C2E-1255-2469-8175F972AB58}" = CCC Help Greek
"{A682297F-4CA6-A1EE-D68B-06A3EB847255}" = ccc-core-static
"{A6C2B54A-5D1C-45DE-0FD1-2C3A200163A4}" = CCC Help Turkish
"{A88852F0-1790-1E1D-9164-95FFCF435E97}" = Catalyst Control Center Localization Chinese Traditional
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AE6D88D5-9064-84EA-C9DD-AC5927C44AA1}" = CCC Help Finnish
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B346EA79-BF20-5BE1-E599-45EEFB0CB3BD}" = Catalyst Control Center Localization Greek
"{B460F0C7-98ED-9B55-6D24-E54E98A89A78}" = Skins
"{B4B5E290-81EF-A724-E52C-DE05DC85B2E6}" = Catalyst Control Center Graphics Previews Vista
"{B4BCBF59-3F39-1F6D-2ED2-72198CC7AC49}" = Catalyst Control Center Localization Russian
"{B84B5373-AAC0-07AD-38A0-C44AAA4BD82F}" = CCC Help Spanish
"{BF0B0BF5-366A-6B6E-5718-A98E2E845322}" = ccc-utility
"{C0D49C3F-237B-94C7-EECD-10D22851C76E}" = CCC Help English
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C9521CC8-D7EC-145F-33B7-B27BFF631715}" = CCC Help Portuguese
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkCentre
"{D7A2D358-B2BB-691E-EAD7-E95CDAE9842F}" = Catalyst Control Center Localization Swedish
"{DB6B6CCF-D509-C223-D06E-1D2118ECD193}" = Catalyst Control Center Localization Finnish
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E048D0DC-7419-7867-FCD2-CF176C73E629}" = Catalyst Control Center Localization Chinese Standard
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"5991C8EB35AA0A2B41B0060067BD0DA30E877FFF" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/22/2007 6.0.1.5499)
"89838CF0B3DF29FE9FFF8893ACB04964C75A6F1E" = Windows Driver Package - ATI Technogies Inc (pci) System  (11/02/2006 1.00.0000.1)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira Free Antivirus
"AwayTask" = Maintenance Manager
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"C16E2639B8851B54030DE09318A01581A8096E29" = Windows Driver Package - Marvell (yukonwlh) Net  (09/18/2007 10.24.1.3)
"D4B97D41574F60753BAE597542C02A55D48392C9" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (10/22/2007 6.0.1.5499)
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.2.5
"HijackThis" = HijackThis 2.0.2
"Lenovo Registration" = Lenovo Registration
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MouseSuite98" = Mouse Suite
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nvu_is1" = Nvu 1.0
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PROHYBRIDR" = 2007 Microsoft Office system
"PSPad editor_is1" = PSPad editor
"Windows Live Toolbar" = Windows Live Toolbar
"World of Warcraft" = World of Warcraft
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.05.2012 08:41:31 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description =
 
Error - 06.05.2012 08:46:48 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description =
 
Error - 06.05.2012 08:49:32 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description =
 
Error - 06.05.2012 08:51:19 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description =
 
Error - 06.05.2012 09:04:30 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description =
 
Error - 06.05.2012 09:10:05 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description =
 
Error - 06.05.2012 10:58:18 | Computer Name = Jessica-PC | Source = VSS | ID = 8194
Description =
 
Error - 25.05.2012 14:57:34 | Computer Name = Jessica-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 12.0.0.4493 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
 das Problem zu suchen.  Prozess-ID: 31c  Anfangszeit: 01cd3aa7d6bc41c3  Zeitpunkt der
 Beendigung: 1716
 
Error - 07.06.2012 09:33:23 | Computer Name = Jessica-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung thunderbird.exe, Version 12.0.0.4501, Zeitstempel
 0x4f9c5917, fehlerhaftes Modul dbghelp.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x4549bcc9, Ausnahmecode 0xc0000005, Fehleroffset 0x6bcfb614,  Prozess-ID 0x1250,
 Anwendungsstartzeit 01cd4481c05b6d5b.
 
Error - 09.06.2012 18:23:59 | Computer Name = Jessica-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 13.0.0.4535, Zeitstempel
 0x4fc8def7, fehlerhaftes Modul xul.dll, Version 13.0.0.4535, Zeitstempel 0x4fc8dda6,
 Ausnahmecode 0xc0000005, Fehleroffset 0x000e4238,  Prozess-ID 0xe84, Anwendungsstartzeit
 01cd468e03a14668.
 
[ System Events ]
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
Error - 11.06.2012 07:01:28 | Computer Name = Jessica-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
 
 
< End of report >
--- --- ---
Da mein PC ein 32 bit System hat, wollte ich noch Gmer anwenden, aber das funktioniert nicht. Nach dem Start des Scanvorgangs kommt nach wenigen Sekungen eine DOS Oberfläche mit dem Textbeginn "Problem has been detected..." und dann ist der PC auch schon aus und startet neu. Das Programm Gmer ist danach nicht mehr aktiv.

Woran kann das liegen?

Krieg ich den Trojaner trotzdem weg?

Ich danke Euch schon jetzt für Eure Hilfe! :knuddel:

Malwarebytes Anti-Malware Logfile:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.12.05

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Jessica :: JESSICA-PC [Administrator]

12.06.2012 16:08:59
mbam-log-2012-06-12 (18-26-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 343463
Laufzeit: 1 Stunde(n), 39 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|office (Trojan.Agent) -> Daten: "C:\Windows\system32\rundll32.exe" C:\Users\Jessica\AppData\Local\Temp\1352388.dll,S -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Jessica\AppData\Local\Temp\arp.bat (Spyware.OnLineGames) -> Keine Aktion durchgeführt.
C:\Program Files\Common Files\c.reg (Malware.Trace) -> Keine Aktion durchgeführt.
C:\Program Files\Common Files\ur.dll (Malware.Trace) -> Keine Aktion durchgeführt.

(Ende)


Gmer kann ich im abgesicherten Modus durchführen, das hat aber zuletzt nicht mit dem speichern geklappt (leere Textdatei), ich versuche es erneut und füge es dann ebenfalls ein.

cosinus 13.06.2012 13:19
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

JeS 13.06.2012 20:57
Nein, ich habe das Programm erst runtergeladen und genutzt, nachdem ich hier im Board gestöbert habe. Es gibt also nur dieses eine Log.
Ich habe die infizierten Dateien anschließend entfernt.

Gmer gibt übrigens immer als Ergebnis aus, dass nix gefunden wurde und die Datei ist leer.

cosinus 13.06.2012 21:38
Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.

JeS 14.06.2012 14:36
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=0c097881bfa6c34baf5ee65bccfb41d1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-13 10:18:48
# local_time=2012-06-14 12:18:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=512 16777215 100 0 113616707 113616707 0 0
# compatibility_mode=1792 16777191 100 0 16290405 16290405 0 0
# compatibility_mode=5892 16776574 100 100 133123 177154049 0 0
# compatibility_mode=8192 67108863 100 0 476 476 0 0
# scanned=150102
# found=0
# cleaned=0
# scan_time=4599

cosinus 14.06.2012 15:30
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

JeS 14.06.2012 15:34
Ja, es geht alles und nein, ich vermisse nichts, keine leeren Ordner vorhanden.

cosinus 14.06.2012 15:37
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

JeS 14.06.2012 19:28
Code:
OTL logfile created on: 14.06.2012 16:44:13 - Run 3
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Users\Jessica\Desktop
Windows Vista Business Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
894,56 Mb Total Physical Memory | 340,75 Mb Available Physical Memory | 38,09% Memory free
2,00 Gb Paging File | 1,04 Gb Available in Paging File | 52,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,59 Gb Total Space | 110,26 Gb Free Space | 48,45% Space Free | Partition Type: NTFS
 
Computer Name: JESSICA-PC | User Name: Jessica | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jessica\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Programme\Common Files\Lenovo\Logger\logmon.exe ()
PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
PRC - C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
PRC - C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Windows\System32\PELMICED.EXE (Primax Electronics Ltd.)
PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Jessica\AppData\Local\Temp\CmdLineExt03.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\PSPad editor\PSPadShell.dll ()
MOD - C:\Programme\Common Files\Lenovo\CDRecord.dll ()
MOD - C:\Programme\Common Files\Lenovo\xml4cmessages5_5.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\System32\DLAAPI_W.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UMVPFSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (tvtnetwk) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (IPSSVC) -- C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LVUVC) Logitech HD Webcam C270(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ldiskl) -- C:\Users\Jessica\AppData\Local\Temp\ldiskl.sys ()
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (PROCDD) -- C:\Windows\System32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (pelusblf) -- C:\Windows\System32\drivers\PELUSBLF.SYS (Primax Electronics Ltd.)
DRV - (pelmouse) -- C:\Windows\System32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D8994606-7F13-4A62-90A6-AD34D52079DB}
IE - HKLM\..\SearchScopes\{D8994606-7F13-4A62-90A6-AD34D52079DB}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=LENIE
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.kaninchenschutzforum.de/
IE - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\..\SearchScopes\{D8994606-7F13-4A62-90A6-AD34D52079DB}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=LENIE
IE - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.06 17:44:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.05 16:02:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.18 09:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.04.22 21:30:35 | 000,000,000 | ---D | M]
 
