Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF) (https://www.trojaner-board.de/117984-14-funde-antivir-erscheinen-java-logos-exp-2008-5353-ar-exp-cve-2011-3544-cf.html)

Rumpel2 25.06.2012 23:30
14 Funde bei AntiVir nach erscheinen des JAVA Logos (EXP/2008-5353.AR,EXP/CVE-2011-3544.CF)
 
Hallo liebes Trojaner-Board Team!

Ich habe vor etwa 2 Wochen beim Surfen bemerkt, dass das kleine Java Symbol unten rechts in der Symbolleiste neben der Uhrzeit eingeblendet war. Ich war mir aber nicht bewusst, das ich irgendwas mit Java geöffnet habe. Vorsichtshalber habe ich einen Scan mit Avira Free Antivirus gemacht. Dieser hat als einzigen "Fund" im Log folgendes Ergebnis ausgespuckt:

Code:

Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
  [HINWEIS]  Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Ansonsten nur ein paar Warnungen. Aber keine Funde. Daraufhin habe ich versucht, mich mit dem Avira Service in Verbindung zu setzen, der aber leider nur Premium Kunden betreut. Ich habe auf der Avira Homepage dann folgende Seiten gefunden:
hxxp://www.avira.com/de/support-for-home-knowledgebase-detail/kbid/1221
hxxp://www.avira.com/de/support-for-home-knowledgebase-detail/kbid/267
und die Avira Rescue CD wie auf der zweiten Seite beschrieben angewendet (vom USB Stick aus). Das hat gar nichts gebracht, es wurde nichts gefunden oder getan.

Daraufhin nochmal den Scan mit Antivir: Gleiches Problem.

Dann hab ich das ganze ein wenig schlüren lassen, weil ich wenig Zeit hatte.

Eine Veränderung ist mir aufgefallen: Ich musste meine Logitech Wireless Maus neu mit dem Empfänger verbinden. Das hatte ich davor noch nie. Und danach auch nicht wieder.

Heute haben sich die Ergebnisse dann etwas überschlagen. Heute morgen wollte Firfox, dass ich das Plugin "Java Console 6.0.33" installiere. Ich habe das bereits seit langem drauf, allerdings deaktiviert. Dem habe ich dann nicht so ganz getraut und heute morgen nochmal einen Scan gemacht mit Antivir und hatte das gleiche Ergebnis wieder. Allerdings meinte er, er hat was reparieren müssen, was aber nicht im Log auftaucht. Daraufhin hat er automatisch den Laptop heruntergefahren und neu gestartet und wie angekündigt einen weiteren Scan versucht durchzuführen. Beim Hochfahren kam das Windows Konfigurationsfenster. Das hat mich gewundert. Als er den Scan starten wollte, hat sich Avira aufgehängt. Ich habe dann den Laptop ein weiteres Mal neu gestartet. Konnte dann manuell den Scan starten. Diesmal drei Funde, und folgende Hinweise:

Code:
Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0011\Linkage\UpperBind
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{DEA2D59A-5A61-466E-9B61-4FBBA362A5D6}\Connection\Name
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Bind
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Route
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Export
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
Versteckter Treiber
  [HINWEIS]  Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Achja, und hier der Text der Funde:

Code:
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\4d6fa51a-3c0feba3
  [0] Archivtyp: ZIP
  --> ruea/ruea.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-0507.CB.2
  --> ruea/rueb.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.BO
  --> ruea/ruec.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2008-5353.AR
Diese habe ich dann in Quarantäne gepackt. Daraufhin hab ich mich auf eurer Seite und im Netz umgeschaut und nichts wirkliches zu diesem Problem gefunden. Dann kommt eine selten dämliche Aktion. Ich wusste nicht, ob ihr die im original braucht und habe sie deswegen aus der Quarantäne wiederhergestellt. Passiert mir auch nicht wieder, versprochen.

Als ich dann einige Zeit später nach dem Lesen in Erfahrung gebracht habe, dass die ruhig in Quarantäne sein können, habe ich erneut einen Suchlauf gemacht, da ich mich mit dem Wissen um Schadsoftware auf dem System nicht wohl gefühlt habe. Dieser Scan hat deutlich mehr hervorgeschleudert:

Avira Free Antivirus Log:

Code:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 25. Juni 2012  21:09

Es wird nach 3869434 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 000014****-ADJIE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : ****

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE    : 12.3.0.15    466896 Bytes  08.05.2012 21:10:25
AVSCAN.DLL    : 12.3.0.15      66256 Bytes  08.05.2012 21:10:25
LUKE.DLL      : 12.3.0.15      68304 Bytes  08.05.2012 21:10:25
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 21:10:25
AVREG.DLL      : 12.3.0.17    232200 Bytes  11.05.2012 06:34:33
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 19:18:34
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 10:07:39
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 17:27:21
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 22:07:36
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 15:48:09
VBASE005.VDF  : 7.11.29.136  2166272 Bytes  10.05.2012 06:34:25
VBASE006.VDF  : 7.11.29.137    2048 Bytes  10.05.2012 06:34:25
VBASE007.VDF  : 7.11.29.138    2048 Bytes  10.05.2012 06:34:25
VBASE008.VDF  : 7.11.29.139    2048 Bytes  10.05.2012 06:34:25
VBASE009.VDF  : 7.11.29.140    2048 Bytes  10.05.2012 06:34:25
VBASE010.VDF  : 7.11.29.141    2048 Bytes  10.05.2012 06:34:25
VBASE011.VDF  : 7.11.29.142    2048 Bytes  10.05.2012 06:34:25
VBASE012.VDF  : 7.11.29.143    2048 Bytes  10.05.2012 06:34:25
VBASE013.VDF  : 7.11.29.144    2048 Bytes  10.05.2012 06:34:25
VBASE014.VDF  : 7.11.30.3    198144 Bytes  14.05.2012 15:55:30
VBASE015.VDF  : 7.11.30.69    186368 Bytes  17.05.2012 19:57:14
VBASE016.VDF  : 7.11.30.143  223744 Bytes  21.05.2012 05:50:20
VBASE017.VDF  : 7.11.30.207  287744 Bytes  23.05.2012 05:48:30
VBASE018.VDF  : 7.11.31.57    188416 Bytes  28.05.2012 17:55:42
VBASE019.VDF  : 7.11.31.111  214528 Bytes  30.05.2012 18:48:45
VBASE020.VDF  : 7.11.31.151  116736 Bytes  31.05.2012 18:48:49
VBASE021.VDF  : 7.11.31.205  134144 Bytes  03.06.2012 13:43:30
VBASE022.VDF  : 7.11.32.9    169472 Bytes  05.06.2012 16:45:45
VBASE023.VDF  : 7.11.32.85    155648 Bytes  08.06.2012 12:13:07
VBASE024.VDF  : 7.11.32.133  127488 Bytes  11.06.2012 17:23:48
VBASE025.VDF  : 7.11.32.171  182784 Bytes  12.06.2012 17:23:44
VBASE026.VDF  : 7.11.32.251  119296 Bytes  14.06.2012 21:07:00
VBASE027.VDF  : 7.11.33.83    159232 Bytes  18.06.2012 09:28:38
VBASE028.VDF  : 7.11.33.195  200192 Bytes  22.06.2012 14:32:14
VBASE029.VDF  : 7.11.33.196    2048 Bytes  22.06.2012 14:32:14
VBASE030.VDF  : 7.11.33.197    2048 Bytes  22.06.2012 14:32:26
VBASE031.VDF  : 7.11.33.252  105472 Bytes  25.06.2012 17:08:13
Engineversion  : 8.2.10.96
AEVDF.DLL      : 8.1.2.8      106867 Bytes  01.06.2012 18:46:23
AESCRIPT.DLL  : 8.1.4.28      455035 Bytes  21.06.2012 14:24:44
AESCN.DLL      : 8.1.8.2      131444 Bytes  27.01.2012 16:21:54
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 17:28:28
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 22:16:06
AEPACK.DLL    : 8.2.16.22    807288 Bytes  21.06.2012 14:24:43
AEOFFICE.DLL  : 8.1.2.38      201083 Bytes  21.06.2012 14:24:42
AEHEUR.DLL    : 8.1.4.52    4923767 Bytes  21.06.2012 14:24:42
AEHELP.DLL    : 8.1.21.0      254326 Bytes  11.05.2012 06:34:26
AEGEN.DLL      : 8.1.5.30      422261 Bytes  14.06.2012 17:25:17
AEEXP.DLL      : 8.1.0.54      82293 Bytes  21.06.2012 14:24:48
AEEMU.DLL      : 8.1.3.0      393589 Bytes  01.09.2011 22:46:01
AECORE.DLL    : 8.1.25.10    201080 Bytes  31.05.2012 18:48:54
AEBB.DLL      : 8.1.1.0        53618 Bytes  01.09.2011 22:46:01
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 21:10:24
AVPREF.DLL    : 12.3.0.15      51920 Bytes  08.05.2012 21:10:25
AVREP.DLL      : 12.3.0.15    179208 Bytes  08.05.2012 21:10:25
AVARKT.DLL    : 12.3.0.15    211408 Bytes  08.05.2012 21:10:25
AVEVTLOG.DLL  : 12.3.0.15    169168 Bytes  08.05.2012 21:10:25
SQLITE3.DLL    : 3.7.0.1      398288 Bytes  08.05.2012 21:10:25
AVSMTP.DLL    : 12.3.0.15      63440 Bytes  08.05.2012 21:10:25
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 21:10:25
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 21:10:25
RCTEXT.DLL    : 12.3.0.15      98512 Bytes  08.05.2012 21:10:25

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Montag, 25. Juni 2012  21:09

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library
Versteckter Treiber

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'daemonu.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'hasplms.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '58' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files (x86)\SecureW2\Uninstall.exe
  [WARNUNG]  Unerwartetes Dateiende erreicht
Die Registry wurde durchsucht ( '2484' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Program Files\MATLAB\R2011b\bin\win64\ziparchiver.dll
  [WARNUNG]  Der Archivheader ist defekt
C:\Program Files (x86)\Free PDF to Word Doc Converter\Emerald.ssk
  [WARNUNG]  Der Archivheader ist defekt
C:\Program Files (x86)\SecureW2\Uninstall.exe
  [WARNUNG]  Unerwartetes Dateiende erreicht
C:\Users\***\AppData\Local\Temp\tmp2AA1.tmp
  [WARNUNG]  Unerwartetes Dateiende erreicht
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\4d6fa51a-3c0feba3
  [0] Archivtyp: ZIP
  --> ruea/ruea.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-0507.CB.2
  --> ruea/rueb.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507.BO
  --> ruea/ruec.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2008-5353.AR
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\525b53e8-4b4934de
  [0] Archivtyp: ZIP
  --> ER.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.CM
  --> Inc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> c.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> a.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.HE
  --> t.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4dbc8f9-5fc387c4
  [0] Archivtyp: ZIP
  --> ER.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.CM
  --> Inc.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
  --> c.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CB
  --> b.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/Java.Ternub.6335
  --> a.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2011-3544.CU.2
  --> t.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
C:\Users\***\Downloads\RSTAB7-DE\RSTAB_DE\Author\HASP\HASP_Treiber_Windows\hdd32.zip
  [WARNUNG]  Die Datei ist kennwortgeschützt
Beginne mit der Suche in 'D:\'
D:\Bilder\Fotos\sortieren\altes\USB temp\Neuer Ordner\Julchen\Musik.zip
  [WARNUNG]  Die Datei ist kennwortgeschützt

Beginne mit der Desinfektion:
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4dbc8f9-5fc387c4
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56837ed1.qua' verschoben!
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\525b53e8-4b4934de
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CF
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4e435144.qua' verschoben!
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\4d6fa51a-3c0feba3
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2008-5353.AR
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1c1f0b9e.qua' verschoben!


Ende des Suchlaufs: Montag, 25. Juni 2012  22:55
Benötigte Zeit:  1:32:42 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  37796 Verzeichnisse wurden überprüft
 955259 Dateien wurden geprüft
    14 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      3 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 955245 Dateien ohne Befall
  7807 Archive wurden durchsucht
      7 Warnungen
      3 Hinweise
 729734 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden
Außerdem sieht in diesem Log die Nachricht auf meinen ursprünglich versteckten Treiber auch anders aus.

Anschließend habe ich die Schritte eurer Checkliste durchgeführt.

1. Regeln lesen und befolgen: gemacht
2.1 Defogger: gemacht
2.2 OTL: gemacht

OTL.txt Log:

Code:
OTL logfile created on: 25.06.2012 23:24:41 - Run 1
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,62% Memory free
8,00 Gb Paging File | 6,78 Gb Available in Paging File | 84,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 81,94 Gb Free Space | 55,94% Space Free | Partition Type: NTFS
Drive D: | 319,18 Gb Total Space | 270,48 Gb Free Space | 84,74% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2012.06.25 23:00:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.05.08 23:10:25 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 23:10:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 23:10:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.04.21 12:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2012.05.08 23:10:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 23:10:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.30 18:20:20 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 23:10:25 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 23:10:25 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.22 19:41:02 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.09 18:00:05 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011.09.09 17:59:19 | 000,106,408 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2011.09.08 08:23:30 | 000,057,088 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.09.17 21:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.08.26 07:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.25 18:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.25 17:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.25 17:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.24 15:03:24 | 000,048,128 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotoncir.sys -- (nuvotoncir)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009.03.13 11:55:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2009.03.13 11:55:38 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2009.01.08 11:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.04.27 08:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2007.03.28 08:50:18 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winbondcir.sys -- (winbondcir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FC 18 D0 B6 E6 4B CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.30 18:20:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.23 11:56:25 | 000,000,000 | ---D | M]
 