[2010.08.27 00:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\mozilla\Extensions
[2010.08.27 00:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.05.02 21:44:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\cct9xnkl.default\extensions
[2010.09.18 18:33:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\cct9xnkl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.24 00:17:45 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Jessica\AppData\Roaming\mozilla\Firefox\Profiles\cct9xnkl.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.06.08 21:52:18 | 000,000,944 | ---- | M] () -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\cct9xnkl.default\searchplugins\icqplugin.xml
[2012.06.06 17:44:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.06 17:44:24 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.24 09:57:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.24 09:57:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.24 09:57:38 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.24 09:57:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.24 09:57:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.24 09:57:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKU\S-1-5-21-4174144500-2499443096-1353241399-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Programme\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57830F4C-ABCE-4441-8D3A-66A271F11368}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{874A84A7-FB13-4667-8D00-383368682399}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3ED041C-EEB7-4C10-8D21-76E3E83BF2F9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img25.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk - C:\Programme\WISO\Sparbuch 2010\meinsparbuchheute.exe - ()
MsConfig - StartUpFolder: C:^Users^Jessica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: MobMapUpdater - hkey= - key= - C:\Program Files\MobMapUpdater\MobMapUpdater.exe ()
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.13 22:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.06.13 22:53:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Jessica\Desktop\esetsmartinstaller_enu.exe
[2012.06.12 21:07:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.06.12 16:05:59 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\Malwarebytes
[2012.06.12 16:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.12 16:05:49 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.12 16:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.12 16:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.12 15:51:45 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\TuneUp Software
[2012.06.12 15:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012.06.12 15:46:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.06.12 15:45:45 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.06.12 15:45:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.06.11 13:46:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
[2012.06.09 23:17:23 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Local\Macromedia
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.14 16:34:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.14 16:20:28 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 16:20:28 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 16:05:02 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.06.14 15:21:40 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2012.06.14 15:20:43 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.06.14 15:20:39 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2012.06.14 15:20:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.14 15:19:58 | 938,663,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.13 22:57:57 | 000,022,804 | ---- | M] () -- C:\Users\Jessica\Desktop\ESET Scanner.odt
[2012.06.13 22:53:30 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Jessica\Desktop\esetsmartinstaller_enu.exe
[2012.06.12 19:22:36 | 132,028,909 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.12 16:05:50 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.12 16:01:13 | 000,000,618 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.06.11 13:51:16 | 000,302,592 | ---- | M] () -- C:\Users\Jessica\Desktop\891g4vti.exe
[2012.06.11 13:46:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
[2012.06.11 13:45:01 | 000,000,000 | ---- | M] () -- C:\Users\Jessica\defogger_reenable
[2012.06.11 13:42:50 | 000,050,477 | ---- | M] () -- C:\Users\Jessica\Desktop\Defogger.exe
[2012.06.09 22:09:41 | 000,708,082 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.09 22:09:41 | 000,664,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.09 22:09:41 | 000,144,434 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.09 22:09:41 | 000,124,938 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.28 10:17:16 | 000,001,356 | ---- | M] () -- C:\Users\Jessica\AppData\Local\d3d9caps.dat
[2012.05.24 15:18:53 | 000,025,715 | ---- | M] () -- C:\Users\Jessica\***.elfo
 
========== Files Created - No Company Name ==========
 
[2012.06.13 22:57:50 | 000,022,804 | ---- | C] () -- C:\Users\Jessica\Desktop\ESET Scanner.odt
[2012.06.12 20:38:09 | 938,663,936 | -HS- | C] () -- C:\hiberfil.sys
[2012.06.12 16:05:50 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.11 13:51:12 | 000,302,592 | ---- | C] () -- C:\Users\Jessica\Desktop\891g4vti.exe
[2012.06.11 13:45:01 | 000,000,000 | ---- | C] () -- C:\Users\Jessica\defogger_reenable
[2012.06.11 13:42:12 | 000,050,477 | ---- | C] () -- C:\Users\Jessica\Desktop\Defogger.exe
[2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2012.01.18 07:22:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.11.13 15:19:26 | 000,000,618 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.17 23:05:52 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.09.06 15:11:34 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.09.06 15:11:28 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
 
========== LOP Check ==========
 
[2010.02.17 18:12:41 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Buhl Data Service
[2012.05.06 14:16:54 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\elsterformular
[2012.02.23 23:53:57 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\FileZilla
[2012.06.14 16:42:29 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ICQ
[2010.08.22 14:27:13 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\InterTrust
[2009.08.22 22:06:26 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\InterVideo
[2008.07.14 00:35:14 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Lenovo
[2009.05.03 13:38:24 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\MobMapUpdater
[2009.03.25 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Nvu
[2011.12.07 20:56:14 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\OpenOffice.org
[2010.04.30 20:55:45 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ScummVM
[2010.07.03 10:46:19 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\T-Online
[2010.08.27 00:58:23 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Thunderbird
[2012.06.12 15:51:45 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\TuneUp Software
[2012.06.14 16:05:02 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2012.06.14 14:50:28 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.08.03 20:09:09 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Adobe
[2009.06.01 11:20:50 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Apple Computer
[2008.10.03 15:55:17 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ATI
[2011.12.08 10:02:56 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Avira
[2010.02.17 18:12:41 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Buhl Data Service
[2012.05.06 14:16:54 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\elsterformular
[2012.02.23 23:53:57 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\FileZilla
[2012.06.14 16:42:29 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ICQ
[2006.11.02 15:04:02 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Identities
[2010.08.22 14:27:13 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\InterTrust
[2009.08.22 22:06:26 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\InterVideo
[2008.07.14 00:35:14 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Lenovo
[2008.07.14 00:56:04 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Macromedia
[2012.06.12 16:06:00 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Malwarebytes
[2012.06.09 23:17:23 | 000,000,000 | --SD | M] -- C:\Users\Jessica\AppData\Roaming\Microsoft
[2009.05.03 13:38:24 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\MobMapUpdater
[2008.07.16 09:28:09 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Mozilla
[2009.03.25 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Nvu
[2011.12.07 20:56:14 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\OpenOffice.org
[2009.10.04 14:29:59 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\PSpad
[2010.04.30 20:55:45 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ScummVM
[2012.05.25 21:25:56 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Skype
[2010.11.26 22:06:22 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\skypePM
[2010.07.03 10:46:19 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\T-Online
[2008.10.02 23:03:21 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\teamspeak2
[2010.08.27 00:58:23 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Thunderbird
[2012.06.12 15:51:45 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\TuneUp Software
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.07.14 01:30:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008.07.14 01:30:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.07.14 01:30:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.07.14 01:30:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.10 14:02:10 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.04.10 14:02:10 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.04.10 14:02:10 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.12.18 14:47:39 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.12.18 14:47:39 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
<          >

< End of report >

cosinus 15.06.2012 12:16
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

JeS 16.06.2012 09:46
Code:
09:22:59.0771 5928        TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
09:23:00.0295 5928        ============================================================
09:23:00.0295 5928        Current date / time: 2012/06/16 09:23:00.0295
09:23:00.0295 5928        SystemInfo:
09:23:00.0295 5928       
09:23:00.0295 5928        OS Version: 6.0.6000 ServicePack: 0.0
09:23:00.0295 5928        Product type: Workstation
09:23:00.0295 5928        ComputerName: JESSICA-PC
09:23:00.0295 5928        UserName: Jessica
09:23:00.0295 5928        Windows directory: C:\Windows
09:23:00.0295 5928        System windows directory: C:\Windows
09:23:00.0295 5928        Processor architecture: Intel x86
09:23:00.0295 5928        Number of processors: 2
09:23:00.0295 5928        Page size: 0x1000
09:23:00.0295 5928        Boot type: Normal boot
09:23:00.0295 5928        ============================================================
09:23:02.0359 5928        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x14DFFB, SectorsPerTrack: 0x3, TracksPerCylinder: 0x77, Type 'K0', Flags 0x00000050
09:23:02.0396 5928        ============================================================
09:23:02.0396 5928        \Device\Harddisk0\DR0:
09:23:02.0397 5928        MBR partitions:
09:23:02.0397 5928        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xA98000, BlocksNum 0x1C72D000
09:23:02.0397 5928        ============================================================
09:23:02.0448 5928        C: <-> \Device\Harddisk0\DR0\Partition0
09:23:02.0499 5928        ============================================================
09:23:02.0499 5928        Initialize success
09:23:02.0499 5928        ============================================================
09:24:47.0616 4772        ============================================================
09:24:47.0616 4772        Scan started
09:24:47.0616 4772        Mode: Manual; SigCheck; TDLFS;
09:24:47.0616 4772        ============================================================
09:24:49.0659 4772        ACPI            (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
09:24:49.0768 4772        ACPI - ok
09:24:49.0846 4772        AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:24:49.0893 4772        AdobeFlashPlayerUpdateSvc - ok
09:24:49.0940 4772        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:24:49.0987 4772        adp94xx - ok
09:24:50.0065 4772        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:24:50.0080 4772        adpahci - ok
09:24:50.0127 4772        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:24:50.0143 4772        adpu160m - ok
09:24:50.0190 4772        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:24:50.0236 4772        adpu320 - ok
09:24:50.0283 4772        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
09:24:50.0330 4772        AeLookupSvc - ok
09:24:50.0361 4772        AFD            (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
09:24:50.0548 4772        AFD - ok
09:24:50.0611 4772        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:24:50.0611 4772        agp440 - ok
09:24:50.0626 4772        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:24:50.0642 4772        aic78xx - ok
09:24:50.0658 4772        ALG            (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe
09:24:50.0704 4772        ALG - ok
09:24:50.0720 4772        aliide          (c20f9bce0956a7e3deaa6848ee1f1682) C:\Windows\system32\drivers\aliide.sys
09:24:50.0751 4772        aliide - ok
09:24:50.0876 4772        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:24:50.0876 4772        amdagp - ok
09:24:50.0892 4772        amdide          (bee39c63d6259f795d110fe89fd9f056) C:\Windows\system32\drivers\amdide.sys
09:24:50.0907 4772        amdide - ok
09:24:50.0954 4772        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:24:51.0016 4772        AmdK7 - ok
09:24:51.0032 4772        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
09:24:51.0110 4772        AmdK8 - ok
09:24:51.0344 4772        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
09:24:51.0375 4772        AntiVirSchedulerService - ok
09:24:51.0484 4772        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
09:24:51.0484 4772        AntiVirService - ok
09:24:51.0547 4772        Appinfo        (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll
09:24:51.0609 4772        Appinfo - ok
09:24:51.0640 4772        AppMgmt        (051e86735b71e8402aebc1d662f26ba2) C:\Windows\System32\appmgmts.dll
09:24:51.0672 4772        AppMgmt - ok
09:24:51.0703 4772        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:24:51.0718 4772        arc - ok
09:24:51.0734 4772        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:24:51.0750 4772        arcsas - ok
09:24:51.0796 4772        AsyncMac        (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
09:24:51.0859 4772        AsyncMac - ok
09:24:51.0890 4772        atapi          (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
09:24:51.0890 4772        atapi - ok
09:24:51.0952 4772        Ati External Event Utility (a63b95991d0036d8d5a188bb4a31cf18) C:\Windows\system32\Ati2evxx.exe
09:24:52.0015 4772        Ati External Event Utility - ok
09:24:52.0233 4772        atikmdag        (daca081e9dc82d4a05b0d21e8aa93df8) C:\Windows\system32\DRIVERS\atikmdag.sys
09:24:52.0358 4772        atikmdag - ok
09:24:52.0935 4772        AtiPcie        (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
09:24:52.0966 4772        AtiPcie - ok
09:24:53.0029 4772        atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
09:24:53.0044 4772        atksgt ( UnsignedFile.Multi.Generic ) - warning
09:24:53.0044 4772        atksgt - detected UnsignedFile.Multi.Generic (1)
09:24:53.0107 4772        AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
09:24:53.0200 4772        AudioEndpointBuilder - ok
09:24:53.0216 4772        Audiosrv        (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
09:24:53.0263 4772        Audiosrv - ok
09:24:53.0310 4772        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
09:24:53.0341 4772        avgntflt - ok
09:24:53.0372 4772        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
09:24:53.0419 4772        avipbb - ok
09:24:53.0466 4772        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
09:24:53.0481 4772        avkmgr - ok
09:24:53.0512 4772        b57nd60x        (8e287eb3a52fd30c999482c576f4a61b) C:\Windows\system32\DRIVERS\b57nd60x.sys
09:24:53.0606 4772        b57nd60x - ok
09:24:53.0684 4772        Beep            (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
09:24:53.0731 4772        Beep - ok
09:24:53.0778 4772        BFE            (98ebdffb824a7c265337d68dd480e45c) C:\Windows\System32\bfe.dll
09:24:53.0824 4772        BFE - ok
09:24:53.0918 4772        BITS            (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\System32\qmgr.dll
09:24:54.0012 4772        BITS - ok
09:24:54.0012 4772        blbdrive - ok
09:24:54.0090 4772        bowser          (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
09:24:54.0121 4772        bowser - ok
09:24:54.0168 4772        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:24:54.0214 4772        BrFiltLo - ok
09:24:54.0230 4772        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:24:54.0261 4772        BrFiltUp - ok
09:24:54.0308 4772        Browser        (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll
09:24:54.0339 4772        Browser - ok
09:24:54.0386 4772        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:24:54.0433 4772        Brserid - ok
09:24:54.0448 4772        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:24:54.0511 4772        BrSerWdm - ok
09:24:54.0542 4772        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:24:54.0573 4772        BrUsbMdm - ok
09:24:54.0589 4772        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:24:54.0651 4772        BrUsbSer - ok
09:24:54.0667 4772        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:24:54.0714 4772        BTHMODEM - ok
09:24:54.0729 4772        cdfs            (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
09:24:54.0776 4772        cdfs - ok
09:24:54.0792 4772        cdrom          (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
09:24:54.0854 4772        cdrom - ok
09:24:54.0885 4772        CertPropSvc    (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
09:24:54.0948 4772        CertPropSvc - ok
09:24:54.0979 4772        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:24:55.0057 4772        circlass - ok
09:24:55.0260 4772        CLFS            (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
09:24:55.0275 4772        CLFS - ok
09:24:55.0431 4772        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:24:55.0447 4772        clr_optimization_v2.0.50727_32 - ok
09:24:55.0462 4772        cmdide          (4fdf23b1124b36c2cfd0f675f950ae1b) C:\Windows\system32\drivers\cmdide.sys
09:24:55.0462 4772        cmdide - ok
09:24:55.0509 4772        Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
09:24:55.0509 4772        Compbatt - ok
09:24:55.0540 4772        COMSysApp - ok
09:24:55.0572 4772        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:24:55.0572 4772        crcdisk - ok
09:24:55.0587 4772        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:24:55.0665 4772        Crusoe - ok
09:24:55.0696 4772        CryptSvc        (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll
09:24:55.0774 4772        CryptSvc - ok
09:24:55.0993 4772        CSC            (ee95a5f89766f199557e5900ce6b2d7d) C:\Windows\system32\drivers\csc.sys
09:24:56.0040 4772        CSC - ok
09:24:56.0086 4772        CscService      (68131a9a8e3f0ab5136bf386f02a3fc7) C:\Windows\System32\cscsvc.dll
09:24:56.0164 4772        CscService - ok
09:24:56.0242 4772        DcomLaunch      (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
09:24:56.0305 4772        DcomLaunch - ok
09:24:56.0383 4772        DfsC            (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
09:24:56.0430 4772        DfsC - ok
09:24:57.0241 4772        DFSR            (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe
09:24:57.0381 4772        DFSR - ok
09:24:58.0021 4772        Dhcp            (dc45739bc22d528d2b3e50d3f6761750) C:\Windows\System32\dhcpcsvc.dll
09:24:58.0068 4772        Dhcp - ok
09:24:58.0146 4772        disk            (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
09:24:58.0161 4772        disk - ok
09:24:58.0754 4772        Diskeeper      (5f4944cfb8e60f2b02b7cd7419b3c314) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
09:24:58.0816 4772        Diskeeper ( UnsignedFile.Multi.Generic ) - warning
09:24:58.0816 4772        Diskeeper - detected UnsignedFile.Multi.Generic (1)
09:24:58.0879 4772        DLABMFSM        (475024f44e0b0ff2e89b0b7450c51e9a) C:\Windows\system32\DLA\DLABMFSM.SYS
09:24:58.0879 4772        DLABMFSM - ok
09:24:58.0910 4772        DLABOIOM        (d418a2c037f0367af8ceb955f8162219) C:\Windows\system32\DLA\DLABOIOM.SYS
09:24:58.0926 4772        DLABOIOM - ok
09:24:58.0957 4772        DLACDBHM        (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
09:24:58.0972 4772        DLACDBHM - ok
09:24:58.0988 4772        DLADResM        (6229b5564501da2759ae82c73e721518) C:\Windows\system32\DLA\DLADResM.SYS
09:24:59.0004 4772        DLADResM - ok
09:24:59.0050 4772        DLAIFS_M        (97e1cc730f1f931c5232013432584334) C:\Windows\system32\DLA\DLAIFS_M.SYS
09:24:59.0066 4772        DLAIFS_M - ok
09:24:59.0082 4772        DLAOPIOM        (d98be003d85c0251a3db5851a29c6ba8) C:\Windows\system32\DLA\DLAOPIOM.SYS
09:24:59.0082 4772        DLAOPIOM - ok
09:24:59.0082 4772        DLAPoolM        (3821ad5aa0ac0f05625923cfcc0c0fbb) C:\Windows\system32\DLA\DLAPoolM.SYS