[2011.11.09 21:40:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.06.14 15:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions
[2012.06.14 15:38:54 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012.05.18 10:54:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions\ich@maltegoetz.de
[2011.11.11 16:40:32 | 000,001,689 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epj6lbtx.default\searchplugins\moviemaze-suche.xml
[2011.11.17 19:18:15 | 000,002,057 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epj6lbtx.default\searchplugins\youtube-videosuche.xml
[2012.06.23 11:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.23 11:56:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011.11.15 21:33:54 | 007,704,298 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}.XPI
[2012.01.08 15:01:08 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.15 21:33:54 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.06.08 12:53:22 | 000,057,439 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\TABSCOPE@XULDEV.ORG.XPI
[2012.04.30 18:20:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.13 09:48:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 09:48:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.13 09:48:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 09:48:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 09:48:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 09:48:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0ED86950-1512-4D79-83CB-751C7CBB0338}: NameServer = 193.194.148.20 193.194.149.101
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.25 23:00:07 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.06.24 15:18:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2012.06.23 11:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.06.19 17:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.06.19 17:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012.06.19 17:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2012.06.15 07:32:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.06.12 08:37:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aladdin Shared
[2012.06.12 08:37:55 | 002,869,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\hasplms.exe
[2012.06.12 08:36:57 | 000,318,464 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\hardlock.sys
[2012.06.12 08:36:57 | 000,071,168 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\aksusb3.dll
[2012.06.12 08:36:57 | 000,071,040 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksdf.sys
[2012.06.12 08:36:57 | 000,053,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\akshasp.sys
[2012.06.12 08:36:57 | 000,033,792 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\akshhl27.dll
[2012.06.12 08:36:57 | 000,025,344 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksusb.sys
[2012.06.12 08:36:57 | 000,014,848 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksclass.sys
[2012.06.12 08:36:57 | 000,011,776 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\akshsp51.dll
[2012.06.12 08:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dlubal
[2012.06.12 08:35:37 | 000,205,608 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\SysWow64\THREED32.OCX
[2012.06.12 08:35:00 | 000,308,008 | ---- | C] (SommyTech®) -- C:\Windows\SysWow64\BlnDialog.ocx
[2012.06.12 08:35:00 | 000,303,104 | ---- | C] (Ing.-Software DLUBAL GmbH) -- C:\Windows\SysWow64\DL_Bmpbtn.ocx
[2012.06.12 08:35:00 | 000,149,288 | ---- | C] (Desaware) -- C:\Windows\SysWow64\ANIBTN32.OCX
[2012.06.12 08:35:00 | 000,093,888 | ---- | C] (Ing.-Software DLUBAL) -- C:\Windows\SysWow64\DL_HtmlButton.ocx
[2012.06.12 08:35:00 | 000,085,696 | ---- | C] (Ing.-Software DLUBAL) -- C:\Windows\SysWow64\DL_HtmlStatic.ocx
[2012.06.12 08:35:00 | 000,077,504 | ---- | C] (Ing.-Software DLUBAL GmbH) -- C:\Windows\SysWow64\DL_Caption.ocx
[2012.06.12 08:35:00 | 000,036,544 | ---- | C] (Dlubal) -- C:\Windows\SysWow64\DL_Static.ocx
[2012.06.12 08:34:29 | 000,274,432 | ---- | C] (Ing. Dlubal s.r.o.) -- C:\Windows\SysWow64\ThmShellEx.dll
[2012.06.12 08:34:29 | 000,111,104 | ---- | C] (ing. Dlubal s.r.o.) -- C:\Windows\SysWow64\PropShellEx.dll
[2012.06.12 08:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Dlubal
[2012.06.12 08:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dlubal
[2012.06.12 08:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Dlubal
[2012.06.06 07:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.06.06 07:13:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.06.06 07:13:41 | 000,094,208 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.06.06 07:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.06.03 16:09:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Silberhochzeit Dörte und Wilfried, 02.06.2012, Drentwede
[2012.06.02 16:56:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\sd temp 02.06.22012
[2012.06.01 19:23:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kopenhagen, Schweden, Nuttlar, Nijmegen, Elphi
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.25 23:00:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.06.25 22:59:42 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.25 21:17:00 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.25 21:17:00 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.25 21:14:14 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.25 21:14:14 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.25 21:14:14 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.25 21:14:14 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.25 21:14:14 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.25 21:07:25 | 000,000,554 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job
[2012.06.25 21:05:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.25 21:05:52 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.25 11:32:03 | 000,118,784 | ---- | M] () -- C:\Users\***\Desktop\Hausübung Teil 2.rs7
[2012.06.19 19:17:25 | 000,017,408 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2012.06.19 07:50:05 | 000,418,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 20:23:56 | 002,788,117 | ---- | M] () -- C:\Users\***\Desktop\mutti_plakate_0512_groß.jpg
[2012.06.06 15:52:48 | 000,226,602 | ---- | M] () -- C:\Users\***\Desktop\Screenshot Trikot 52,80 €.jpg
[2012.06.06 12:22:59 | 000,246,998 | ---- | M] () -- C:\Users\***\Desktop\Screenshot Trikot.jpg
[2012.06.06 07:13:45 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.05.29 19:38:26 | 000,766,270 | ---- | M] () -- C:\Users\***\Desktop\Foto436.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.25 22:59:42 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.12 20:39:45 | 000,118,784 | ---- | C] () -- C:\Users\***\Desktop\Hausübung Teil 2.rs7
[2012.06.12 20:23:46 | 002,788,117 | ---- | C] () -- C:\Users\***\Desktop\mutti_plakate_0512_groß.jpg
[2012.06.12 08:34:27 | 000,000,819 | ---- | C] () -- C:\Windows\SysWow64\_nethasp.ini
[2012.06.06 15:52:48 | 000,226,602 | ---- | C] () -- C:\Users\***\Desktop\Screenshot Trikot 52,80 €.jpg
[2012.06.06 12:22:59 | 000,246,998 | ---- | C] () -- C:\Users\***\Desktop\Screenshot Trikot.jpg
[2012.06.06 07:13:45 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.05.29 22:29:27 | 000,766,270 | ---- | C] () -- C:\Users\***\Desktop\Foto436.jpg
[2011.12.05 20:13:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.12.05 20:05:11 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2011.11.15 20:37:31 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2011.11.09 21:34:45 | 000,000,054 | ---- | C] () -- C:\Users\***\pc-client.properties
 
========== LOP Check ==========
 
[2012.01.21 16:44:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2012.01.21 16:30:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2011.11.28 09:54:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cadwork
[2011.11.15 20:31:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.01.28 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.04.12 19:10:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.03.03 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAP&GUIDE
[2012.06.25 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2012.05.02 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2011.12.17 02:25:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MOBILedit
[2012.06.06 07:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2011.12.13 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.06.25 21:07:25 | 000,000,554 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
[2012.01.13 09:42:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Und hier die Extra.txt Log:

Code:
OTL Extras logfile created on: 25.06.2012 23:24:41 - Run 1
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,62% Memory free
8,00 Gb Paging File | 6,78 Gb Available in Paging File | 84,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 81,94 Gb Free Space | 55,94% Space Free | Partition Type: NTFS
Drive D: | 319,18 Gb Total Space | 270,48 Gb Free Space | 84,74% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B23B623-A6B9-4EB5-AC4C-4FA524AD187A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1FEE10AF-1A9D-480F-B465-063785262E2F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24A9A979-9FC5-48B3-91BA-C4D62C2F1CAA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{321D28A0-04AB-455C-8EE4-AADC39F6BDC7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{45BF0DBC-0062-4FCC-B51A-DCDE28453850}" = lport=139 | protocol=6 | dir=in | app=system |
"{79A94A31-09AC-4582-8E6F-B2CA6E4EAA44}" = lport=445 | protocol=6 | dir=in | app=system |
"{9E7BD74F-2D2A-4A89-B880-02C13E9034E0}" = rport=137 | protocol=17 | dir=out | app=system |
"{A233D45D-E4A8-4F80-BEC7-BA0368A519E8}" = rport=138 | protocol=17 | dir=out | app=system |
"{A8D32659-0B8A-42D9-8F1A-3DF322E349EE}" = lport=137 | protocol=17 | dir=in | app=system |
"{C94FDC0D-BBB7-4CC6-8091-81151C0E95EF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CDBD801D-1779-4A5E-BA23-E356304560F2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DAF0A5CF-014B-43E8-A040-A092D766B4CC}" = rport=445 | protocol=6 | dir=out | app=system |
"{E8DEE582-3098-4491-B801-9F1E30D90E68}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F2CC6CA0-5AB1-4779-A5D7-FA9ECB3A963D}" = lport=138 | protocol=17 | dir=in | app=system |
"{F4802363-2651-49AA-8927-31A0F7BCA90C}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0056F4F2-200A-4F81-816F-F3349965D785}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0269F5C7-E013-4480-A4AD-18885DA3902A}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{041E2EC9-4918-4E3E-970F-0678049F5191}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1DB4747E-2B09-464D-BAAF-8758A4F2FBDE}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung pc studio 3\liveupdate.exe |
"{1FE336E9-FD81-4D88-BB3D-D77AEC30BC8D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{2EF008D5-9351-4F83-96EF-16C0E80C708B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CFA4AC8-311D-4D59-B60D-B1CCE1CB9B2D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4996775F-4EAB-4060-ABC3-86B37D7D36CC}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{4CFB29D9-2BFF-4488-BF08-1E3C36B0A21B}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung pc studio 3\liveupdate.exe |
"{5C53BED7-4B69-4C4B-A05A-1E9CE6C4FD72}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{64915AC6-B9F7-4B4E-BDF0-6B9B492FDCA2}" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"{78C0D544-0BC2-4508-BDEF-F48A74F4F53F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9AEC4761-D12C-48B3-A649-1B8F08690D08}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AC36F7EF-8F57-4482-B0C5-66B17F94EAA1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B32E8FEB-7D39-4011-BA83-3EC8025512D9}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung pc studio 3\launcher.exe |
"{B58B1A41-AAF1-4D99-AD92-6B4BB3005DFF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BA960CD4-7EDD-4937-8D8C-EB2919659389}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CEA0768C-1D0F-497F-9F01-D3E61D9F6F4C}" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"{D289BFE6-00E7-4331-9CBE-869A281D980A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DA585043-3AE7-4434-A622-AC489691071A}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung pc studio 3\launcher.exe |
"{E971E29D-9997-4835-BE2D-8FA1F961D8BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{9AA87A68-3ED2-4EBA-84AD-F35A7E7F8E2D}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{B3770BB0-BFD0-45DA-93D8-5E487A072DEB}C:\users\***\downloads\miranda-im-v0.9.34-x64\miranda64.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\miranda-im-v0.9.34-x64\miranda64.exe |
"UDP Query User{2867FA46-4F9B-42FD-B799-23F0AF2A4447}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{EC4D17E3-2237-4340-A390-E5DA97B62C3C}C:\users\***\downloads\miranda-im-v0.9.34-x64\miranda64.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\miranda-im-v0.9.34-x64\miranda64.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3DCF00F5-04A5-4543-A088-70548081120E}_is1" = Compiled Driver Disc (Full) 1.0
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Logitech Unifying" = Logitech Unifying-Software 2.00
"Matlab R2011b" = MATLAB R2011b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1A834332-A9EE-440C-9505-2D07F445F05A}" = MOBILedit! Support Libraries
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22E6139B-4D29-4107-8005-152A5EE6D0B3}" = RSTAB
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2766B331-2A22-4B87-94EE-EC93EE267EA0}" = map&guide professional 2008
"{2B290EE2-5576-4A00-918B-FEC299103FBD}" = Dlubal RSTAB 7
"{2D3858B1-226A-420D-9C9D-B51864E85429}" = Nuvoton CIR Device Driver
"{32DF2EBA-00B2-44E9-A91B-50ACC8607468}" = map&guide Kartendaten Europa Release 2008.3x (C:\Program Files (x86)\map&guide professional 2008\maps\EuropePremium.geo)
"{3A32A44A-81B2-4415-B0CF-1884D54FFD66}_is1" = cadwork cataloge version 17.0
"{47DA7D2E-408C-4050-B75F-95F6D2E6A332}_is1" = MOBILedit! ver. 5.5.0.1148
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{62B74257-2E1B-48FB-843C-0FBA43FE1327}" = Sentinel System Driver Installer 7.4.0
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A62B2A-50D6-4886-8AFA-7FC4DE273C61}" = RSTAB
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{DBBCF7F1-2AD2-48A3-8408-A9279857D832}" = Samsung PC Studio 3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.3.2
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"cadwork 17.0_is1" = cadwork 17.0
"Cadwork.dir" = Cadwork
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESET Online Scanner" = ESET Online Scanner v3
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"IrfanView" = IrfanView (remove only)
"MediaMonkey_is1" = MediaMonkey 4.0
"Miranda IM" = Miranda IM 0.9.48
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"PaperCut NG Client_is1" = PaperCut NG Client 9.8
"RuckZuck 4.0 Studentenversion" = RuckZuck 4.0 Studentenversion
"SecureW2 EAP Suite" = SecureW2 EAP Suite 2.0.2 for Windows
"SystemRequirementsLab" = System Requirements Lab
"Tunatic" = Tunatic
"VLC media player" = VLC media player 2.0.1
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.06.2012 13:47:45 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.8.0.156, Zeitstempel:
 0x4f3bb389  Name des fehlerhaften Moduls: Skype.exe, Version: 5.8.0.156, Zeitstempel:
 0x4f3bb389  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00006048  ID des fehlerhaften Prozesses:
 0x660  Startzeit der fehlerhaften Anwendung: 0x01cd4e341f0d2ed8  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\Skype\Phone\Skype.exe  Berichtskennung: 0a5f9838-bb00-11e1-b394-001b2457b0ed
 
Error - 21.06.2012 02:27:08 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 12.0.0.4493,
 Zeitstempel: 0x4f920759  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
 Version: 0.0.0.0, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
0x70c29903  ID des fehlerhaften Prozesses: 0xf5c  Startzeit der fehlerhaften Anwendung:
 0x01cd4e318efbf86f  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
 Firefox\plugin-container.exe  Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll
Berichtskennung:
 200a96fe-bb6a-11e1-b394-001b2457b0ed
 
Error - 22.06.2012 03:41:23 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 24.06.2012 17:15:26 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description =
 
Error - 25.06.2012 12:54:09 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 25.06.2012 13:10:18 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 12.3.0.15 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: f9c    Startzeit:
01cd52f3ad20d0ff    Endzeit: 60000    Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir
 Desktop\avscan.exe    Berichts-ID: 4edf556e-bee8-11e1-8ea3-001b2457b0ed 
 
Error - 25.06.2012 13:15:31 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 25.06.2012 14:50:46 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 25.06.2012 15:07:45 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 25.06.2012 15:16:25 | Computer Name = ***-PC | Source = VSS | ID = 12310
Description =
 
Error - 25.06.2012 15:16:25 | Computer Name = ***-PC | Source = VSS | ID = 12298
Description =
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 25.06.2012 15:09:13 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 648 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 25.06.2012 15:09:18 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2626 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 25.06.2012 15:09:18 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 25.06.2012 15:09:18 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 648 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 25.06.2012 15:09:23 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2626 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 25.06.2012 15:09:23 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 25.06.2012 15:09:23 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 648 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
Error - 25.06.2012 15:09:28 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp
Line:
 2626 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647
(0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 25.06.2012 15:09:28 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line:
2211 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647
 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED
 
Error - 25.06.2012 15:09:28 | Computer Name = ***-PC | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 648 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE
 
[ System Events ]
Error - 23.05.2012 05:42:27 | Computer Name = ***-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 23.05.2012 05:42:59 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst vpnagent erreicht.
 
Error - 23.05.2012 05:43:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  StarOpen
 
Error - 28.05.2012 16:54:11 | Computer Name = ***-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 31.05.2012 15:38:29 | Computer Name = ***-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 31.05.2012 15:38:42 | Computer Name = ***-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 31.05.2012 15:39:03 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  StarOpen
 
Error - 01.06.2012 14:05:48 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
 
Error - 01.06.2012 15:16:59 | Computer Name = ***-PC | Source = bowser | ID = 8003
Description =
 
Error - 08.06.2012 13:52:37 | Computer Name = ***-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
 
< End of report >

Den Schritt 2.3 habe ich nicht mehr ausgeführt, da ich ein Win 7 64 Bit System habe.