09:24:59.0097 4772        DLAPoolM - ok
09:24:59.0113 4772        DLARTL_M        (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\Windows\system32\Drivers\DLARTL_M.SYS
09:24:59.0113 4772        DLARTL_M - ok
09:24:59.0144 4772        DLAUDFAM        (0fdd55d09da1657fc28ebc015f5f45d6) C:\Windows\system32\DLA\DLAUDFAM.SYS
09:24:59.0160 4772        DLAUDFAM - ok
09:24:59.0175 4772        DLAUDF_M        (147bc35eba264118988f5c5580860336) C:\Windows\system32\DLA\DLAUDF_M.SYS
09:24:59.0175 4772        DLAUDF_M - ok
09:24:59.0206 4772        Dnscache        (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll
09:24:59.0253 4772        Dnscache - ok
09:24:59.0316 4772        dot3svc        (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll
09:24:59.0378 4772        dot3svc - ok
09:24:59.0425 4772        DPS            (032c90ad677bf7b7a8013d6087c7a921) C:\Windows\system32\dps.dll
09:24:59.0456 4772        DPS - ok
09:24:59.0487 4772        drmkaud        (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
09:24:59.0534 4772        drmkaud - ok
09:24:59.0550 4772        DRVMCDB        (83106585494d5eb96f59187200c144bd) C:\Windows\system32\Drivers\DRVMCDB.SYS
09:24:59.0565 4772        DRVMCDB - ok
09:24:59.0596 4772        DRVNDDM        (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
09:24:59.0596 4772        DRVNDDM - ok
09:24:59.0674 4772        DXGKrnl        (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
09:24:59.0768 4772        DXGKrnl - ok
09:24:59.0799 4772        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:24:59.0862 4772        E1G60 - ok
09:24:59.0877 4772        EapHost        (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll
09:24:59.0924 4772        EapHost - ok
09:25:00.0002 4772        Ecache          (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
09:25:00.0018 4772        Ecache - ok
09:25:00.0064 4772        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:25:00.0080 4772        elxstor - ok
09:25:00.0142 4772        EMDMgmt        (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll
09:25:00.0205 4772        EMDMgmt - ok
09:25:00.0283 4772        EventSystem    (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll
09:25:00.0361 4772        EventSystem - ok
09:25:00.0408 4772        fastfat        (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
09:25:00.0470 4772        fastfat - ok
09:25:00.0532 4772        Fax            (93f75490b02033df8edf4d7089c7e1d8) C:\Windows\system32\fxssvc.exe
09:25:00.0595 4772        Fax - ok
09:25:00.0642 4772        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
09:25:00.0704 4772        fdc - ok
09:25:00.0720 4772        fdPHost        (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll
09:25:00.0813 4772        fdPHost - ok
09:25:00.0829 4772        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
09:25:00.0860 4772        FDResPub - ok
09:25:00.0891 4772        FileInfo        (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
09:25:00.0907 4772        FileInfo - ok
09:25:00.0922 4772        Filetrace      (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
09:25:00.0954 4772        Filetrace - ok
09:25:00.0969 4772        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:25:01.0032 4772        flpydisk - ok
09:25:01.0063 4772        FltMgr          (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
09:25:01.0078 4772        FltMgr - ok
09:25:01.0266 4772        FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:25:01.0266 4772        FontCache3.0.0.0 - ok
09:25:01.0297 4772        Fs_Rec          (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
09:25:01.0312 4772        Fs_Rec - ok
09:25:01.0344 4772        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:25:01.0344 4772        gagp30kx - ok
09:25:01.0406 4772        gpsvc          (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll
09:25:01.0484 4772        gpsvc - ok
09:25:01.0531 4772        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:25:01.0624 4772        HdAudAddService - ok
09:25:01.0656 4772        HDAudBus        (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:25:01.0687 4772        HDAudBus - ok
09:25:01.0734 4772        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:25:01.0765 4772        HidBth - ok
09:25:01.0812 4772        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:25:01.0858 4772        HidIr - ok
09:25:01.0874 4772        hidserv        (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
09:25:01.0952 4772        hidserv - ok
09:25:01.0983 4772        HidUsb          (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
09:25:01.0999 4772        HidUsb - ok
09:25:02.0030 4772        hkmsvc          (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll
09:25:02.0077 4772        hkmsvc - ok
09:25:02.0139 4772        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:25:02.0139 4772        HpCISSs - ok
09:25:02.0233 4772        HTTP            (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
09:25:02.0295 4772        HTTP - ok
09:25:02.0326 4772        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:25:02.0342 4772        i2omp - ok
09:25:02.0420 4772        i8042prt        (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
09:25:02.0482 4772        i8042prt - ok
09:25:03.0138 4772        ialm            (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:25:03.0278 4772        ialm - ok
09:25:04.0635 4772        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:25:04.0666 4772        iaStorV - ok
09:25:04.0885 4772        IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:25:04.0900 4772        IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:25:04.0900 4772        IDriverT - detected UnsignedFile.Multi.Generic (1)
09:25:05.0462 4772        idsvc          (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:25:05.0571 4772        idsvc - ok
09:25:05.0602 4772        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:25:05.0602 4772        iirsp - ok
09:25:05.0680 4772        IKEEXT          (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll
09:25:05.0774 4772        IKEEXT - ok
09:25:06.0788 4772        IntcAzAudAddService (60ad91fda0d2c285435aa76860dcaf35) C:\Windows\system32\drivers\RTKVHDA.sys
09:25:06.0897 4772        IntcAzAudAddService - ok
09:25:07.0318 4772        intelide        (c87b3428607ef44068df98a8d1904785) C:\Windows\system32\drivers\intelide.sys
09:25:07.0334 4772        intelide - ok
09:25:07.0350 4772        intelppm        (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
09:25:07.0412 4772        intelppm - ok
09:25:07.0490 4772        IPBusEnum      (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll
09:25:07.0537 4772        IPBusEnum - ok
09:25:07.0568 4772        IpFilterDriver  (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:25:07.0646 4772        IpFilterDriver - ok
09:25:07.0740 4772        iphlpsvc        (ecc9ad72cfc4ab41cf6a9bcc11f9fef6) C:\Windows\System32\iphlpsvc.dll
09:25:07.0786 4772        iphlpsvc - ok
09:25:07.0786 4772        IpInIp - ok
09:25:07.0802 4772        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:25:07.0849 4772        IPMIDRV - ok
09:25:07.0864 4772        IPNAT          (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
09:25:07.0927 4772        IPNAT - ok
09:25:07.0974 4772        IPSSVC          (00d8e9daebe72a5df3986fd418a995eb) C:\Windows\system32\IPSSVC.EXE
09:25:07.0989 4772        IPSSVC - ok
09:25:08.0005 4772        IRENUM          (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
09:25:08.0052 4772        IRENUM - ok
09:25:08.0067 4772        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:25:08.0067 4772        isapnp - ok
09:25:08.0098 4772        iScsiPrt        (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
09:25:08.0161 4772        iScsiPrt - ok
09:25:08.0192 4772        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:25:08.0192 4772        iteatapi - ok
09:25:08.0254 4772        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:25:08.0254 4772        iteraid - ok
09:25:08.0348 4772        IviRegMgr      (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:25:08.0364 4772        IviRegMgr - ok
09:25:08.0379 4772        kbdclass        (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
09:25:08.0395 4772        kbdclass - ok
09:25:08.0426 4772        kbdhid          (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
09:25:08.0442 4772        kbdhid - ok
09:25:08.0473 4772        KeyIso          (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
09:25:08.0488 4772        KeyIso - ok
09:25:08.0504 4772        KSecDD          (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
09:25:08.0566 4772        KSecDD - ok
09:25:08.0613 4772        KtmRm          (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll
09:25:08.0660 4772        KtmRm - ok
09:25:08.0707 4772        LanmanServer    (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\system32\srvsvc.dll
09:25:08.0800 4772        LanmanServer - ok
09:25:08.0863 4772        LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll
09:25:08.0941 4772        LanmanWorkstation - ok
09:25:09.0658 4772        ldiskl          (aece2d44a6c0e6cf7ad6b699818defef) C:\Users\Jessica\AppData\Local\Temp\ldiskl.sys
09:25:09.0690 4772        ldiskl ( UnsignedFile.Multi.Generic ) - warning
09:25:09.0690 4772        ldiskl - detected UnsignedFile.Multi.Generic (1)
09:25:09.0736 4772        lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
09:25:09.0736 4772        lirsgt ( UnsignedFile.Multi.Generic ) - warning
09:25:09.0736 4772        lirsgt - detected UnsignedFile.Multi.Generic (1)
09:25:09.0768 4772        lltdio          (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
09:25:09.0830 4772        lltdio - ok
09:25:09.0861 4772        lltdsvc        (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll
09:25:09.0939 4772        lltdsvc - ok
09:25:09.0955 4772        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
09:25:10.0017 4772        lmhosts - ok
09:25:10.0064 4772        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:25:10.0064 4772        LSI_FC - ok
09:25:10.0111 4772        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:25:10.0111 4772        LSI_SAS - ok
09:25:10.0142 4772        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:25:10.0158 4772        LSI_SCSI - ok
09:25:10.0173 4772        luafv          (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
09:25:10.0220 4772        luafv - ok
09:25:12.0092 4772        LVUVC          (5bc80451109a8dd7f2ddd35bce2929a3) C:\Windows\system32\DRIVERS\lvuvc.sys
09:25:12.0326 4772        LVUVC - ok
09:25:12.0529 4772        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:25:12.0529 4772        megasas - ok
09:25:12.0560 4772        MMCSS          (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
09:25:12.0622 4772        MMCSS - ok
09:25:12.0669 4772        Modem          (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
09:25:12.0716 4772        Modem - ok
09:25:12.0747 4772        monitor        (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
09:25:12.0778 4772        monitor - ok
09:25:12.0825 4772        mouclass        (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
09:25:12.0825 4772        mouclass - ok
09:25:12.0856 4772        mouhid          (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
09:25:12.0872 4772        mouhid - ok
09:25:12.0919 4772        MountMgr        (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
09:25:12.0919 4772        MountMgr - ok
09:25:13.0012 4772        MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:25:13.0012 4772        MozillaMaintenance - ok
09:25:13.0044 4772        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:25:13.0044 4772        mpio - ok
09:25:13.0075 4772        mpsdrv          (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
09:25:13.0090 4772        mpsdrv - ok
09:25:13.0122 4772        MpsSvc          (563ed845885c6a7c09a7715d8bd0585c) C:\Windows\system32\mpssvc.dll
09:25:13.0168 4772        MpsSvc - ok
09:25:13.0184 4772        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:25:13.0200 4772        Mraid35x - ok
09:25:13.0231 4772        MRxDAV          (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
09:25:13.0278 4772        MRxDAV - ok
09:25:13.0340 4772        mrxsmb          (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:25:13.0356 4772        mrxsmb - ok
09:25:13.0371 4772        mrxsmb10        (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:25:13.0418 4772        mrxsmb10 - ok
09:25:13.0465 4772        mrxsmb20        (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:25:13.0480 4772        mrxsmb20 - ok
09:25:13.0512 4772        msahci          (a7df0c3adb40919f91b2917fbe07a370) C:\Windows\system32\drivers\msahci.sys
09:25:13.0512 4772        msahci - ok
09:25:13.0527 4772        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:25:13.0543 4772        msdsm - ok
09:25:13.0558 4772        MSDTC          (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe
09:25:13.0590 4772        MSDTC - ok
09:25:13.0605 4772        Msfs            (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
09:25:13.0668 4772        Msfs - ok
09:25:13.0683 4772        msisadrv        (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
09:25:13.0699 4772        msisadrv - ok
09:25:13.0714 4772        MSiSCSI        (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll
09:25:13.0761 4772        MSiSCSI - ok
09:25:13.0777 4772        msiserver - ok
09:25:13.0792 4772        MSKSSRV        (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
09:25:13.0839 4772        MSKSSRV - ok
09:25:13.0870 4772        MSPCLOCK        (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
09:25:13.0917 4772        MSPCLOCK - ok
09:25:13.0933 4772        MSPQM          (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
09:25:13.0995 4772        MSPQM - ok
09:25:14.0011 4772        MsRPC          (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
09:25:14.0042 4772        MsRPC - ok
09:25:14.0058 4772        mssmbios        (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
09:25:14.0073 4772        mssmbios - ok
09:25:14.0151 4772        MSSQL$MSSMLBIZ - ok
09:25:14.0214 4772        MSSQLServerADHelper (adaf062116b4e6d96e44d26486a87af6) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
09:25:14.0214 4772        MSSQLServerADHelper - ok
09:25:14.0245 4772        MSTEE          (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
09:25:14.0307 4772        MSTEE - ok
09:25:14.0323 4772        Mup            (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
09:25:14.0338 4772        Mup - ok
09:25:14.0370 4772        napagent        (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll
09:25:14.0479 4772        napagent - ok
09:25:14.0541 4772        NativeWifiP    (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
09:25:14.0557 4772        NativeWifiP - ok
09:25:14.0619 4772        NDIS            (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
09:25:14.0682 4772        NDIS - ok
09:25:14.0713 4772        NdisTapi        (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
09:25:14.0775 4772        NdisTapi - ok
09:25:14.0806 4772        Ndisuio        (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
09:25:14.0853 4772        Ndisuio - ok
09:25:14.0869 4772        NdisWan        (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
09:25:14.0916 4772        NdisWan - ok
09:25:14.0962 4772        NDProxy        (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
09:25:14.0994 4772        NDProxy - ok
09:25:15.0009 4772        NetBIOS        (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
09:25:15.0056 4772        NetBIOS - ok
09:25:15.0072 4772        netbt          (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
09:25:15.0118 4772        netbt - ok
09:25:15.0150 4772        Netlogon        (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
09:25:15.0165 4772        Netlogon - ok
09:25:15.0212 4772        Netman          (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll
09:25:15.0290 4772        Netman - ok
09:25:15.0321 4772        netprofm        (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll
09:25:15.0384 4772        netprofm - ok
09:25:15.0508 4772        NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:25:15.0508 4772        NetTcpPortSharing - ok
09:25:15.0555 4772        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:25:15.0571 4772        nfrd960 - ok
09:25:15.0618 4772        NlaSvc          (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll
09:25:15.0680 4772        NlaSvc - ok
09:25:15.0696 4772        Npfs            (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
09:25:15.0742 4772        Npfs - ok
09:25:15.0789 4772        nsi            (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll
09:25:15.0883 4772        nsi - ok
09:25:15.0898 4772        nsiproxy        (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
09:25:15.0961 4772        nsiproxy - ok
09:25:16.0039 4772        Ntfs            (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
09:25:16.0101 4772        Ntfs - ok
09:25:16.0132 4772        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:25:16.0179 4772        ntrigdigi - ok
09:25:16.0179 4772        Null            (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
09:25:16.0226 4772        Null - ok
09:25:16.0273 4772        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
09:25:16.0288 4772        nvraid - ok
09:25:16.0304 4772        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
09:25:16.0304 4772        nvstor - ok
09:25:16.0351 4772        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:25:16.0351 4772        nv_agp - ok
09:25:16.0366 4772        NwlnkFlt - ok
09:25:16.0366 4772        NwlnkFwd - ok
09:25:16.0476 4772        odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:25:16.0522 4772        odserv - ok
09:25:16.0569 4772        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
09:25:16.0616 4772        ohci1394 - ok
09:25:16.0663 4772        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:25:16.0725 4772        ose - ok
09:25:16.0803 4772        p2pimsvc        (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
09:25:16.0881 4772        p2pimsvc - ok
09:25:16.0897 4772        p2psvc          (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
09:25:16.0912 4772        p2psvc - ok
09:25:16.0959 4772        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
09:25:17.0006 4772        Parport - ok
09:25:17.0022 4772        partmgr        (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
09:25:17.0037 4772        partmgr - ok
09:25:17.0053 4772        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
09:25:17.0100 4772        Parvdm - ok
09:25:17.0115 4772        PcaSvc          (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll
09:25:17.0131 4772        PcaSvc - ok
09:25:17.0146 4772        pci            (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
09:25:17.0178 4772        pci - ok
09:25:17.0193 4772        pciide          (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
09:25:17.0209 4772        pciide - ok
09:25:17.0256 4772        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:25:17.0271 4772        pcmcia - ok
09:25:17.0334 4772        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:25:17.0427 4772        PEAUTH - ok
09:25:17.0490 4772        pelmouse        (dcb53e6ba9df64260f821613e2b37d1d) C:\Windows\system32\DRIVERS\pelmouse.sys
09:25:17.0505 4772        pelmouse - ok
09:25:17.0521 4772        pelusblf        (2dccdeaa4f79df03824d93ce9ecc84b7) C:\Windows\system32\DRIVERS\pelusblf.sys
09:25:17.0521 4772        pelusblf - ok
09:25:17.0661 4772        pla            (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll
09:25:17.0786 4772        pla - ok
09:25:17.0926 4772        PlugPlay        (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll
09:25:18.0004 4772        PlugPlay - ok
09:25:18.0067 4772        PNRPAutoReg    (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
09:25:18.0082 4772        PNRPAutoReg - ok
09:25:18.0098 4772        PNRPsvc        (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
09:25:18.0129 4772        PNRPsvc - ok
09:25:18.0176 4772        PolicyAgent    (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll
09:25:18.0238 4772        PolicyAgent - ok
09:25:18.0301 4772        PptpMiniport    (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
09:25:18.0348 4772        PptpMiniport - ok
09:25:18.0379 4772        PROCDD          (1d80309fed4babf8ea9e7b84a394348b) C:\Windows\system32\DRIVERS\PROCDD.SYS
09:25:18.0394 4772        PROCDD - ok
09:25:18.0441 4772        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:25:18.0488 4772        Processor - ok
09:25:18.0504 4772        ProfSvc        (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll
09:25:18.0566 4772        ProfSvc - ok
09:25:18.0597 4772        ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
09:25:18.0613 4772        ProtectedStorage - ok
09:25:18.0628 4772        psadd          (aac08defb15aaab00b30341c716efa35) C:\Windows\system32\DRIVERS\psadd.sys
09:25:18.0660 4772        psadd - ok
09:25:18.0706 4772        PSched          (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
09:25:18.0738 4772        PSched - ok
09:25:18.0769 4772        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
09:25:18.0769 4772        PxHelp20 - ok
09:25:18.0862 4772        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:25:18.0925 4772        ql2300 - ok
09:25:18.0972 4772        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:25:18.0972 4772        ql40xx - ok
09:25:19.0050 4772        QWAVE          (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll
09:25:19.0081 4772        QWAVE - ok
09:25:19.0112 4772        QWAVEdrv        (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
09:25:19.0112 4772        QWAVEdrv - ok
09:25:19.0159 4772        RasAcd          (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
09:25:19.0206 4772        RasAcd - ok
09:25:19.0237 4772        RasAuto        (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll
09:25:19.0284 4772        RasAuto - ok
09:25:19.0315 4772        Rasl2tp        (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:25:19.0330 4772        Rasl2tp - ok
09:25:19.0362 4772        RasMan          (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll
09:25:19.0471 4772        RasMan - ok
09:25:19.0502 4772        RasPppoe        (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
09:25:19.0580 4772        RasPppoe - ok
09:25:19.0611 4772        rdbss          (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
09:25:19.0658 4772        rdbss - ok
09:25:19.0689 4772        RDPCDD          (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:25:19.0736 4772        RDPCDD - ok
09:25:19.0767 4772        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\DRIVERS\rdpdr.sys
09:25:19.0830 4772        rdpdr - ok
09:25:19.0845 4772        RDPENCDD        (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
09:25:19.0892 4772        RDPENCDD - ok
09:25:19.0923 4772        RDPWD          (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
09:25:19.0986 4772        RDPWD - ok
09:25:20.0017 4772        RemoteAccess    (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll
09:25:20.0064 4772        RemoteAccess - ok
09:25:20.0095 4772        RemoteRegistry  (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll
09:25:20.0142 4772        RemoteRegistry - ok
09:25:20.0220 4772        Roxio UPnP Renderer 9 (20118450ed6782bef435b37803b3e43d) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
09:25:20.0235 4772        Roxio UPnP Renderer 9 ( UnsignedFile.Multi.Generic ) - warning
09:25:20.0235 4772        Roxio UPnP Renderer 9 - detected UnsignedFile.Multi.Generic (1)
09:25:20.0266 4772        Roxio Upnp Server 9 (f6b15f87ca084944fd9471f2bd0fe3b4) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
09:25:20.0282 4772        Roxio Upnp Server 9 ( UnsignedFile.Multi.Generic ) - warning
09:25:20.0282 4772        Roxio Upnp Server 9 - detected UnsignedFile.Multi.Generic (1)
09:25:20.0391 4772        RoxMediaDB9    (eefea86e93c6740885c7e019d9050387) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
09:25:20.0485 4772        RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
09:25:20.0485 4772        RoxMediaDB9 - detected UnsignedFile.Multi.Generic (1)
09:25:20.0610 4772        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
09:25:20.0625 4772        RpcLocator - ok
09:25:20.0703 4772        RpcSs          (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
09:25:20.0734 4772        RpcSs - ok
09:25:20.0766 4772        rspndr          (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
09:25:20.0812 4772        rspndr - ok
09:25:20.0890 4772        RT73            (cb20f16afdba63707fb971e0922edec1) C:\Windows\system32\DRIVERS\Dr71WU.sys
09:25:20.0922 4772        RT73 - ok
09:25:20.0968 4772        SamSs          (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
09:25:20.0984 4772        SamSs - ok
09:25:21.0000 4772        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:25:21.0000 4772        sbp2port - ok
09:25:21.0031 4772        SCardSvr        (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll
09:25:21.0093 4772        SCardSvr - ok
09:25:21.0171 4772        Schedule        (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll
09:25:21.0202 4772        Schedule - ok
09:25:21.0234 4772        SCPolicySvc    (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
09:25:21.0280 4772        SCPolicySvc - ok
09:25:21.0312 4772        SDRSVC          (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll
09:25:21.0343 4772        SDRSVC - ok
09:25:21.0374 4772        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:25:21.0421 4772        secdrv - ok
09:25:21.0436 4772        seclogon        (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll
09:25:21.0483 4772        seclogon - ok
09:25:21.0514 4772        SENS            (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll
09:25:21.0561 4772        SENS - ok
09:25:21.0577 4772        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
09:25:21.0624 4772        Serenum - ok
09:25:21.0639 4772        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
09:25:21.0686 4772        Serial - ok
09:25:21.0733 4772        sermouse        (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
09:25:21.0748 4772        sermouse - ok
09:25:21.0764 4772        SessionEnv      (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll
09:25:21.0811 4772        SessionEnv - ok
09:25:21.0826 4772        sffdisk        (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
09:25:21.0858 4772        sffdisk - ok
09:25:21.0873 4772        sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
09:25:21.0889 4772        sffp_mmc - ok
09:25:21.0904 4772        sffp_sd        (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
09:25:21.0920 4772        sffp_sd - ok
09:25:21.0936 4772        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
09:25:21.0982 4772        sfloppy - ok
09:25:22.0014 4772        SharedAccess    (9a82bf4c90b00a63150a606a1e2fd82b) C:\Windows\System32\ipnathlp.dll
09:25:22.0045 4772        SharedAccess - ok
09:25:22.0076 4772        ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll
09:25:22.0092 4772        ShellHWDetection - ok
09:25:22.0107 4772        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:25:22.0123 4772        sisagp - ok
09:25:22.0154 4772        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:25:22.0154 4772        SiSRaid2 - ok
09:25:22.0185 4772        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:25:22.0185 4772        SiSRaid4 - ok
09:25:22.0279 4772        SkypeUpdate    (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
09:25:22.0326 4772        SkypeUpdate - ok
09:25:22.0482 4772        slsvc          (a1dcd30534835cb67733ad00175125a6) C:\Windows\system32\SLsvc.exe
09:25:22.0653 4772        slsvc - ok
09:25:22.0794 4772        SLUINotify      (56da296e7b376a727e7bdc5ac7fbee02) C:\Windows\system32\SLUINotify.dll
09:25:22.0809 4772        SLUINotify - ok
09:25:22.0856 4772        Smb            (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
09:25:22.0918 4772        Smb - ok
09:25:22.0934 4772        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
09:25:22.0950 4772        SNMPTRAP - ok
09:25:22.0950 4772        spldr          (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
09:25:22.0965 4772        spldr - ok
09:25:23.0028 4772        Spooler        (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe
09:25:23.0090 4772        Spooler - ok
09:25:23.0168 4772        SQLBrowser      (5673e79bbb62a4c35b10d821ff1b4aca) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:25:23.0230 4772        SQLBrowser - ok
09:25:23.0246 4772        SQLWriter      (9263c8898732e2b890f7e954e7729ab7) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:25:23.0246 4772        SQLWriter - ok
09:25:23.0293 4772        srv            (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
09:25:23.0371 4772        srv - ok
09:25:23.0418 4772        srv2            (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
09:25:23.0496 4772        srv2 - ok
09:25:23.0527 4772        srvnet          (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
09:25:23.0558 4772        srvnet - ok
09:25:23.0574 4772        SSDPSRV        (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll
09:25:23.0620 4772        SSDPSRV - ok
09:25:23.0683 4772        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
09:25:23.0683 4772        ssmdrv - ok
09:25:23.0730 4772        stisvc          (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll
09:25:23.0792 4772        stisvc - ok
09:25:23.0854 4772        stllssvr        (4173a9cd59f15a64f54b3242c3232731) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
09:25:23.0854 4772        stllssvr ( UnsignedFile.Multi.Generic ) - warning
09:25:23.0854 4772        stllssvr - detected UnsignedFile.Multi.Generic (1)
09:25:23.0979 4772        SUService      (b71a41cad9de92219c3891e88f822ac3) c:\program files\lenovo\system update\suservice.exe
09:25:23.0979 4772        SUService ( UnsignedFile.Multi.Generic ) - warning
09:25:23.0979 4772        SUService - detected UnsignedFile.Multi.Generic (1)
09:25:23.0995 4772        swenum          (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
09:25:24.0010 4772        swenum - ok
09:25:24.0073 4772        swprv          (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll
09:25:24.0182 4772        swprv - ok
09:25:24.0213 4772        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:25:24.0229 4772        Symc8xx - ok
09:25:24.0244 4772        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:25:24.0244 4772        Sym_hi - ok
09:25:24.0291 4772        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:25:24.0291 4772        Sym_u3 - ok
09:25:24.0354 4772        SysMain        (8f2b5fede18bd3c4c926cbf88e6f1264) C:\Windows\system32\sysmain.dll
09:25:24.0416 4772        SysMain - ok
09:25:24.0432 4772        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
09:25:24.0463 4772        TabletInputService - ok
09:25:24.0494 4772        TapiSrv        (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll
09:25:24.0541 4772        TapiSrv - ok
09:25:24.0556 4772        TBS            (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll
09:25:24.0619 4772        TBS - ok
09:25:24.0681 4772        Tcpip          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
09:25:24.0775 4772        Tcpip - ok
09:25:24.0790 4772        Tcpip6          (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
09:25:24.0822 4772        Tcpip6 - ok
09:25:24.0853 4772        tcpipreg        (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
09:25:24.0900 4772        tcpipreg - ok
09:25:24.0915 4772        TDPIPE          (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
09:25:24.0962 4772        TDPIPE - ok
09:25:24.0978 4772        TDTCP          (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
09:25:25.0024 4772        TDTCP - ok
09:25:25.0040 4772        tdx            (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
09:25:25.0087 4772        tdx - ok
09:25:25.0102 4772        TermDD          (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
09:25:25.0118 4772        TermDD - ok
09:25:25.0196 4772        TermService    (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll
09:25:25.0258 4772        TermService - ok
09:25:25.0305 4772        Themes          (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll
09:25:25.0321 4772        Themes - ok
09:25:25.0430 4772        ThinkVantage Registry Monitor Service (64cfbe1a6a66a5062c26d0b178a42c91) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
09:25:25.0492 4772        ThinkVantage Registry Monitor Service - ok
09:25:25.0508 4772        THREADORDER    (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
09:25:25.0555 4772        THREADORDER - ok
09:25:25.0617 4772        TPM            (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
09:25:25.0633 4772        TPM - ok
09:25:25.0680 4772        TrkWks          (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll
09:25:25.0726 4772        TrkWks - ok
09:25:25.0758 4772        TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe
09:25:25.0789 4772        TrustedInstaller - ok
09:25:25.0914 4772        TSSCoreService  (865760e60f51d2a33e51ae9ba1806ff8) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
09:25:25.0945 4772        TSSCoreService - ok
09:25:25.0992 4772        tssecsrv        (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:25:26.0038 4772        tssecsrv - ok
09:25:26.0101 4772        tunmp          (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
09:25:26.0101 4772        tunmp - ok
09:25:26.0132 4772        tunnel          (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
09:25:26.0163 4772        tunnel - ok
09:25:26.0226 4772        TVT Backup Protection Service (40489f1cd98ac221c97b4e1d269c3331) C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
09:25:26.0257 4772        TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
09:25:26.0257 4772        TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)
09:25:26.0304 4772        TVT Backup Service (06519c96036f937b829d4e3eaf8f7596) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
09:25:26.0350 4772        TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
09:25:26.0350 4772        TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
09:25:26.0506 4772        TVT Scheduler  (e9ea448f1174be4052416b62263ea4ee) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
09:25:26.0616 4772        TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
09:25:26.0616 4772        TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
09:25:26.0787 4772        tvtfilter      (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
09:25:26.0803 4772        tvtfilter ( UnsignedFile.Multi.Generic ) - warning
09:25:26.0803 4772        tvtfilter - detected UnsignedFile.Multi.Generic (1)
09:25:26.0818 4772        TVTI2C          (8ab24d4b7da715c2c80455137910e792) C:\Windows\system32\DRIVERS\Tvti2c.sys