So, leider ist es etwas länger geworden, aber ich hoffe, es nimmt sich trotzdem einer dieses Problems an. Vielleicht muss man es 2 mal lesen, aber ich wollte euch so viele Informationen wie möglich über den Hergang geben. Ich weiß leider nicht, an welcher Stelle ich hätte filtern können, um unwichtiges raus zu lassen.

Ich ertwarte auch keine sofortige Antwort, lieber eine mit Bedacht.
Falls ich noch etwas vergessen haben sollte, so bitte ich um Nachsicht, ich werde es natürlich schnellstmöglich nachreichen.
Auch jeden Fall möchte ich mich schonmal recht herzlich bedanken.

Viele Grüße, Rumpel

cosinus 29.06.2012 15:46
Zitat:
Ich war mir aber nicht bewusst, das ich irgendwas mit Java geöffnet habe.
Das ist der JavaUpdater der nach Updates für Java schaut!
Wenn du Java nicht aktualisierst werden diesde Funde erst gefährlich! Exploits nutzen Lücken in alter Software


Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Rumpel2 30.06.2012 01:11
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo Arne!

Erstmal vielen Dank, dass du dich meines Problems annimmst. Wie du mir gesagt hast, habe ich die fehlenden Informationen zusammen getragen.

Ich habe Malwarebytes durchlaufen lassen. Beim Scan fiel mir folgendes auf:
Avira hat einen Fund gemeldet. Die Datei hab ich dann in die Quarantäne schieben lassen. Hier der entsprechende Log:

Avira AniVir

Code:


Avira Free Antivirus
Erstellungsdatum der Reportdatei: Freitag, 29. Juni 2012  21:27

Es wird nach 3874966 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 000014****-ADJIE-0000001
Plattform      : Windows 7 Professional
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : ***-PC

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE    : 12.3.0.15    466896 Bytes  08.05.2012 21:10:25
AVSCAN.DLL    : 12.3.0.15      66256 Bytes  08.05.2012 21:10:25
LUKE.DLL      : 12.3.0.15      68304 Bytes  08.05.2012 21:10:25
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 21:10:25
AVREG.DLL      : 12.3.0.17    232200 Bytes  11.05.2012 06:34:33
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 19:18:34
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 10:07:39
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 17:27:21
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 22:07:36
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 15:48:09
VBASE005.VDF  : 7.11.29.136  2166272 Bytes  10.05.2012 06:34:25
VBASE006.VDF  : 7.11.29.137    2048 Bytes  10.05.2012 06:34:25
VBASE007.VDF  : 7.11.29.138    2048 Bytes  10.05.2012 06:34:25
VBASE008.VDF  : 7.11.29.139    2048 Bytes  10.05.2012 06:34:25
VBASE009.VDF  : 7.11.29.140    2048 Bytes  10.05.2012 06:34:25
VBASE010.VDF  : 7.11.29.141    2048 Bytes  10.05.2012 06:34:25
VBASE011.VDF  : 7.11.29.142    2048 Bytes  10.05.2012 06:34:25
VBASE012.VDF  : 7.11.29.143    2048 Bytes  10.05.2012 06:34:25
VBASE013.VDF  : 7.11.29.144    2048 Bytes  10.05.2012 06:34:25
VBASE014.VDF  : 7.11.30.3    198144 Bytes  14.05.2012 15:55:30
VBASE015.VDF  : 7.11.30.69    186368 Bytes  17.05.2012 19:57:14
VBASE016.VDF  : 7.11.30.143  223744 Bytes  21.05.2012 05:50:20
VBASE017.VDF  : 7.11.30.207  287744 Bytes  23.05.2012 05:48:30
VBASE018.VDF  : 7.11.31.57    188416 Bytes  28.05.2012 17:55:42
VBASE019.VDF  : 7.11.31.111  214528 Bytes  30.05.2012 18:48:45
VBASE020.VDF  : 7.11.31.151  116736 Bytes  31.05.2012 18:48:49
VBASE021.VDF  : 7.11.31.205  134144 Bytes  03.06.2012 13:43:30
VBASE022.VDF  : 7.11.32.9    169472 Bytes  05.06.2012 16:45:45
VBASE023.VDF  : 7.11.32.85    155648 Bytes  08.06.2012 12:13:07
VBASE024.VDF  : 7.11.32.133  127488 Bytes  11.06.2012 17:23:48
VBASE025.VDF  : 7.11.32.171  182784 Bytes  12.06.2012 17:23:44
VBASE026.VDF  : 7.11.32.251  119296 Bytes  14.06.2012 21:07:00
VBASE027.VDF  : 7.11.33.83    159232 Bytes  18.06.2012 09:28:38
VBASE028.VDF  : 7.11.33.195  200192 Bytes  22.06.2012 14:32:14
VBASE029.VDF  : 7.11.34.57    187904 Bytes  27.06.2012 01:22:34
VBASE030.VDF  : 7.11.34.58      2048 Bytes  27.06.2012 01:22:34
VBASE031.VDF  : 7.11.34.60      2048 Bytes  27.06.2012 01:22:34
Engineversion  : 8.2.10.96
AEVDF.DLL      : 8.1.2.8      106867 Bytes  01.06.2012 18:46:23
AESCRIPT.DLL  : 8.1.4.28      455035 Bytes  21.06.2012 14:24:44
AESCN.DLL      : 8.1.8.2      131444 Bytes  27.01.2012 16:21:54
AESBX.DLL      : 8.2.5.12      606578 Bytes  14.06.2012 17:28:28
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 22:16:06
AEPACK.DLL    : 8.2.16.22    807288 Bytes  21.06.2012 14:24:43
AEOFFICE.DLL  : 8.1.2.38      201083 Bytes  21.06.2012 14:24:42
AEHEUR.DLL    : 8.1.4.52    4923767 Bytes  21.06.2012 14:24:42
AEHELP.DLL    : 8.1.21.0      254326 Bytes  11.05.2012 06:34:26
AEGEN.DLL      : 8.1.5.30      422261 Bytes  14.06.2012 17:25:17
AEEXP.DLL      : 8.1.0.54      82293 Bytes  21.06.2012 14:24:48
AEEMU.DLL      : 8.1.3.0      393589 Bytes  01.09.2011 22:46:01
AECORE.DLL    : 8.1.25.10    201080 Bytes  31.05.2012 18:48:54
AEBB.DLL      : 8.1.1.0        53618 Bytes  01.09.2011 22:46:01
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 21:10:24
AVPREF.DLL    : 12.3.0.15      51920 Bytes  08.05.2012 21:10:25
AVREP.DLL      : 12.3.0.15    179208 Bytes  08.05.2012 21:10:25
AVARKT.DLL    : 12.3.0.15    211408 Bytes  08.05.2012 21:10:25
AVEVTLOG.DLL  : 12.3.0.15    169168 Bytes  08.05.2012 21:10:25
SQLITE3.DLL    : 3.7.0.1      398288 Bytes  08.05.2012 21:10:25
AVSMTP.DLL    : 12.3.0.15      63440 Bytes  08.05.2012 21:10:25
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 21:10:25
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 21:10:25
RCTEXT.DLL    : 12.3.0.15      98512 Bytes  08.05.2012 21:10:25

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4fe8b6d9\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Freitag, 29. Juni 2012  21:27

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'miranda32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_257.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_257.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hasplms.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vpnagent.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'H:\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1187ad0c-72e5675f'
H:\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1187ad0c-72e5675f
  [FUND]      Ist das Trojanische Pferd TR/Expl.Java.CVE.2010.4452.g.1

Beginne mit der Desinfektion:
H:\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1187ad0c-72e5675f
  [FUND]      Ist das Trojanische Pferd TR/Expl.Java.CVE.2010.4452.g.1
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5641ac02.qua' verschoben!


Ende des Suchlaufs: Freitag, 29. Juni 2012  21:29
Benötigte Zeit: 00:11 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    22 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    21 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.
Dazu muss ich sagen: Ich hab den Durchlauf mit Malwarebytes auch schon über 2 zusätzliche externe Festplatten laufen lassen. Der Fund ist in einer alten Datensicherung gefunden worden. Diese Sicherung wurde von einem verseuchten System erstellt. Anschließend wurde der Laptop neu aufgesetzt.

Hier nun der Log aus Malwarebytes:

Malwarebytes Anti Malware

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.29.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

Schutz: Aktiviert

29.06.2012 19:13:22
mbam-log-2012-06-29 (19-13-22).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 571823
Laufzeit: 2 Stunde(n), 29 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes hat also keinen Fund gemeldet. Anschließend habe ich Malwarebytes, Avira AntiVir, Windows Firewall, Windows Defender und die Firefox Add-Ons Adblock Plus und ProxTube deaktiviert. Die "Java Console" in Firefox wer eh schon immer deaktiviert. Danach habe ich dann den Scan mit ESET durchlaufen lassen. Hier der ESET Log:

ESET Online Scan Log:


Code:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=94abfc122d30f349b209b515eb4c19cf
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-29 10:39:21
# local_time=2012-06-30 12:39:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 19986458 19986458 0 0
# compatibility_mode=5893 16776573 100 94 33222 92630613 0 0
# compatibility_mode=8192 67108863 100 0 7851595 7851595 0 0
# scanned=344503
# found=2
# cleaned=0
# scan_time=8797
C:\Users\***\AppData\Local\Temp\ICReinstall\cnet_produkey-x64_zip.exe        a variant of Win32/InstallCore.D application (unable to clean)        00000000000000000000000000000000        I
G:\Datensicherung 08.11.11\***\AppData\Local\Temp\ICReinstall\cnet_produkey-x64_zip.exe        a variant of Win32/InstallCore.D application (unable to clean)        00000000000000000000000000000000        I
Folgendes ist mir aufgefallen: Nach dem schließen von ESET hat Windows gemeldet, dass es evtl nicht richtig installiert worden ist. Kann da etwas schief laufen? Einen Screenshot der Nachricht habe ich in den Anhang gepackt. Und ich habe auf Abbrechen geklickt.

Außerdem hat mich dieses hier gewundert: ESET hat laut Angabe 230 000 Dateien weniger untersucht, obwohl bei beiden Programmen beide externe Festplatten mit durchsucht werden (sollten). Der Fund, den ESET meldet stammt auch von einer neueren Datensicherung eines verseuchten Systems.

Das muss ich so erklären: Ich hatte mir im Sommer 2011 den BKA Trojaner eingefangen und habe daraufhin den Laptop von einem Bekannten neu aufsetzen lassen. Ich selber kannte mich damit halt nicht gut aus. Leider hat sich dann herausgestellt, dass er mir nicht die richtige Windows Version installiert hat und anscheinend der Computer nicht richtig geschützt war, denn ich hatte wieder ein Problem damit und habe nach der Datensicherung im November 2011 mit Hilfe des IT-Service meiner Uni den Laptop komplett neu aufgesetzt. Daher existieren 2 alte, verseuchte Datensicherungen.

Ich hoffe, dass ich mir nichts von mir selber eingefangen habe. In einem Computer-Laden hat man mir gesagt, dass beim reinen anstecken einer externen Festplatte das System nicht infiziert werden kann. Stimmt diese Information so nicht? Ich habe im Avira AntiVir eine Einstellung gesehen, die Autostarts unterbindet. Und die ist auch angehakt.

Soviel dazu. Ich denke, ich hab deinen Eintrag jetzt komplett bearbeitet. Vielen Dank nochmal für die Hilfe. Kannst du, wenn du dir die Sachen anguckst, mit wenigen Worten einmal sagen, was die Viren/Würmer/Malware-irgendeiner-Art auf meinem jetzigen System angestellt haben? Ob die irgendwelche Dateien geändert haben, oder mich ausspionieren, oder irgendwelche anderen Sachen auf meinem Laptop veranstalten. Das wäre sehr nett.

Jetzt werde ich die Echtzeit-Systeme von Malwarebytes, Avira AntiVir, Windows Firewall, Windows Defender sowie die Firefox Add-Ons Adblock Plus und ProxTube wieder anschalten. Kann ich für die Zeit, in der wir mein Problem beheben AntiVir und Malwarebytes parallel laufen lassen? Kannst du mir anschließend helfen, das System einmal richtig abzusichern? Anscheinend wird hier irgendwas nicht automatisch aktualisiert.

Viel Grüße, Rumpel

cosinus 01.07.2012 15:12
Dass ESET ein wenig hysterisch sein kann hab ich ja schon angedeutet. Besonders gerne meckert es setups an, wenn darin Toolbars enthalten sind und vom Installer normalerweise mit installiert werden wenn man es denn nicht abwählt

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Rumpel2 01.07.2012 16:23
Hallo Arne!

Danke für die Antwort!