09:25:26.0850 4772        TVTI2C - ok
09:25:26.0943 4772        tvtnetwk        (2e72c66682e9274c97ae3f5a57c2fa33) C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
09:25:26.0959 4772        tvtnetwk ( UnsignedFile.Multi.Generic ) - warning
09:25:26.0959 4772        tvtnetwk - detected UnsignedFile.Multi.Generic (1)
09:25:26.0974 4772        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:25:26.0990 4772        uagp35 - ok
09:25:27.0037 4772        udfs            (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
09:25:27.0099 4772        udfs - ok
09:25:27.0130 4772        UI0Detect      (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe
09:25:27.0146 4772        UI0Detect - ok
09:25:27.0162 4772        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:25:27.0162 4772        uliagpkx - ok
09:25:27.0193 4772        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:25:27.0255 4772        uliahci - ok
09:25:27.0271 4772        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:25:27.0333 4772        UlSata - ok
09:25:27.0380 4772        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:25:27.0442 4772        ulsata2 - ok
09:25:27.0458 4772        umbus          (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
09:25:27.0489 4772        umbus - ok
09:25:27.0520 4772        UmRdpService    (cfbb746c889b9223d2ac268cf283a93e) C:\Windows\System32\umrdp.dll
09:25:27.0598 4772        UmRdpService - ok
09:25:27.0692 4772        UMVPFSrv        (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
09:25:27.0754 4772        UMVPFSrv - ok
09:25:27.0770 4772        upnphost        (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll
09:25:27.0864 4772        upnphost - ok
09:25:27.0895 4772        usbaudio        (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
09:25:27.0957 4772        usbaudio - ok
09:25:28.0004 4772        usbccgp        (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
09:25:28.0020 4772        usbccgp - ok
09:25:28.0051 4772        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:25:28.0082 4772        usbcir - ok
09:25:28.0144 4772        usbehci        (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
09:25:28.0160 4772        usbehci - ok
09:25:28.0191 4772        usbhub          (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
09:25:28.0222 4772        usbhub - ok
09:25:28.0238 4772        usbohci        (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys
09:25:28.0254 4772        usbohci - ok
09:25:28.0269 4772        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
09:25:28.0316 4772        usbprint - ok
09:25:28.0363 4772        usbscan        (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
09:25:28.0425 4772        usbscan - ok
09:25:28.0441 4772        USBSTOR        (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:25:28.0472 4772        USBSTOR - ok
09:25:28.0488 4772        usbuhci        (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
09:25:28.0534 4772        usbuhci - ok
09:25:28.0566 4772        usbvideo        (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
09:25:28.0659 4772        usbvideo - ok
09:25:28.0706 4772        UxSms          (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll
09:25:28.0768 4772        UxSms - ok
09:25:28.0815 4772        vds            (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe
09:25:28.0862 4772        vds - ok
09:25:28.0893 4772        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:25:28.0924 4772        vga - ok
09:25:28.0956 4772        VgaSave        (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
09:25:29.0034 4772        VgaSave - ok
09:25:29.0049 4772        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:25:29.0065 4772        viaagp - ok
09:25:29.0080 4772        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:25:29.0112 4772        ViaC7 - ok
09:25:29.0143 4772        viaide          (99f3e24f50b4e9282ca5edc684d012ed) C:\Windows\system32\drivers\viaide.sys
09:25:29.0158 4772        viaide - ok
09:25:29.0236 4772        volmgr          (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
09:25:29.0236 4772        volmgr - ok
09:25:29.0268 4772        volmgrx        (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
09:25:29.0330 4772        volmgrx - ok
09:25:29.0346 4772        volsnap        (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
09:25:29.0346 4772        volsnap - ok
09:25:29.0377 4772        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:25:29.0377 4772        vsmraid - ok
09:25:29.0439 4772        VSS            (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe
09:25:29.0564 4772        VSS - ok
09:25:29.0626 4772        W32Time        (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll
09:25:29.0673 4772        W32Time - ok
09:25:29.0704 4772        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:25:29.0751 4772        WacomPen - ok
09:25:29.0798 4772        Wanarp          (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
09:25:29.0814 4772        Wanarp - ok
09:25:29.0829 4772        Wanarpv6        (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
09:25:29.0845 4772        Wanarpv6 - ok
09:25:29.0892 4772        wbengine        (6d2f099d4ce88777e46cb1808c87b132) C:\Windows\system32\wbengine.exe
09:25:29.0954 4772        wbengine - ok
09:25:29.0985 4772        wcncsvc        (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll
09:25:30.0016 4772        wcncsvc - ok
09:25:30.0079 4772        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
09:25:30.0110 4772        WcsPlugInService - ok
09:25:30.0126 4772        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
09:25:30.0141 4772        Wd - ok
09:25:30.0188 4772        Wdf01000        (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
09:25:30.0219 4772        Wdf01000 - ok
09:25:30.0235 4772        WdiServiceHost  (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
09:25:30.0297 4772        WdiServiceHost - ok
09:25:30.0297 4772        WdiSystemHost  (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
09:25:30.0313 4772        WdiSystemHost - ok
09:25:30.0375 4772        WebClient      (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll
09:25:30.0422 4772        WebClient - ok
09:25:30.0438 4772        Wecsvc          (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll
09:25:30.0531 4772        Wecsvc - ok
09:25:30.0547 4772        wercplsupport  (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll
09:25:30.0594 4772        wercplsupport - ok
09:25:30.0609 4772        WerSvc          (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll
09:25:30.0687 4772        WerSvc - ok
09:25:30.0718 4772        WimFltr        (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
09:25:30.0734 4772        WimFltr - ok
09:25:30.0796 4772        WinDefend      (0d5ad0e71ff5ddac5dd2f443b499abd0) C:\Program Files\Windows Defender\mpsvc.dll
09:25:30.0859 4772        WinDefend - ok
09:25:30.0859 4772        WinHttpAutoProxySvc - ok
09:25:30.0921 4772        Winmgmt        (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll
09:25:30.0999 4772        Winmgmt - ok
09:25:31.0046 4772        WinRM          (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll
09:25:31.0124 4772        WinRM - ok
09:25:31.0186 4772        Wlansvc        (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll
09:25:31.0249 4772        Wlansvc - ok
09:25:31.0296 4772        WmiAcpi        (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
09:25:31.0327 4772        WmiAcpi - ok
09:25:31.0374 4772        wmiApSrv        (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe
09:25:31.0405 4772        wmiApSrv - ok
09:25:31.0483 4772        WMPNetworkSvc  (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe
09:25:31.0561 4772        WMPNetworkSvc - ok
09:25:31.0623 4772        WPDBusEnum      (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll
09:25:31.0654 4772        WPDBusEnum - ok
09:25:31.0654 4772        ws2ifsl        (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
09:25:31.0701 4772        ws2ifsl - ok
09:25:31.0732 4772        wscsvc          (f97cbb919af6d0a6643d1a59c15014d1) C:\Windows\System32\wscsvc.dll
09:25:31.0764 4772        wscsvc - ok
09:25:31.0764 4772        WSearch - ok
09:25:31.0904 4772        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
09:25:32.0013 4772        wuauserv - ok
09:25:32.0185 4772        WUDFRd          (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:25:32.0247 4772        WUDFRd - ok
09:25:32.0278 4772        wudfsvc        (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll
09:25:32.0310 4772        wudfsvc - ok
09:25:32.0372 4772        yukonwlh        (f081ed0b8bd09d7f50ac9a30bbbb06bc) C:\Windows\system32\DRIVERS\yk60x86.sys
09:25:32.0419 4772        yukonwlh - ok
09:25:32.0450 4772        MBR (0x1B8)    (3b667250a48f984e17c5268a6e8a64ab) \Device\Harddisk0\DR0
09:25:32.0762 4772        \Device\Harddisk0\DR0 - ok
09:25:32.0762 4772        Boot (0x1200)  (523e69f6f9c97f2b50b27d94e2c65aa4) \Device\Harddisk0\DR0\Partition0
09:25:32.0762 4772        \Device\Harddisk0\DR0\Partition0 - ok
09:25:32.0762 4772        ============================================================
09:25:32.0762 4772        Scan finished
09:25:32.0762 4772        ============================================================
09:25:32.0793 4784        Detected object count: 15
09:25:32.0793 4784        Actual detected object count: 15
10:04:50.0079 4784        atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0079 4784        atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:50.0095 4784        Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0095 4784        Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:50.0095 4784        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0095 4784        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:50.0095 4784        ldiskl ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0095 4784        ldiskl ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:50.0095 4784        lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0095 4784        lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:50.0110 4784        Roxio UPnP Renderer 9 ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0110 4784        Roxio UPnP Renderer 9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:50.0110 4784        Roxio Upnp Server 9 ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0110 4784        Roxio Upnp Server 9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:50.0110 4784        RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0110 4784        RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:50.0110 4784        stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0110 4784        stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:50.0110 4784        SUService ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0110 4784        SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:50.0126 4784        TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0126 4784        TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:50.0126 4784        TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0126 4784        TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:50.0126 4784        TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0126 4784        TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:50.0126 4784        tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0126 4784        tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:04:50.0141 4784        tvtnetwk ( UnsignedFile.Multi.Generic ) - skipped by user
10:04:50.0141 4784        tvtnetwk ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 17.06.2012 20:37
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