Ich habe den OTL Scan planmäßig ausgeführt und es gab keine Meldungen. Zumindest keine Fehlermeldungen. Die OTL.txt kam am Ende natürlich raus. Und hier ist sie:

OTL.txt:

OTL Logfile:
Code:
OTL logfile created on: 01.07.2012 16:31:43 - Run 2
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 75,13% Memory free
8,00 Gb Paging File | 6,57 Gb Available in Paging File | 82,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 85,18 Gb Free Space | 58,15% Space Free | Partition Type: NTFS
Drive D: | 319,18 Gb Total Space | 270,48 Gb Free Space | 84,74% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2012.07.01 16:29:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.05.08 23:10:25 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 23:10:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 23:10:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.04.21 12:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2012.05.08 23:10:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 23:10:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.30 18:20:20 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 23:10:25 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 23:10:25 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.22 19:41:02 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.09 18:00:05 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011.09.09 17:59:19 | 000,106,408 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2011.09.08 08:23:30 | 000,057,088 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.09.17 21:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.08.26 07:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.25 18:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.25 17:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.25 17:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.24 15:03:24 | 000,048,128 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotoncir.sys -- (nuvotoncir)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009.03.13 11:55:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2009.03.13 11:55:38 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2009.01.08 11:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.04.27 08:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2007.03.28 08:50:18 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winbondcir.sys -- (winbondcir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 31 3F F4 37 55 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.30 18:20:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.23 11:56:25 | 000,000,000 | ---D | M]
 
[2011.11.09 21:40:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.06.29 22:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions
[2012.06.14 15:38:54 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012.05.18 10:54:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions\ich@maltegoetz.de
[2012.06.29 22:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions\trash
[2011.11.11 16:40:32 | 000,001,689 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epj6lbtx.default\searchplugins\moviemaze-suche.xml
[2011.11.17 19:18:15 | 000,002,057 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epj6lbtx.default\searchplugins\youtube-videosuche.xml
[2012.06.23 11:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.23 11:56:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011.11.15 21:33:54 | 007,704,298 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}.XPI
[2011.11.15 21:33:54 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.06.08 12:53:22 | 000,057,439 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\TABSCOPE@XULDEV.ORG.XPI
[2012.04.30 18:20:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.13 09:48:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 09:48:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.13 09:48:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 09:48:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 09:48:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 09:48:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2DB4B57-33AA-467A-A134-CCE468DC5457}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
MsConfig:64bit - StartUpReg: Logitech Download Assistant - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: PaperCut NG Client - hkey= - key= - C:\Program Files (x86)\PaperCut NG Client\pc-client.exe ()
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.29 22:06:10 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.06.29 19:07:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.29 19:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.29 19:07:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.29 19:07:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.29 19:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.29 19:04:56 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.25 23:00:07 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.06.24 15:18:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2012.06.23 11:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.06.19 17:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.06.19 17:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012.06.19 17:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2012.06.15 07:32:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.06.12 08:37:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aladdin Shared
[2012.06.12 08:37:55 | 002,869,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\hasplms.exe
[2012.06.12 08:36:57 | 000,318,464 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\hardlock.sys
[2012.06.12 08:36:57 | 000,071,168 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\aksusb3.dll
[2012.06.12 08:36:57 | 000,071,040 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksdf.sys
[2012.06.12 08:36:57 | 000,053,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\akshasp.sys
[2012.06.12 08:36:57 | 000,033,792 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\akshhl27.dll
[2012.06.12 08:36:57 | 000,025,344 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksusb.sys
[2012.06.12 08:36:57 | 000,014,848 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksclass.sys
[2012.06.12 08:36:57 | 000,011,776 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\akshsp51.dll
[2012.06.12 08:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dlubal
[2012.06.12 08:35:37 | 000,205,608 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\SysWow64\THREED32.OCX
[2012.06.12 08:35:00 | 000,308,008 | ---- | C] (SommyTech®) -- C:\Windows\SysWow64\BlnDialog.ocx
[2012.06.12 08:35:00 | 000,303,104 | ---- | C] (Ing.-Software DLUBAL GmbH) -- C:\Windows\SysWow64\DL_Bmpbtn.ocx
[2012.06.12 08:35:00 | 000,149,288 | ---- | C] (Desaware) -- C:\Windows\SysWow64\ANIBTN32.OCX
[2012.06.12 08:35:00 | 000,093,888 | ---- | C] (Ing.-Software DLUBAL) -- C:\Windows\SysWow64\DL_HtmlButton.ocx
[2012.06.12 08:35:00 | 000,085,696 | ---- | C] (Ing.-Software DLUBAL) -- C:\Windows\SysWow64\DL_HtmlStatic.ocx
[2012.06.12 08:35:00 | 000,077,504 | ---- | C] (Ing.-Software DLUBAL GmbH) -- C:\Windows\SysWow64\DL_Caption.ocx
[2012.06.12 08:35:00 | 000,036,544 | ---- | C] (Dlubal) -- C:\Windows\SysWow64\DL_Static.ocx
[2012.06.12 08:34:29 | 000,274,432 | ---- | C] (Ing. Dlubal s.r.o.) -- C:\Windows\SysWow64\ThmShellEx.dll
[2012.06.12 08:34:29 | 000,111,104 | ---- | C] (ing. Dlubal s.r.o.) -- C:\Windows\SysWow64\PropShellEx.dll
[2012.06.12 08:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Dlubal
[2012.06.12 08:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dlubal
[2012.06.12 08:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Dlubal
[2012.06.06 07:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.06.06 07:13:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.06.06 07:13:41 | 000,094,208 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.06.06 07:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.06.03 16:09:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Silberhochzeit Dörte und Wilfried, 02.06.2012, Drentwede
[2012.06.02 16:56:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\sd temp 02.06.22012
[2012.06.01 19:23:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kopenhagen, Schweden, Nuttlar, Nijmegen, Elphi
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.01 16:29:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.01 13:00:06 | 000,000,554 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job
[2012.07.01 03:39:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.30 08:39:19 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.30 08:39:19 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.30 08:36:54 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.30 08:36:54 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.30 08:36:54 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.30 08:36:54 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.30 08:36:54 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.30 08:31:31 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.30 02:26:38 | 000,039,736 | ---- | M] () -- C:\Users\***\Desktop\Meldung ESET.png
[2012.06.29 22:06:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.06.29 19:07:02 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.29 19:05:29 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.27 18:08:18 | 000,000,000 | ---- | M] () -- C:\Users\***\Desktop\CIMG7011.JPG
[2012.06.27 18:08:12 | 002,214,283 | ---- | M] () -- C:\Users\***\Desktop\CIMG7010.JPG
[2012.06.27 18:08:04 | 002,457,695 | ---- | M] () -- C:\Users\***\Desktop\CIMG7009.JPG
[2012.06.27 18:07:34 | 003,544,551 | ---- | M] () -- C:\Users\***\Desktop\CIMG7008.JPG
[2012.06.25 22:59:42 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.25 11:32:03 | 000,118,784 | ---- | M] () -- C:\Users\***\Desktop\Hausübung Teil 2.rs7
[2012.06.19 19:17:25 | 000,017,408 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2012.06.19 07:50:05 | 000,418,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 20:23:56 | 002,788,117 | ---- | M] () -- C:\Users\***\Desktop\mutti_plakate_0512_groß.jpg
[2012.06.06 15:52:48 | 000,226,602 | ---- | M] () -- C:\Users\***\Desktop\Screenshot Trikot 52,80 €.jpg
[2012.06.06 12:22:59 | 000,246,998 | ---- | M] () -- C:\Users\***\Desktop\Screenshot Trikot.jpg
[2012.06.06 07:13:45 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.30 02:26:38 | 000,039,736 | ---- | C] () -- C:\Users\***\Desktop\Meldung ESET.png
[2012.06.29 19:07:02 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.27 18:07:26 | 003,544,551 | ---- | C] () -- C:\Users\***\Desktop\CIMG7008.JPG
[2012.06.27 18:07:26 | 002,457,695 | ---- | C] () -- C:\Users\***\Desktop\CIMG7009.JPG
[2012.06.27 18:07:26 | 002,214,283 | ---- | C] () -- C:\Users\***\Desktop\CIMG7010.JPG
[2012.06.27 18:07:26 | 000,000,000 | ---- | C] () -- C:\Users\***\Desktop\CIMG7011.JPG
[2012.06.25 22:59:42 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.12 20:39:45 | 000,118,784 | ---- | C] () -- C:\Users\***\Desktop\Hausübung Teil 2.rs7
[2012.06.12 20:23:46 | 002,788,117 | ---- | C] () -- C:\Users\***\Desktop\mutti_plakate_0512_groß.jpg
[2012.06.12 08:34:27 | 000,000,819 | ---- | C] () -- C:\Windows\SysWow64\_nethasp.ini
[2012.06.06 15:52:48 | 000,226,602 | ---- | C] () -- C:\Users\***\Desktop\Screenshot Trikot 52,80 €.jpg
[2012.06.06 12:22:59 | 000,246,998 | ---- | C] () -- C:\Users\***\Desktop\Screenshot Trikot.jpg
[2012.06.06 07:13:45 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011.12.05 20:13:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.12.05 20:05:11 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2011.11.15 20:37:31 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2011.11.09 21:34:45 | 000,000,054 | ---- | C] () -- C:\Users\***\pc-client.properties
 
========== LOP Check ==========
 
[2012.01.21 16:44:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2012.01.21 16:30:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2011.11.28 09:54:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cadwork
[2011.11.15 20:31:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.01.28 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.04.12 19:10:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.03.03 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAP&GUIDE
[2012.06.25 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2012.05.02 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2011.12.17 02:25:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MOBILedit
[2012.06.06 07:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2011.12.13 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.07.01 13:00:06 | 000,000,554 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
[2012.01.13 09:42:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.09 21:47:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2012.01.21 16:44:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2012.01.21 16:30:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2011.11.11 16:04:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2011.11.28 09:54:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cadwork
[2011.11.15 20:31:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.01.28 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.05.24 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2011.11.09 20:19:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2012.03.03 13:05:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2012.04.12 19:10:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.01.31 22:04:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.06.29 19:07:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.03.03 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAP&GUIDE
[2012.01.18 20:22:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MathWorks
[2010.11.21 09:00:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.06.25 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2012.05.14 14:55:04 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.05.02 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2011.12.17 02:25:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MOBILedit
[2011.11.09 21:40:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.11.18 17:19:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NVIDIA
[2012.06.06 07:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2011.12.13 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.07.01 16:23:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2012.05.24 18:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.01.27 00:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- C:\Program Files\MATLAB\R2011b\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >
--- --- ---

[/code]

Hast du einen Verdacht, was auf meinem Laptop schief läuft? Ich hab zwar keine Einschränkungen, alles scheint normal zu laufen. Aber ich weiß ja nicht, was noch alles im Hintergrund läuft. Aber das ist wahrscheinlich das, worum du dich kümmerst. Einzig ist mir aufgefallen, dass ich beim Videotelefonieren über Skype teilweise Verbindungsprobleme habe und unplanmäßige Geräusche. Ich schiebe aber gerade die Geräusche auf die Hardware (Lüfter). Achja, und Skype lässt sich nicht automatisch (nach der Erinnerung des Programms selber) aktualisieren. Aber das ist wahrscheinlich ein späterer Schritt.

Kann ich weiterhin daran arbeiten? Online Banking lass ich vorsichtshalber noch, bis ich das ok von dir bekomme.

Wie sieht es aus mit Instant Messaging? Nutze ICQ über Miranda und Skype.

So ruhig wie du bleibst, hoffe ich mal, dass ich mir nicht die ganz schlimmen Dinger eingefangen habe. Wenn wir irgendwann fertig sind mit dem Bereinigen, würde ich gerne wissen, ob es gescheite Software gibt, die automatisch (!) täglich (?) oder so ähnlich guckt, ob die entsprechenden Programme etc. aktuell sind.

Bis dahin mache ich hier an dem Laptop nichts ohne Absprache mit dir, außer den täglichen notwendigen Arbeiten (E-Mail, Office, Statik-Software,...).

Viele Grüße, Rumpel

P.S.: Grad als ich die Antwort hier schreibe, meldet Firefox, dass es eine neue Version gibt. Kann/Soll ich den schon direkt updaten?

cosinus 01.07.2012 16:33
Zitat:
Scan Mode: Current user
Welchen Haken hast du vergessen? :(

Rumpel2 01.07.2012 17:00
Hallo Arne!

Tut mir leid. Kommt nicht wieder vor. Hatte das Programm ein zweites Mal gestartet, weil ich erst die Datei aus dem Downloads Ordner genommen habe. Habe also nochmal auf den Desktop runtergeladen und den Haken vergessen.

Jetzt habe ich alles genau so gemacht, wie du gesagt hast.

Hier der log:

OTL.txt:

OTL Logfile:
Code:
OTL logfile created on: 01.07.2012 17:37:43 - Run 3
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,63% Memory free
8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,48 Gb Total Space | 85,03 Gb Free Space | 58,05% Space Free | Partition Type: NTFS
Drive D: | 319,18 Gb Total Space | 270,48 Gb Free Space | 84,74% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2012.07.01 16:29:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.05.08 23:10:25 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 23:10:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 23:10:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.04.21 12:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2012.05.08 23:10:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 23:10:25 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.30 18:20:20 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.09.09 18:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 23:10:25 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 23:10:25 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.22 19:41:02 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.09 18:00:05 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011.09.09 17:59:19 | 000,106,408 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2011.09.08 08:23:30 | 000,057,088 | ---- | M] (SafeNet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.09.17 21:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.08.26 07:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.25 18:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.25 17:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009.06.25 17:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009.06.24 15:03:24 | 000,048,128 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuvotoncir.sys -- (nuvotoncir)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009.03.13 11:55:38 | 000,053,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2009.03.13 11:55:38 | 000,025,344 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2009.01.08 11:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.04.27 08:40:00 | 000,142,120 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2007.03.28 08:50:18 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winbondcir.sys -- (winbondcir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2016649859-1300321083-3386470498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2016649859-1300321083-3386470498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2016649859-1300321083-3386470498-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 31 3F F4 37 55 CD 01  [binary data]
IE - HKU\S-1-5-21-2016649859-1300321083-3386470498-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2016649859-1300321083-3386470498-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2016649859-1300321083-3386470498-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.30 18:20:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.23 11:56:25 | 000,000,000 | ---D | M]
 
[2011.11.09 21:40:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.06.29 22:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions
[2012.06.14 15:38:54 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012.05.18 10:54:22 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions\ich@maltegoetz.de
[2012.06.29 22:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epj6lbtx.default\extensions\trash
[2011.11.11 16:40:32 | 000,001,689 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epj6lbtx.default\searchplugins\moviemaze-suche.xml
[2011.11.17 19:18:15 | 000,002,057 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epj6lbtx.default\searchplugins\youtube-videosuche.xml
[2012.06.23 11:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.23 11:56:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011.11.15 21:33:54 | 007,704,298 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\{7BDB48D1-CD94-4B99-A5A4-E418B9EE6532}.XPI
[2011.11.15 21:33:54 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.06.08 12:53:22 | 000,057,439 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPJ6LBTX.DEFAULT\EXTENSIONS\TABSCOPE@XULDEV.ORG.XPI
[2012.04.30 18:20:20 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.13 09:48:22 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 09:48:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.13 09:48:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 09:48:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 09:48:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 09:48:22 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2016649859-1300321083-3386470498-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2016649859-1300321083-3386470498-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2DB4B57-33AA-467A-A134-CCE468DC5457}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
MsConfig:64bit - StartUpReg: Logitech Download Assistant - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: PaperCut NG Client - hkey= - key= - C:\Program Files (x86)\PaperCut NG Client\pc-client.exe ()
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.29 22:06:10 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.06.29 19:07:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.29 19:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.29 19:07:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.29 19:07:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.29 19:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.29 19:04:56 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.25 23:00:07 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.06.24 15:18:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2012.06.23 11:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.06.19 17:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012.06.19 17:51:57 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012.06.19 17:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2012.06.15 07:32:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.06.12 08:37:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aladdin Shared
[2012.06.12 08:37:55 | 002,869,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\hasplms.exe
[2012.06.12 08:36:57 | 000,318,464 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\hardlock.sys
[2012.06.12 08:36:57 | 000,071,168 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\aksusb3.dll
[2012.06.12 08:36:57 | 000,071,040 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksdf.sys
[2012.06.12 08:36:57 | 000,053,760 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\akshasp.sys
[2012.06.12 08:36:57 | 000,033,792 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\akshhl27.dll
[2012.06.12 08:36:57 | 000,025,344 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksusb.sys
[2012.06.12 08:36:57 | 000,014,848 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksclass.sys
[2012.06.12 08:36:57 | 000,011,776 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\akshsp51.dll
[2012.06.12 08:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dlubal
[2012.06.12 08:35:37 | 000,205,608 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\Windows\SysWow64\THREED32.OCX
[2012.06.12 08:35:00 | 000,308,008 | ---- | C] (SommyTech®) -- C:\Windows\SysWow64\BlnDialog.ocx
[2012.06.12 08:35:00 | 000,303,104 | ---- | C] (Ing.-Software DLUBAL GmbH) -- C:\Windows\SysWow64\DL_Bmpbtn.ocx
[2012.06.12 08:35:00 | 000,149,288 | ---- | C] (Desaware) -- C:\Windows\SysWow64\ANIBTN32.OCX
[2012.06.12 08:35:00 | 000,093,888 | ---- | C] (Ing.-Software DLUBAL) -- C:\Windows\SysWow64\DL_HtmlButton.ocx
[2012.06.12 08:35:00 | 000,085,696 | ---- | C] (Ing.-Software DLUBAL) -- C:\Windows\SysWow64\DL_HtmlStatic.ocx
[2012.06.12 08:35:00 | 000,077,504 | ---- | C] (Ing.-Software DLUBAL GmbH) -- C:\Windows\SysWow64\DL_Caption.ocx
[2012.06.12 08:35:00 | 000,036,544 | ---- | C] (Dlubal) -- C:\Windows\SysWow64\DL_Static.ocx
[2012.06.12 08:34:29 | 000,274,432 | ---- | C] (Ing. Dlubal s.r.o.) -- C:\Windows\SysWow64\ThmShellEx.dll
[2012.06.12 08:34:29 | 000,111,104 | ---- | C] (ing. Dlubal s.r.o.) -- C:\Windows\SysWow64\PropShellEx.dll
[2012.06.12 08:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Dlubal
[2012.06.12 08:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dlubal
[2012.06.12 08:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Dlubal
[2012.06.06 07:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.06.06 07:13:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.06.06 07:13:41 | 000,094,208 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.06.06 07:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.06.03 16:09:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Silberhochzeit Dörte und Wilfried, 02.06.2012, Drentwede
[2012.06.02 16:56:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\sd temp 02.06.22012
[2012.06.01 19:23:33 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Kopenhagen, Schweden, Nuttlar, Nijmegen, Elphi
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.01 16:29:56 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.01 13:00:06 | 000,000,554 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job
[2012.07.01 03:39:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.30 08:39:19 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.30 08:39:19 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.30 08:36:54 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.30 08:36:54 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.30 08:36:54 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.30 08:36:54 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.30 08:36:54 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.30 08:31:31 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.30 02:26:38 | 000,039,736 | ---- | M] () -- C:\Users\***\Desktop\Meldung ESET.png
[2012.06.29 22:06:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.06.29 19:07:02 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.29 19:05:29 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.27 18:08:18 | 000,000,000 | ---- | M] () -- C:\Users\***\Desktop\CIMG7011.JPG
[2012.06.27 18:08:12 | 002,214,283 | ---- | M] () -- C:\Users\***\Desktop\CIMG7010.JPG
[2012.06.27 18:08:04 | 002,457,695 | ---- | M] () -- C:\Users\***\Desktop\CIMG7009.JPG
[2012.06.27 18:07:34 | 003,544,551 | ---- | M] () -- C:\Users\***\Desktop\CIMG7008.JPG
[2012.06.25 22:59:42 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.25 11:32:03 | 000,118,784 | ---- | M] () -- C:\Users\***\Desktop\Hausübung Teil 2.rs7
[2012.06.19 19:17:25 | 000,017,408 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2012.06.19 07:50:05 | 000,418,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 20:23:56 | 002,788,117 | ---- | M] () -- C:\Users\***\Desktop\mutti_plakate_0512_groß.jpg
[2012.06.06 15:52:48 | 000,226,602 | ---- | M] () -- C:\Users\***\Desktop\Screenshot Trikot 52,80 €.jpg
[2012.06.06 12:22:59 | 000,246,998 | ---- | M] () -- C:\Users\***\Desktop\Screenshot Trikot.jpg
[2012.06.06 07:13:45 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.30 02:26:38 | 000,039,736 | ---- | C] () -- C:\Users\***\Desktop\Meldung ESET.png
[2012.06.29 19:07:02 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.27 18:07:26 | 003,544,551 | ---- | C] () -- C:\Users\***\Desktop\CIMG7008.JPG
[2012.06.27 18:07:26 | 002,457,695 | ---- | C] () -- C:\Users\***\Desktop\CIMG7009.JPG
[2012.06.27 18:07:26 | 002,214,283 | ---- | C] () -- C:\Users\***\Desktop\CIMG7010.JPG
[2012.06.27 18:07:26 | 000,000,000 | ---- | C] () -- C:\Users\***\Desktop\CIMG7011.JPG
[2012.06.25 22:59:42 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.12 20:39:45 | 000,118,784 | ---- | C] () -- C:\Users\***\Desktop\Hausübung Teil 2.rs7
[2012.06.12 20:23:46 | 002,788,117 | ---- | C] () -- C:\Users\***\Desktop\mutti_plakate_0512_groß.jpg
[2012.06.12 08:34:27 | 000,000,819 | ---- | C] () -- C:\Windows\SysWow64\_nethasp.ini
[2012.06.06 15:52:48 | 000,226,602 | ---- | C] () -- C:\Users\***\Desktop\Screenshot Trikot 52,80 €.jpg
[2012.06.06 12:22:59 | 000,246,998 | ---- | C] () -- C:\Users\***\Desktop\Screenshot Trikot.jpg
[2012.06.06 07:13:45 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2011.12.05 20:13:02 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2011.12.05 20:05:11 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2011.11.15 20:37:31 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2011.11.09 21:34:45 | 000,000,054 | ---- | C] () -- C:\Users\***\pc-client.properties
 
========== LOP Check ==========
 
[2012.01.21 16:44:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2012.01.21 16:30:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2011.11.28 09:54:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cadwork
[2011.11.15 20:31:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.01.28 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.04.12 19:10:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.03.03 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAP&GUIDE
[2012.06.25 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2012.05.02 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2011.12.17 02:25:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MOBILedit
[2012.06.06 07:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2011.12.13 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.07.01 13:00:06 | 000,000,554 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job
[2012.01.13 09:42:00 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.09 21:47:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2012.01.21 16:44:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2012.01.21 16:30:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2011.11.11 16:04:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2011.11.28 09:54:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cadwork
[2011.11.15 20:31:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.01.28 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.05.24 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2011.11.09 20:19:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2012.03.03 13:05:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2012.04.12 19:10:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.01.31 22:04:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.06.29 19:07:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.03.03 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAP&GUIDE
[2012.01.18 20:22:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MathWorks
[2010.11.21 09:00:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.06.25 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MediaMonkey
[2012.05.14 14:55:04 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.05.02 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Miranda
[2011.12.17 02:25:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MOBILedit
[2011.11.09 21:40:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.11.18 17:19:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NVIDIA
[2012.06.06 07:15:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2011.12.13 17:19:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.07.01 16:23:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2012.05.24 18:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.01.27 00:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- C:\Program Files\MATLAB\R2011b\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
<  >

< End of report >
--- --- ---

[/code]

Übrigens hat sich das Frage mit dem Firefox update erledigt. Als ich Firefox nach dem Scan neu gestartet habe, hat er sich von alleine aktualisiert und ich hatte keine Möglichkeit zum Eingreifen.

Irgendwie versteh ich eure Seite grad nicht richtig. Fügt der automatisch code-Tags ein??? Hat der bisher noch nicht gemacht. Da hat das immer flüssig geklappt.

Viel Grüße, Rumpel

cosinus 02.07.2012 09:53
Ja, bei vielen Logs werden die CODE-Tags inzwischen automatisch eingefügt

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2016649859-1300321083-3386470498-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Rumpel2 02.07.2012 14:10
Hallo!

Ich habe, bevor ich den Fix mache, noch 2 Fragen:

1) OTL wieder neu runterladen? Und als Admin öffnen (Win 7)?

2) Wie schon bei ESET auch alle Firewalls und so weiter abschalten? Ich würde also Avira, Malwarebytes, Windows Defender, Windows Firewall abschalten. Und alles was an "normalen" Programmen läuft sowieso.

Ich bin unsicher, einfach selber darüber irgendwelche Entscheidungen zu treffen. Wollte der Sicherheit halber nur einmal nachgefragt haben.

Viele Grüße, Rumpel

cosinus 02.07.2012 14:33
Ja OTL kannst du ruhig neu runterladen aber du musst es wieder als Admin öffnen
Firewall ist beiim OTL-Fix egal, aber Virenscanner bitte ALLE abstellen!

Rumpel2 02.07.2012 14:54
Hallo Arne!

Ich habe den OTL Fix gemacht. Ist alles so eingetreten, wie du es gesagt hast. Erst dachte ich, es funktioniert nicht, weil unten in OTL keine Texte durch die Zeile laufen, aber dann hab ich das kurze grüne Zucken im Balken gesehen.

OTL hat einen Neustart verlangt. Hat ihn auch bekommen. Beim Starten von Windows blieb erst der Bildschirm schwarz, dann sollte ich das Starten von C:\...\Desktop\otl.exe bestätigen. Hab ich auch gemacht. Dann kam folgendes Log, das jetzt NICHT otl.txt heißt:

07022012_153927.txt:

Code:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2016649859-1300321083-3386470498-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 2152594043 bytes
->Temporary Internet Files folder emptied: 49138885 bytes
->Java cache emptied: 688940 bytes
->FireFox cache emptied: 1091900564 bytes
->Flash cache emptied: 41590 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 300822112 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 1521850 bytes
 
Total Files Cleaned = 3.430,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07022012_153927

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\***\AppData\Local\Temp\RtkBtMnt.exe not found!
[2012.07.02 15:43:10 | 008,405,015 | ---- | M] () C:\Windows\temp\TmpFile1 : Unable to obtain MD5

Registry entries deleted on Reboot...

Bleibt eine Frage:

Wer ist auf meinem System der User "UpdatusUser"? Und wer sind die ganzen anderen User? Angelegt habe ich nur "***" (also meinen Accout) und auch nur dieser wird beim Anmelden angezeigt. :wtf:

Viele Grüße, Christoph

cosinus 02.07.2012 16:19
Zitat:
Wer ist auf meinem System der User "UpdatusUser"?
Kannst du solche trivialen Sachen nicht erstmal versuchen per Google zu klären....ich hab keine Zeit hier jede Kleinigkeit zu erläutern :(

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Rumpel2 02.07.2012 19:33
Hallo Arne!

Tut mir leid, dass ich so eine "Kleinigkeit" nicht selber gesucht habe. Ich musste nach dem Scan dringend zur Uni und wollte dir unbedingt vorher noch antworten.

Mit dem TDSS-Killer hat alles geklappt. Hab es mit der Anleitung aus dem Link ausgeführt und vorher mit deinen Angaben eingestellt.

Es gab keine Funde. Windows wurde nicht automatisch neu gestartet. Das Programm war offensichtlich ohne Neustart abgeschlossen. Den Report habe ich gespeichert. Habe dann trotzdem einen manuellen Neustart gemacht. Anschließend Avira, Malwarebytes und den Windows Defender wieder eingeschaltet.

Hier ist der Log, den der TDSS-Killer geschrieben hat:

Report:

Code:

20:00:47.0619 4176        TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
20:00:47.0759 4176        ============================================================
20:00:47.0759 4176        Current date / time: 2012/07/02 20:00:47.0759
20:00:47.0759 4176        SystemInfo:
20:00:47.0759 4176       
20:00:47.0759 4176        OS Version: 6.1.7601 ServicePack: 1.0
20:00:47.0759 4176        Product type: Workstation
20:00:47.0759 4176        ComputerName: ***-PC
20:00:47.0759 4176        UserName: ***
20:00:47.0759 4176        Windows directory: C:\Windows
20:00:47.0759 4176        System windows directory: C:\Windows
20:00:47.0759 4176        Running under WOW64
20:00:47.0759 4176        Processor architecture: Intel x64
20:00:47.0759 4176        Number of processors: 2
20:00:47.0759 4176        Page size: 0x1000
20:00:47.0759 4176        Boot type: Normal boot
20:00:47.0759 4176        ============================================================
20:00:48.0820 4176        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:00:48.0836 4176        ============================================================
20:00:48.0836 4176        \Device\Harddisk0\DR0:
20:00:48.0836 4176        MBR partitions:
20:00:48.0836 4176        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:00:48.0836 4176        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124F8000
20:00:48.0836 4176        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1252A800, BlocksNum 0x27E5B000
20:00:48.0836 4176        ============================================================
20:00:48.0867 4176        C: <-> \Device\Harddisk0\DR0\Partition1
20:00:48.0898 4176        D: <-> \Device\Harddisk0\DR0\Partition2
20:00:48.0898 4176        ============================================================
20:00:48.0898 4176        Initialize success
20:00:48.0898 4176        ============================================================
20:01:01.0862 4376        ============================================================
20:01:01.0862 4376        Scan started
20:01:01.0862 4376        Mode: Manual; SigCheck; TDLFS;
20:01:01.0862 4376        ============================================================
20:01:02.0611 4376        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
20:01:02.0673 4376        1394ohci - ok
20:01:02.0689 4376        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:01:02.0720 4376        ACPI - ok
20:01:02.0735 4376        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:01:02.0782 4376        AcpiPmi - ok
20:01:02.0845 4376        acsock          (e42f90b27bdddd611fa7040afd256fda) C:\Windows\system32\DRIVERS\acsock64.sys
20:01:02.0860 4376        acsock - ok
20:01:02.0938 4376        AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:01:02.0954 4376        AdobeARMservice - ok
20:01:03.0016 4376        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
20:01:03.0032 4376        adp94xx - ok
20:01:03.0079 4376        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
20:01:03.0110 4376        adpahci - ok
20:01:03.0125 4376        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
20:01:03.0141 4376        adpu320 - ok
20:01:03.0172 4376        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:01:03.0219 4376        AeLookupSvc - ok
20:01:03.0297 4376        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:01:03.0344 4376        AFD - ok
20:01:03.0391 4376        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:01:03.0406 4376        agp440 - ok
20:01:03.0469 4376        aksdf          (89cd44c10d9b4d87725ff07f18a5702f) C:\Windows\system32\drivers\aksdf.sys
20:01:03.0500 4376        aksdf - ok
20:01:03.0531 4376        aksfridge      (ba0b6fd78ae88d39b9d3d984f295a137) C:\Windows\system32\DRIVERS\aksfridge.sys
20:01:03.0547 4376        aksfridge - ok
20:01:03.0578 4376        akshasp        (a56f1b0f967aef8a82d7771e6d166def) C:\Windows\system32\DRIVERS\akshasp.sys
20:01:03.0609 4376        akshasp - ok
20:01:03.0625 4376        akshhl          (bc0ee7f8d0be561793b80871f4f10627) C:\Windows\system32\DRIVERS\akshhl.sys
20:01:03.0640 4376        akshhl - ok
20:01:03.0687 4376        aksusb          (a9a09bc526e614ce9f29bb23c2a76ced) C:\Windows\system32\DRIVERS\aksusb.sys
20:01:03.0703 4376        aksusb - ok
20:01:03.0749 4376        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:01:03.0781 4376        ALG - ok
20:01:03.0812 4376        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:01:03.0827 4376        aliide - ok
20:01:03.0827 4376        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:01:03.0843 4376        amdide - ok
20:01:03.0874 4376        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
20:01:03.0890 4376        AmdK8 - ok
20:01:03.0890 4376        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
20:01:03.0921 4376        AmdPPM - ok
20:01:03.0952 4376        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:01:03.0968 4376        amdsata - ok
20:01:03.0983 4376        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
20:01:03.0999 4376        amdsbs - ok
20:01:04.0015 4376        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:01:04.0030 4376        amdxata - ok
20:01:04.0124 4376        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:01:04.0139 4376        AntiVirSchedulerService - ok
20:01:04.0311 4376        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:01:04.0311 4376        AntiVirService - ok
20:01:04.0358 4376        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:01:04.0405 4376        AppID - ok
20:01:04.0436 4376        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:01:04.0483 4376        AppIDSvc - ok
20:01:04.0498 4376        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:01:04.0561 4376        Appinfo - ok
20:01:04.0623 4376        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:01:04.0639 4376        AppMgmt - ok
20:01:04.0685 4376        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
20:01:04.0701 4376        arc - ok
20:01:04.0717 4376        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
20:01:04.0732 4376        arcsas - ok
20:01:04.0732 4376        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:01:04.0795 4376        AsyncMac - ok
20:01:04.0810 4376        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:01:04.0826 4376        atapi - ok
20:01:04.0904 4376        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:01:04.0951 4376        AudioEndpointBuilder - ok
20:01:04.0951 4376        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:01:04.0997 4376        AudioSrv - ok
20:01:05.0029 4376        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
20:01:05.0044 4376        avgntflt - ok
20:01:05.0075 4376        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
20:01:05.0091 4376        avipbb - ok
20:01:05.0107 4376        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:01:05.0107 4376        avkmgr - ok
20:01:05.0153 4376        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:01:05.0185 4376        AxInstSV - ok
20:01:05.0247 4376        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
20:01:05.0278 4376        b06bdrv - ok
20:01:05.0325 4376        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:01:05.0372 4376        b57nd60a - ok
20:01:05.0419 4376        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:01:05.0434 4376        BDESVC - ok
20:01:05.0450 4376        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:01:05.0497 4376        Beep - ok
20:01:05.0575 4376        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:01:05.0621 4376        BFE - ok
20:01:05.0699 4376        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:01:05.0762 4376        BITS - ok
20:01:05.0824 4376        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:01:05.0855 4376        blbdrive - ok
20:01:05.0887 4376        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:01:05.0918 4376        bowser - ok
20:01:05.0933 4376        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
20:01:05.0965 4376        BrFiltLo - ok
20:01:05.0980 4376        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
20:01:05.0996 4376        BrFiltUp - ok
20:01:06.0027 4376        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:01:06.0089 4376        Browser - ok
20:01:06.0121 4376        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:01:06.0152 4376        Brserid - ok
20:01:06.0167 4376        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:01:06.0199 4376        BrSerWdm - ok
20:01:06.0214 4376        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:01:06.0261 4376        BrUsbMdm - ok
20:01:06.0261 4376        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:01:06.0277 4376        BrUsbSer - ok
20:01:06.0292 4376        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
20:01:06.0323 4376        BTHMODEM - ok
20:01:06.0370 4376        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:01:06.0401 4376        bthserv - ok
20:01:06.0433 4376        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:01:06.0479 4376        cdfs - ok
20:01:06.0526 4376        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:01:06.0542 4376        cdrom - ok
20:01:06.0557 4376        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:01:06.0620 4376        CertPropSvc - ok
20:01:06.0651 4376        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:01:06.0682 4376        circlass - ok
20:01:06.0713 4376        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:01:06.0729 4376        CLFS - ok
20:01:06.0776 4376        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:01:06.0791 4376        clr_optimization_v2.0.50727_32 - ok
20:01:06.0854 4376        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:01:06.0869 4376        clr_optimization_v2.0.50727_64 - ok
20:01:06.0916 4376        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:01:06.0932 4376        clr_optimization_v4.0.30319_32 - ok
20:01:06.0963 4376        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:01:06.0979 4376        clr_optimization_v4.0.30319_64 - ok
20:01:07.0010 4376        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:01:07.0025 4376        CmBatt - ok
20:01:07.0041 4376        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:01:07.0057 4376        cmdide - ok
20:01:07.0119 4376        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:01:07.0135 4376        CNG - ok
20:01:07.0150 4376        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:01:07.0166 4376        Compbatt - ok
20:01:07.0197 4376        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:01:07.0213 4376        CompositeBus - ok
20:01:07.0228 4376        COMSysApp - ok
20:01:07.0244 4376        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
20:01:07.0259 4376        crcdisk - ok
20:01:07.0322 4376        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:01:07.0337 4376        CryptSvc - ok
20:01:07.0415 4376        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:01:07.0462 4376        CSC - ok
20:01:07.0525 4376        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:01:07.0540 4376        CscService - ok
20:01:07.0571 4376        CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
20:01:07.0587 4376        CVirtA - ok
20:01:07.0743 4376        CVPND          (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
20:01:07.0790 4376        CVPND - ok
20:01:07.0899 4376        CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
20:01:07.0915 4376        CVPNDRVA - ok
20:01:07.0993 4376        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:01:08.0055 4376        DcomLaunch - ok
20:01:08.0086 4376        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:01:08.0133 4376        defragsvc - ok
20:01:08.0180 4376        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:01:08.0227 4376        DfsC - ok
20:01:08.0258 4376        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:01:08.0305 4376        Dhcp - ok
20:01:08.0320 4376        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:01:08.0383 4376        discache - ok
20:01:08.0429 4376        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
20:01:08.0445 4376        Disk - ok
20:01:08.0476 4376        dmvsc          (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
20:01:08.0507 4376        dmvsc - ok
20:01:08.0554 4376        DNE            (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
20:01:08.0570 4376        DNE - ok
20:01:08.0601 4376        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:01:08.0632 4376        Dnscache - ok
20:01:08.0679 4376        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:01:08.0726 4376        dot3svc - ok
20:01:08.0741 4376        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:01:08.0788 4376        DPS - ok
20:01:08.0819 4376        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:01:08.0851 4376        drmkaud - ok
20:01:08.0897 4376        dtsoftbus01    (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:01:08.0913 4376        dtsoftbus01 - ok
20:01:09.0007 4376        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:01:09.0038 4376        DXGKrnl - ok
20:01:09.0085 4376        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:01:09.0131 4376        EapHost - ok
20:01:09.0365 4376        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
20:01:09.0443 4376        ebdrv - ok
20:01:09.0568 4376        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:01:09.0599 4376        EFS - ok
20:01:09.0677 4376        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:01:09.0724 4376        ehRecvr - ok
20:01:09.0755 4376        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:01:09.0787 4376        ehSched - ok
20:01:09.0865 4376        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
20:01:09.0880 4376        elxstor - ok
20:01:09.0896 4376        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:01:09.0911 4376        ErrDev - ok
20:01:09.0974 4376        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:01:10.0021 4376        EventSystem - ok
20:01:10.0052 4376        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:01:10.0099 4376        exfat - ok
20:01:10.0130 4376        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:01:10.0177 4376        fastfat - ok
20:01:10.0239 4376        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:01:10.0270 4376        Fax - ok
20:01:10.0301 4376        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
20:01:10.0317 4376        fdc - ok
20:01:10.0348 4376        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:01:10.0395 4376        fdPHost - ok
20:01:10.0395 4376        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:01:10.0457 4376        FDResPub - ok
20:01:10.0504 4376        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:01:10.0504 4376        FileInfo - ok
20:01:10.0535 4376        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:01:10.0582 4376        Filetrace - ok
20:01:10.0598 4376        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
20:01:10.0613 4376        flpydisk - ok
20:01:10.0645 4376        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:01:10.0660 4376        FltMgr - ok
20:01:10.0754 4376        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:01:10.0801 4376        FontCache - ok
20:01:10.0847 4376        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:01:10.0847 4376        FontCache3.0.0.0 - ok
20:01:10.0894 4376        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:01:10.0910 4376        FsDepends - ok
20:01:10.0941 4376        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:01:10.0957 4376        Fs_Rec - ok
20:01:10.0988 4376        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:01:11.0003 4376        fvevol - ok
20:01:11.0035 4376        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
20:01:11.0050 4376        gagp30kx - ok
20:01:11.0113 4376        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:01:11.0160 4376        gpsvc - ok
20:01:11.0222 4376        hardlock        (78fad9117e4527f2ca82259da10f40bd) C:\Windows\system32\drivers\hardlock.sys
20:01:11.0238 4376        hardlock - ok
20:01:11.0253 4376        hasplms - ok
20:01:11.0253 4376        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:01:11.0284 4376        hcw85cir - ok
20:01:11.0347 4376        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:01:11.0378 4376        HdAudAddService - ok
20:01:11.0394 4376        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:01:11.0425 4376        HDAudBus - ok
20:01:11.0440 4376        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
20:01:11.0456 4376        HidBatt - ok
20:01:11.0472 4376        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
20:01:11.0487 4376        HidBth - ok
20:01:11.0518 4376        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:01:11.0534 4376        HidIr - ok
20:01:11.0550 4376        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:01:11.0596 4376        hidserv - ok
20:01:11.0612 4376        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:01:11.0628 4376        HidUsb - ok
20:01:11.0643 4376        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:01:11.0690 4376        hkmsvc - ok
20:01:11.0737 4376        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:01:11.0768 4376        HomeGroupListener - ok
20:01:11.0799 4376        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:01:11.0815 4376        HomeGroupProvider - ok
20:01:11.0846 4376        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:01:11.0862 4376        HpSAMD - ok
20:01:11.0940 4376        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:01:11.0986 4376        HTTP - ok
20:01:12.0002 4376        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:01:12.0018 4376        hwpolicy - ok
20:01:12.0033 4376        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
20:01:12.0049 4376        i8042prt - ok
20:01:12.0096 4376        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:01:12.0111 4376        iaStorV - ok
20:01:12.0236 4376        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:01:12.0267 4376        idsvc - ok
20:01:12.0298 4376        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
20:01:12.0314 4376        iirsp - ok
20:01:12.0392 4376        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:01:12.0454 4376        IKEEXT - ok
20:01:12.0610 4376        IntcAzAudAddService (1a6241b70453a6629a83db942aa6b08c) C:\Windows\system32\drivers\RTKVHD64.sys
20:01:12.0657 4376        IntcAzAudAddService - ok
20:01:12.0782 4376        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:01:12.0782 4376        intelide - ok
20:01:12.0813 4376        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:01:12.0829 4376        intelppm - ok
20:01:12.0860 4376        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:01:12.0907 4376        IPBusEnum - ok
20:01:12.0922 4376        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:01:12.0969 4376        IpFilterDriver - ok
20:01:13.0016 4376        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:01:13.0063 4376        iphlpsvc - ok
20:01:13.0094 4376        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:01:13.0110 4376        IPMIDRV - ok
20:01:13.0110 4376        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:01:13.0172 4376        IPNAT - ok
20:01:13.0203 4376        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:01:13.0234 4376        IRENUM - ok
20:01:13.0250 4376        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:01:13.0266 4376        isapnp - ok
20:01:13.0297 4376        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:01:13.0312 4376        iScsiPrt - ok
20:01:13.0328 4376        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:01:13.0344 4376        kbdclass - ok
20:01:13.0359 4376        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:01:13.0390 4376        kbdhid - ok
20:01:13.0406 4376        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:01:13.0422 4376        KeyIso - ok
20:01:13.0437 4376        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:01:13.0453 4376        KSecDD - ok
20:01:13.0468 4376        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:01:13.0484 4376        KSecPkg - ok
20:01:13.0500 4376        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:01:13.0546 4376        ksthunk - ok
20:01:13.0593 4376        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:01:13.0640 4376        KtmRm - ok
20:01:13.0687 4376        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:01:13.0734 4376        LanmanServer - ok
20:01:13.0765 4376        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:01:13.0812 4376        LanmanWorkstation - ok
20:01:13.0843 4376        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:01:13.0905 4376        lltdio - ok
20:01:13.0952 4376        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:01:13.0999 4376        lltdsvc - ok
20:01:14.0030 4376        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:01:14.0077 4376        lmhosts - ok
20:01:14.0108 4376        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
20:01:14.0124 4376        LSI_FC - ok
20:01:14.0139 4376        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
20:01:14.0155 4376        LSI_SAS - ok
20:01:14.0170 4376        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
20:01:14.0186 4376        LSI_SAS2 - ok
20:01:14.0202 4376        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
20:01:14.0217 4376        LSI_SCSI - ok
20:01:14.0233 4376        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:01:14.0280 4376        luafv - ok
20:01:14.0326 4376        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
20:01:14.0342 4376        MBAMProtector - ok
20:01:14.0436 4376        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:01:14.0451 4376        MBAMService - ok
20:01:14.0482 4376        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:01:14.0514 4376        Mcx2Svc - ok
20:01:14.0529 4376        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
20:01:14.0545 4376        megasas - ok
20:01:14.0576 4376        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
20:01:14.0592 4376        MegaSR - ok
20:01:14.0638 4376        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:01:14.0685 4376        MMCSS - ok
20:01:14.0701 4376        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:01:14.0748 4376        Modem - ok
20:01:14.0763 4376        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:01:14.0794 4376        monitor - ok
20:01:14.0810 4376        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:01:14.0826 4376        mouclass - ok
20:01:14.0841 4376        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:01:14.0872 4376        mouhid - ok
20:01:14.0888 4376        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:01:14.0904 4376        mountmgr - ok
20:01:15.0013 4376        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:01:15.0013 4376        MozillaMaintenance - ok
20:01:15.0044 4376        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:01:15.0060 4376        mpio - ok
20:01:15.0075 4376        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:01:15.0106 4376        mpsdrv - ok
20:01:15.0169 4376        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:01:15.0216 4376        MpsSvc - ok
20:01:15.0247 4376        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:01:15.0278 4376        MRxDAV - ok
20:01:15.0309 4376        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:01:15.0325 4376        mrxsmb - ok
20:01:15.0356 4376        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:01:15.0372 4376        mrxsmb10 - ok
20:01:15.0387 4376        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:01:15.0403 4376        mrxsmb20 - ok
20:01:15.0418 4376        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:01:15.0434 4376        msahci - ok
20:01:15.0450 4376        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:01:15.0465 4376        msdsm - ok
20:01:15.0496 4376        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:01:15.0543 4376        MSDTC - ok
20:01:15.0559 4376        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:01:15.0606 4376        Msfs - ok
20:01:15.0637 4376        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:01:15.0684 4376        mshidkmdf - ok
20:01:15.0699 4376        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:01:15.0715 4376        msisadrv - ok
20:01:15.0746 4376        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:01:15.0777 4376        MSiSCSI - ok
20:01:15.0777 4376        msiserver - ok
20:01:15.0808 4376        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:01:15.0871 4376        MSKSSRV - ok
20:01:15.0886 4376        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:01:15.0933 4376        MSPCLOCK - ok
20:01:15.0949 4376        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:01:15.0996 4376        MSPQM - ok
20:01:16.0027 4376        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:01:16.0042 4376        MsRPC - ok
20:01:16.0058 4376        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
20:01:16.0074 4376        mssmbios - ok
20:01:16.0089 4376        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:01:16.0152 4376        MSTEE - ok
20:01:16.0167 4376        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
20:01:16.0183 4376        MTConfig - ok
20:01:16.0198 4376        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:01:16.0198 4376        Mup - ok
20:01:16.0261 4376        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:01:16.0308 4376        napagent - ok
20:01:16.0354 4376        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:01:16.0386 4376        NativeWifiP - ok
20:01:16.0464 4376        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:01:16.0495 4376        NDIS - ok
20:01:16.0510 4376        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:01:16.0557 4376        NdisCap - ok
20:01:16.0573 4376        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:01:16.0620 4376        NdisTapi - ok
20:01:16.0651 4376        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:01:16.0698 4376        Ndisuio - ok
20:01:16.0713 4376        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:01:16.0760 4376        NdisWan - ok
20:01:16.0776 4376        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:01:16.0807 4376        NDProxy - ok