JeS 18.06.2012 17:12
Code:
ComboFix 12-06-16.02 - Jessica 18.06.2012  17:35:12.1.2 - x86
Microsoft® Windows Vista™ Business  6.0.6000.0.1252.49.1031.18.895.436 [GMT 2:00]
ausgeführt von:: c:\users\Jessica\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\a
c:\windows\IsUn0407.exe
c:\windows\system32\ur.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-18 bis 2012-06-18  ))))))))))))))))))))))))))))))
.
.
2012-06-18 15:46 . 2012-06-18 15:51        --------        d-----w-        c:\users\Jessica\AppData\Local\temp
2012-06-18 15:46 . 2012-06-18 15:46        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-13 20:54 . 2012-06-13 20:54        --------        d-----w-        c:\program files\ESET
2012-06-12 14:05 . 2012-06-12 14:06        --------        d-----w-        c:\users\Jessica\AppData\Roaming\Malwarebytes
2012-06-12 14:05 . 2012-06-12 14:05        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-06-12 14:05 . 2012-06-12 14:05        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-12 14:05 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-12 13:51 . 2012-06-12 13:51        --------        d-----w-        c:\users\Jessica\AppData\Roaming\TuneUp Software
2012-06-12 13:51 . 2012-06-12 13:52        --------        d-----w-        c:\program files\TuneUp Utilities 2012
2012-06-12 13:46 . 2012-06-12 13:51        --------        d-----w-        c:\programdata\TuneUp Software
2012-06-12 13:45 . 2012-06-12 13:45        --------        d-sh--w-        c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-06-12 13:45 . 2012-06-12 13:45        --------        d--h--w-        c:\programdata\Common Files
2012-06-12 07:36 . 2012-05-08 16:40        6737808        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{969639E6-C8BA-4AE7-83AC-2860BC587555}\mpengine.dll
2012-06-09 21:17 . 2012-06-09 21:17        --------        d-----w-        c:\users\Jessica\AppData\Local\Macromedia
2012-06-06 15:44 . 2012-06-06 15:44        421200        ----a-w-        c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-06 15:44 . 2012-06-06 15:44        770384        ----a-w-        c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-05 14:02 . 2012-06-05 14:01        476960        ----a-w-        c:\windows\system32\npdeployJava1.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 19:54 . 2012-04-03 19:53        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-06-09 19:54 . 2011-09-02 13:14        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 14:01 . 2010-11-04 12:59        472864        ----a-w-        c:\windows\system32\deployJava1.dll
2012-05-08 19:38 . 2011-12-08 07:56        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-08 19:38 . 2009-07-03 13:36        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-06-16 15:31 . 2011-05-13 15:16        85472        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-10 1232896]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-22 4702208]
"Mouse Suite 98 Daemon"="ICO.EXE" [2007-02-11 77824]
"LenovoOobeOffers"="c:\swtools\LenovoWelcome\LenovoOobeOffers.exe" [2007-09-25 28672]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-15 217176]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Sparbuch heute.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Sparbuch heute.lnk
backup=c:\windows\pss\WISO Mein Sparbuch heute.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jessica^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07        843712        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41        37296        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobMapUpdater]
2010-01-18 13:36        1771136        ------w-        c:\program files\MobMapUpdater\MobMapUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-04-10 12:05        1006264        ------w-        c:\program files\Windows Defender\MSASCui.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 257224]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork        REG_MULTI_SZ          PLA DPS BFE mpssvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:54]
.
2012-06-18 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.kaninchenschutzforum.de/
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\cct9xnkl.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-06-18 17:51
Windows 6.0.6000  NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3848)
c:\windows\System32\pelscrll.dll
c:\windows\System32\PELCOMM.dll
c:\windows\System32\PELHOOKS.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\ico.exe
c:\windows\System32\Pelmiced.exe
c:\program files\ThinkVantage\PrdCtr\LPMGR.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\consent.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-18  18:01:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-18 16:01
.
Vor Suchlauf: 15 Verzeichnis(se), 114.835.361.792 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 116.812.836.864 Bytes frei
.
- - End Of File - - 3A094478A68CD3FA25A3C570368D3A2B

cosinus 18.06.2012 21:03
Code:
Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Wieso hat dein Vista eigentlich noch kein einziges Updates gesehen? Hast du die automatischen Updates deaktiviert? :pfui:
Dieses System ist so "aktuell" wie ein Vista, dass gerade rausgekommen ist, also so Anfang 2007!

JeS 18.06.2012 21:23
Ich weiß es ehrlich gesagt nicht, denke, das hatte ich lange deaktiviert. :(

Ich hab zwischendrin schon mal Meldungen bekommen, dass es irgendwelche Updates gäbe und die installiert. Aber erst vor kurzem gab es die Meldung, dass ich das Servicepack 1 installieren soll und da wurde ich stutzig. Hab beim googlen festgestellt, dass es mittlerweile schon 3 gibt und nun wohl gar keine mehr für Vista, wenn ich das richtig verstanden habe.

Hab jetzt erstmal den Trojaner in Angriff genommen, weil ich nicht weiß, ob ein Update bei Infizierung gut ist.

Soll ich das Service Pack jetzt installieren oder erst noch abwarten?


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:39 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129