20:01:16.0838 4376        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:01:16.0885 4376        NetBIOS - ok
20:01:16.0916 4376        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:01:16.0963 4376        NetBT - ok
20:01:16.0978 4376        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:01:16.0994 4376        Netlogon - ok
20:01:17.0056 4376        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:01:17.0103 4376        Netman - ok
20:01:17.0150 4376        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:01:17.0197 4376        netprofm - ok
20:01:17.0275 4376        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:01:17.0275 4376        NetTcpPortSharing - ok
20:01:17.0634 4376        netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
20:01:17.0774 4376        netw5v64 - ok
20:01:17.0914 4376        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
20:01:17.0930 4376        nfrd960 - ok
20:01:17.0977 4376        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:01:18.0024 4376        NlaSvc - ok
20:01:18.0055 4376        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:01:18.0086 4376        Npfs - ok
20:01:18.0102 4376        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:01:18.0133 4376        nsi - ok
20:01:18.0148 4376        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:01:18.0195 4376        nsiproxy - ok
20:01:18.0320 4376        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:01:18.0367 4376        Ntfs - ok
20:01:18.0476 4376        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:01:18.0538 4376        Null - ok
20:01:18.0570 4376        nuvotoncir      (6f09cb36c344b98356978b37ba9ad42b) C:\Windows\system32\DRIVERS\nuvotoncir.sys
20:01:18.0585 4376        nuvotoncir - ok
20:01:19.0334 4376        nvlddmkm        (325520227cc568052ae1d7ad49d90951) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:01:19.0724 4376        nvlddmkm - ok
20:01:19.0880 4376        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:01:19.0896 4376        nvraid - ok
20:01:19.0927 4376        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:01:19.0942 4376        nvstor - ok
20:01:20.0005 4376        nvsvc          (4dffb8ddba4a0e8222e0e8d2cd590803) C:\Windows\system32\nvvsvc.exe
20:01:20.0005 4376        nvsvc - ok
20:01:20.0208 4376        nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:01:20.0254 4376        nvUpdatusService - ok
20:01:20.0379 4376        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:01:20.0395 4376        nv_agp - ok
20:01:20.0410 4376        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:01:20.0442 4376        ohci1394 - ok
20:01:20.0504 4376        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:01:20.0520 4376        ose - ok
20:01:20.0878 4376        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:01:20.0956 4376        osppsvc - ok
20:01:21.0081 4376        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:01:21.0097 4376        p2pimsvc - ok
20:01:21.0144 4376        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:01:21.0175 4376        p2psvc - ok
20:01:21.0206 4376        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
20:01:21.0237 4376        Parport - ok
20:01:21.0268 4376        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:01:21.0284 4376        partmgr - ok
20:01:21.0300 4376        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:01:21.0346 4376        PcaSvc - ok
20:01:21.0362 4376        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:01:21.0378 4376        pci - ok
20:01:21.0409 4376        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:01:21.0409 4376        pciide - ok
20:01:21.0440 4376        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
20:01:21.0456 4376        pcmcia - ok
20:01:21.0471 4376        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:01:21.0487 4376        pcw - ok
20:01:21.0534 4376        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:01:21.0596 4376        PEAUTH - ok
20:01:21.0705 4376        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:01:21.0752 4376        PeerDistSvc - ok
20:01:21.0830 4376        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:01:21.0846 4376        PerfHost - ok
20:01:22.0017 4376        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:01:22.0095 4376        pla - ok
20:01:22.0158 4376        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:01:22.0189 4376        PlugPlay - ok
20:01:22.0204 4376        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:01:22.0236 4376        PNRPAutoReg - ok
20:01:22.0267 4376        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:01:22.0282 4376        PNRPsvc - ok
20:01:22.0329 4376        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:01:22.0376 4376        PolicyAgent - ok
20:01:22.0407 4376        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:01:22.0470 4376        Power - ok
20:01:22.0532 4376        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:01:22.0563 4376        PptpMiniport - ok
20:01:22.0579 4376        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
20:01:22.0594 4376        Processor - ok
20:01:22.0641 4376        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:01:22.0672 4376        ProfSvc - ok
20:01:22.0704 4376        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:01:22.0704 4376        ProtectedStorage - ok
20:01:22.0750 4376        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:01:22.0797 4376        Psched - ok
20:01:22.0922 4376        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
20:01:22.0969 4376        ql2300 - ok
20:01:23.0094 4376        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
20:01:23.0109 4376        ql40xx - ok
20:01:23.0156 4376        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:01:23.0187 4376        QWAVE - ok
20:01:23.0203 4376        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:01:23.0234 4376        QWAVEdrv - ok
20:01:23.0250 4376        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:01:23.0281 4376        RasAcd - ok
20:01:23.0328 4376        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:01:23.0359 4376        RasAgileVpn - ok
20:01:23.0374 4376        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:01:23.0421 4376        RasAuto - ok
20:01:23.0452 4376        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:01:23.0499 4376        Rasl2tp - ok
20:01:23.0546 4376        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:01:23.0577 4376        RasMan - ok
20:01:23.0608 4376        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:01:23.0655 4376        RasPppoe - ok
20:01:23.0671 4376        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:01:23.0718 4376        RasSstp - ok
20:01:23.0749 4376        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:01:23.0796 4376        rdbss - ok
20:01:23.0811 4376        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:01:23.0842 4376        rdpbus - ok
20:01:23.0858 4376        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:01:23.0905 4376        RDPCDD - ok
20:01:23.0952 4376        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:01:23.0952 4376        RDPDR - ok
20:01:23.0983 4376        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:01:24.0014 4376        RDPENCDD - ok
20:01:24.0030 4376        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:01:24.0061 4376        RDPREFMP - ok
20:01:24.0108 4376        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:01:24.0139 4376        RDPWD - ok
20:01:24.0186 4376        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:01:24.0201 4376        rdyboost - ok
20:01:24.0232 4376        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:01:24.0264 4376        RemoteAccess - ok
20:01:24.0295 4376        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:01:24.0357 4376        RemoteRegistry - ok
20:01:24.0388 4376        rimmptsk        (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
20:01:24.0404 4376        rimmptsk - ok
20:01:24.0435 4376        rimsptsk        (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
20:01:24.0451 4376        rimsptsk - ok
20:01:24.0466 4376        rismxdp        (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
20:01:24.0482 4376        rismxdp - ok
20:01:24.0498 4376        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:01:24.0544 4376        RpcEptMapper - ok
20:01:24.0576 4376        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:01:24.0591 4376        RpcLocator - ok
20:01:24.0622 4376        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:01:24.0669 4376        RpcSs - ok
20:01:24.0700 4376        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:01:24.0747 4376        rspndr - ok
20:01:24.0763 4376        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:01:24.0778 4376        s3cap - ok
20:01:24.0810 4376        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:01:24.0825 4376        SamSs - ok
20:01:24.0841 4376        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:01:24.0856 4376        sbp2port - ok
20:01:24.0888 4376        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:01:24.0919 4376        SCardSvr - ok
20:01:24.0950 4376        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:01:24.0981 4376        scfilter - ok
20:01:25.0075 4376        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:01:25.0137 4376        Schedule - ok
20:01:25.0168 4376        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:01:25.0200 4376        SCPolicySvc - ok
20:01:25.0246 4376        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
20:01:25.0278 4376        sdbus - ok
20:01:25.0309 4376        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:01:25.0340 4376        SDRSVC - ok
20:01:25.0387 4376        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:01:25.0418 4376        secdrv - ok
20:01:25.0449 4376        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:01:25.0480 4376        seclogon - ok
20:01:25.0512 4376        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:01:25.0558 4376        SENS - ok
20:01:25.0558 4376        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:01:25.0590 4376        SensrSvc - ok
20:01:25.0636 4376        Sentinel64      (84ac127242dd3ccde02f9a4673214b1f) C:\Windows\System32\Drivers\Sentinel64.sys
20:01:25.0636 4376        Sentinel64 - ok
20:01:25.0668 4376        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
20:01:25.0699 4376        Serenum - ok
20:01:25.0714 4376        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
20:01:25.0730 4376        Serial - ok
20:01:25.0746 4376        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
20:01:25.0777 4376        sermouse - ok
20:01:25.0808 4376        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:01:25.0870 4376        SessionEnv - ok
20:01:25.0870 4376        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:01:25.0886 4376        sffdisk - ok
20:01:25.0933 4376        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:01:25.0964 4376        sffp_mmc - ok
20:01:25.0980 4376        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:01:26.0011 4376        sffp_sd - ok
20:01:26.0011 4376        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
20:01:26.0026 4376        sfloppy - ok
20:01:26.0073 4376        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:01:26.0136 4376        SharedAccess - ok
20:01:26.0182 4376        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:01:26.0229 4376        ShellHWDetection - ok
20:01:26.0245 4376        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
20:01:26.0260 4376        SiSRaid2 - ok
20:01:26.0276 4376        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
20:01:26.0292 4376        SiSRaid4 - ok
20:01:26.0370 4376        SkypeUpdate    (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:01:26.0385 4376        SkypeUpdate - ok
20:01:26.0416 4376        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:01:26.0448 4376        Smb - ok
20:01:26.0494 4376        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:01:26.0510 4376        SNMPTRAP - ok
20:01:26.0557 4376        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:01:26.0572 4376        spldr - ok
20:01:26.0604 4376        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:01:26.0650 4376        Spooler - ok
20:01:26.0869 4376        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:01:26.0978 4376        sppsvc - ok
20:01:27.0087 4376        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:01:27.0134 4376        sppuinotify - ok
20:01:27.0181 4376        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:01:27.0212 4376        srv - ok
20:01:27.0243 4376        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:01:27.0274 4376        srv2 - ok
20:01:27.0337 4376        SrvHsfHDA      (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:01:27.0352 4376        SrvHsfHDA - ok
20:01:27.0462 4376        SrvHsfV92      (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:01:27.0508 4376        SrvHsfV92 - ok
20:01:27.0664 4376        SrvHsfWinac    (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:01:27.0680 4376        SrvHsfWinac - ok
20:01:27.0711 4376        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:01:27.0727 4376        srvnet - ok
20:01:27.0758 4376        sscdbus        (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
20:01:27.0774 4376        sscdbus - ok
20:01:27.0774 4376        sscdmdfl        (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:01:27.0789 4376        sscdmdfl - ok
20:01:27.0820 4376        sscdmdm        (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
20:01:27.0836 4376        sscdmdm - ok
20:01:27.0883 4376        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:01:27.0930 4376        SSDPSRV - ok
20:01:27.0945 4376        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:01:27.0992 4376        SstpSvc - ok
20:01:28.0008 4376        StarOpen - ok
20:01:28.0023 4376        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
20:01:28.0039 4376        stexstor - ok
20:01:28.0101 4376        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:01:28.0132 4376        stisvc - ok
20:01:28.0164 4376        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:01:28.0179 4376        storflt - ok
20:01:28.0195 4376        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
20:01:28.0210 4376        StorSvc - ok
20:01:28.0242 4376        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:01:28.0257 4376        storvsc - ok
20:01:28.0273 4376        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
20:01:28.0288 4376        swenum - ok
20:01:28.0335 4376        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:01:28.0398 4376        swprv - ok
20:01:28.0460 4376        SynTP          (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
20:01:28.0476 4376        SynTP - ok
20:01:28.0600 4376        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:01:28.0663 4376        SysMain - ok
20:01:28.0772 4376        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:01:28.0803 4376        TabletInputService - ok
20:01:28.0834 4376        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:01:28.0881 4376        TapiSrv - ok
20:01:28.0912 4376        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:01:28.0944 4376        TBS - ok
20:01:29.0100 4376        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:01:29.0146 4376        Tcpip - ok
20:01:29.0349 4376        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:01:29.0396 4376        TCPIP6 - ok
20:01:29.0474 4376        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:01:29.0521 4376        tcpipreg - ok
20:01:29.0536 4376        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:01:29.0568 4376        TDPIPE - ok
20:01:29.0599 4376        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:01:29.0630 4376        TDTCP - ok
20:01:29.0661 4376        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:01:29.0692 4376        tdx - ok
20:01:29.0708 4376        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
20:01:29.0724 4376        TermDD - ok
20:01:29.0817 4376        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:01:29.0880 4376        TermService - ok
20:01:29.0880 4376        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:01:29.0911 4376        Themes - ok
20:01:29.0942 4376        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:01:29.0973 4376        THREADORDER - ok
20:01:30.0004 4376        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:01:30.0051 4376        TrkWks - ok
20:01:30.0098 4376        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:01:30.0160 4376        TrustedInstaller - ok
20:01:30.0176 4376        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:01:30.0223 4376        tssecsrv - ok
20:01:30.0254 4376        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:01:30.0270 4376        TsUsbFlt - ok
20:01:30.0301 4376        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
20:01:30.0332 4376        TsUsbGD - ok
20:01:30.0363 4376        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:01:30.0394 4376        tunnel - ok
20:01:30.0426 4376        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
20:01:30.0441 4376        uagp35 - ok
20:01:30.0472 4376        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:01:30.0519 4376        udfs - ok
20:01:30.0566 4376        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:01:30.0597 4376        UI0Detect - ok
20:01:30.0597 4376        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:01:30.0613 4376        uliagpkx - ok
20:01:30.0644 4376        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:01:30.0675 4376        umbus - ok
20:01:30.0691 4376        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
20:01:30.0722 4376        UmPass - ok
20:01:30.0769 4376        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:01:30.0800 4376        UmRdpService - ok
20:01:30.0847 4376        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:01:30.0894 4376        upnphost - ok
20:01:30.0925 4376        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:01:30.0940 4376        usbccgp - ok
20:01:30.0987 4376        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:01:31.0003 4376        usbcir - ok
20:01:31.0018 4376        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:01:31.0050 4376        usbehci - ok
20:01:31.0081 4376        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:01:31.0112 4376        usbhub - ok
20:01:31.0143 4376        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:01:31.0159 4376        usbohci - ok
20:01:31.0159 4376        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:01:31.0190 4376        usbprint - ok
20:01:31.0206 4376        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:01:31.0237 4376        USBSTOR - ok
20:01:31.0252 4376        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
20:01:31.0268 4376        usbuhci - ok
20:01:31.0315 4376        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
20:01:31.0362 4376        usbvideo - ok
20:01:31.0393 4376        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:01:31.0440 4376        UxSms - ok
20:01:31.0486 4376        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:01:31.0502 4376        VaultSvc - ok
20:01:31.0518 4376        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:01:31.0533 4376        vdrvroot - ok
20:01:31.0580 4376        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:01:31.0627 4376        vds - ok
20:01:31.0658 4376        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:01:31.0674 4376        vga - ok
20:01:31.0689 4376        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:01:31.0752 4376        VgaSave - ok
20:01:31.0783 4376        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:01:31.0798 4376        vhdmp - ok
20:01:31.0798 4376        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:01:31.0814 4376        viaide - ok
20:01:31.0845 4376        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:01:31.0876 4376        vmbus - ok
20:01:31.0892 4376        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:01:31.0908 4376        VMBusHID - ok
20:01:31.0939 4376        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:01:31.0954 4376        volmgr - ok
20:01:31.0986 4376        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:01:32.0001 4376        volmgrx - ok
20:01:32.0032 4376        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:01:32.0048 4376        volsnap - ok
20:01:32.0157 4376        vpnagent        (f937e203d6f18fad36b68d92df02775d) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
20:01:32.0173 4376        vpnagent - ok
20:01:32.0188 4376        vpnva          (845dae50510383b7f6aca73ce2099048) C:\Windows\system32\DRIVERS\vpnva64.sys
20:01:32.0204 4376        vpnva - ok
20:01:32.0235 4376        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
20:01:32.0251 4376        vsmraid - ok
20:01:32.0360 4376        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:01:32.0438 4376        VSS - ok
20:01:32.0563 4376        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:01:32.0594 4376        vwifibus - ok
20:01:32.0641 4376        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:01:32.0688 4376        W32Time - ok
20:01:32.0703 4376        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
20:01:32.0719 4376        WacomPen - ok
20:01:32.0766 4376        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:01:32.0812 4376        WANARP - ok
20:01:32.0828 4376        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:01:32.0859 4376        Wanarpv6 - ok
20:01:32.0968 4376        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:01:33.0015 4376        wbengine - ok
20:01:33.0124 4376        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:01:33.0156 4376        WbioSrvc - ok
20:01:33.0187 4376        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:01:33.0218 4376        wcncsvc - ok
20:01:33.0234 4376        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:01:33.0249 4376        WcsPlugInService - ok
20:01:33.0312 4376        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
20:01:33.0327 4376        Wd - ok
20:01:33.0374 4376        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:01:33.0390 4376        Wdf01000 - ok
20:01:33.0405 4376        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:01:33.0436 4376        WdiServiceHost - ok
20:01:33.0452 4376        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:01:33.0468 4376        WdiSystemHost - ok
20:01:33.0499 4376        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:01:33.0530 4376        WebClient - ok
20:01:33.0561 4376        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:01:33.0608 4376        Wecsvc - ok
20:01:33.0639 4376        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:01:33.0670 4376        wercplsupport - ok
20:01:33.0702 4376        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:01:33.0748 4376        WerSvc - ok
20:01:33.0795 4376        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:01:33.0842 4376        WfpLwf - ok
20:01:33.0858 4376        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:01:33.0873 4376        WIMMount - ok
20:01:33.0920 4376        winbondcir      (54d68b92dc59fbba95919c804a7c3e07) C:\Windows\system32\DRIVERS\winbondcir.sys
20:01:33.0936 4376        winbondcir - ok
20:01:33.0951 4376        WinDefend - ok
20:01:33.0967 4376        WinHttpAutoProxySvc - ok
20:01:34.0014 4376        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:01:34.0060 4376        Winmgmt - ok
20:01:34.0201 4376        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:01:34.0279 4376        WinRM - ok
20:01:34.0419 4376        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:01:34.0450 4376        WinUsb - ok
20:01:34.0513 4376        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:01:34.0560 4376        Wlansvc - ok
20:01:34.0591 4376        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:01:34.0606 4376        WmiAcpi - ok
20:01:34.0669 4376        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:01:34.0716 4376        wmiApSrv - ok
20:01:34.0762 4376        WMPNetworkSvc - ok
20:01:34.0794 4376        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:01:34.0809 4376        WPCSvc - ok
20:01:34.0840 4376        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:01:34.0856 4376        WPDBusEnum - ok
20:01:34.0872 4376        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:01:34.0918 4376        ws2ifsl - ok
20:01:34.0934 4376        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:01:34.0965 4376        wscsvc - ok
20:01:34.0981 4376        WSearch - ok
20:01:35.0137 4376        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:01:35.0199 4376        wuauserv - ok
20:01:35.0324 4376        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:01:35.0371 4376        WudfPf - ok
20:01:35.0402 4376        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:01:35.0449 4376        WUDFRd - ok
20:01:35.0480 4376        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:01:35.0511 4376        wudfsvc - ok
20:01:35.0542 4376        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:01:35.0574 4376        WwanSvc - ok
20:01:35.0620 4376        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:01:35.0917 4376        \Device\Harddisk0\DR0 - ok
20:01:35.0932 4376        Boot (0x1200)  (86962d203fe153d8ddcf18976c8939f5) \Device\Harddisk0\DR0\Partition0
20:01:35.0932 4376        \Device\Harddisk0\DR0\Partition0 - ok
20:01:35.0964 4376        Boot (0x1200)  (e4982c91bebb6a03bedc517d9cbc03e6) \Device\Harddisk0\DR0\Partition1
20:01:35.0964 4376        \Device\Harddisk0\DR0\Partition1 - ok
20:01:35.0979 4376        Boot (0x1200)  (5ff4771ad7c75b5ef59d6fd609cdf72b) \Device\Harddisk0\DR0\Partition2
20:01:35.0979 4376        \Device\Harddisk0\DR0\Partition2 - ok
20:01:35.0979 4376        ============================================================
20:01:35.0979 4376        Scan finished
20:01:35.0979 4376        ============================================================
20:01:35.0995 5072        Detected object count: 0
20:01:35.0995 5072        Actual detected object count: 0
Als ich mir nach dem Neustart die Log-Datei "TDSSKiller.2.7.43.0_02.07.2012_20.00.47_log" angesehen habe, war zusätzlich noch folgende Zeile enthalten:

Code:
20:05:09.0604 4688        Deinitialize success

Eins ist mir aufgefallen:
Es werden die Dateiendungen nicht mehr angezeigt. Ich glaube, das ist so seit dem Fix mit OTL. War das gewollt? Ich selber habe da in letzter Zeit nichts dran eingestellt, bisher wurden sie immer angezeigt. Kann ich die Dateiendungen wieder einschalten?

Viele Grüße, Rumpel

cosinus 03.07.2012 12:26
Ja sicher kannst du diese Anzeigeeinstellung machen, das ist doch nichts weiter als eine ziemlich banale Ansichtsoption

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Rumpel2 04.07.2012 11:36
Hallo Arne!



Hat etwas länger gedauert, weil ich mir das Tutorium doch erst ausdrucken wollte. Zu den Endungen nochmal: Ich wollte dir nur die Veränderung mitteilen, weil ich nicht beurteilen konnte, ob das irgendein Programm im Hintergrund gestellt hat oder durch den Fix kam.
Hab das ComboFix laufen lassen. Und es gab keine Auffälligkeiten.

Hier der Log:

Combofix Logfile:
Code:
ComboFix 12-07-02.01 - *** 04.07.2012  11:47:44.1.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4094.2929 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\+++~1\AppData\Local\Temp\RtkBtMnt.exe
c:\users\***\AppData\Local\Temp\RtkBtMnt.exe
c:\users\***\AppData\Local\TempDIR
c:\users\***\AppData\Local\TempDIR\WindowsXP-KB893357-v2-x86-DEU.exe
c:\users\***\AppData\Local\TempDIR\WindowsXP-KB917021-v3-x86-DEU.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-04 bis 2012-07-04  ))))))))))))))))))))))))))))))
.
.
2012-07-03 09:02 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{708C552D-EF0A-48B1-A1D4-30434AD6829A}\mpengine.dll
2012-07-02 13:39 . 2012-07-02 13:39        --------        d-----w-        C:\_OTL
2012-07-01 15:49 . 2012-07-01 15:49        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-01 15:49 . 2012-07-01 15:49        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-29 17:07 . 2012-06-29 17:07        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-06-29 17:07 . 2012-06-29 17:07        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-29 17:07 . 2012-06-29 17:07        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-29 17:07 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-24 13:18 . 2012-06-24 13:18        --------        d-----w-        c:\users\***\AppData\Local\ElevatedDiagnostics
2012-06-24 05:03 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-24 05:03 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-24 05:03 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-24 05:03 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-24 05:03 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-24 05:03 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-24 05:03 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-24 05:03 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-24 05:03 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-23 09:56 . 2012-06-23 09:56        476936        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-06-23 09:56 . 2012-06-23 09:56        --------        d-----w-        c:\program files (x86)\Java
2012-06-19 15:51 . 2012-06-19 15:52        --------        d-----w-        c:\programdata\LogiShrd
2012-06-19 15:51 . 2012-06-19 15:51        --------        d-----w-        c:\program files\Common Files\LogiShrd
2012-06-15 05:32 . 2012-06-15 05:32        --------        d-----w-        c:\users\***\AppData\Local\Macromedia
2012-06-14 00:59 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-12 06:37 . 2012-06-12 06:37        --------        d-----w-        c:\program files (x86)\Common Files\Aladdin Shared
2012-06-12 06:37 . 2009-04-21 10:59        2869760        ----a-w-        c:\windows\system32\hasplms.exe
2012-06-12 06:36 . 2009-08-26 05:48        71040        ----a-w-        c:\windows\system32\drivers\aksdf.sys
2012-06-12 06:36 . 2009-04-30 12:28        11776        ----a-w-        c:\windows\system32\akshsp51.dll
2012-06-12 06:36 . 2009-03-13 09:55        53760        ----a-w-        c:\windows\system32\drivers\akshasp.sys
2012-06-12 06:36 . 2009-03-13 09:55        318464        ----a-w-        c:\windows\system32\drivers\hardlock.sys
2012-06-12 06:36 . 2009-03-13 09:55        25344        ----a-w-        c:\windows\system32\drivers\aksusb.sys
2012-06-12 06:36 . 2008-12-19 12:46        33792        ----a-w-        c:\windows\system32\akshhl27.dll
2012-06-12 06:36 . 2008-12-19 12:43        71168        ----a-w-        c:\windows\system32\aksusb3.dll
2012-06-12 06:36 . 2007-11-23 10:35        14848        ----a-w-        c:\windows\system32\drivers\aksclass.sys
2012-06-12 06:34 . 2009-10-26 00:21        111104        ----a-w-        c:\windows\SysWow64\PropShellEx.dll
2012-06-12 06:34 . 2009-10-26 00:21        274432        ----a-w-        c:\windows\SysWow64\ThmShellEx.dll
2012-06-12 06:34 . 2008-11-14 15:18        631592        ----a-w-        c:\windows\SysWow64\msvcr80.dll
2012-06-12 06:34 . 2008-11-14 15:18        348968        ----a-w-        c:\windows\SysWow64\msvcr70.dll
2012-06-12 06:34 . 2008-11-14 15:18        553768        ----a-w-        c:\windows\SysWow64\msvcp80.dll
2012-06-12 06:34 . 2008-11-14 15:18        492328        ----a-w-        c:\windows\SysWow64\msvcp70.dll
2012-06-12 06:34 . 2008-11-14 15:18        484136        ----a-w-        c:\windows\SysWow64\msvcm80.dll
2012-06-12 06:34 . 2008-11-14 15:18        1097512        ----a-w-        c:\windows\SysWow64\mfc80u.dll
2012-06-12 06:34 . 2008-11-14 15:18        504616        ----a-w-        c:\windows\SysWow64\MSVCP71.DLL
2012-06-12 06:34 . 2008-11-14 15:18        1106728        ----a-w-        c:\windows\SysWow64\mfc80.dll
2012-06-12 06:34 . 2008-11-14 15:18        979752        ----a-w-        c:\windows\SysWow64\mfc70.dll
2012-06-12 06:33 . 2012-06-12 06:35        --------        d-----w-        c:\program files (x86)\Common Files\Dlubal
2012-06-12 06:33 . 2012-06-12 06:35        --------        d-----w-        c:\program files (x86)\Dlubal
2012-06-12 06:33 . 2012-06-12 06:36        --------        d-----w-        c:\programdata\Dlubal
2012-06-07 15:35 . 2012-06-07 15:35        10744        ----a-w-        c:\windows\SysWow64\vpncategories.dll
2012-06-07 15:35 . 2012-06-07 15:35        33272        ----a-w-        c:\windows\SysWow64\vpnevents.dll
2012-06-06 05:13 . 2012-06-06 05:15        --------        d-----w-        c:\users\***\AppData\Roaming\pdfforge
2012-06-06 05:13 . 2012-05-14 07:21        94208        ----a-w-        c:\windows\system32\pdfcmon.dll
2012-06-06 05:13 . 2004-03-08 23:00        662288        ----a-w-        c:\windows\SysWow64\MSCOMCT2.OCX
2012-06-06 05:13 . 1998-06-23 23:00        137000        ----a-w-        c:\windows\SysWow64\MSMAPI32.OCX
2012-06-06 05:13 . 2012-06-06 05:13        --------        d-----w-        c:\program files (x86)\PDFCreator
2012-06-06 05:13 . 1998-07-06 16:56        125712        ----a-w-        c:\windows\SysWow64\VB6DE.DLL
2012-06-06 05:13 . 1998-07-06 16:55        158208        ----a-w-        c:\windows\SysWow64\MSCMCDE.DLL
2012-06-06 05:13 . 1998-07-06 16:55        64512        ----a-w-        c:\windows\SysWow64\MSCC2DE.DLL
2012-06-06 05:13 . 1998-07-05 23:00        23552        ----a-w-        c:\windows\SysWow64\MSMPIDE.DLL
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 09:56 . 2011-11-18 15:52        472840        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-06-15 05:32 . 2012-03-29 20:04        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-15 05:32 . 2011-11-09 18:53        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-07 15:25 . 2011-05-18 11:12        27048        ----a-w-        c:\windows\system32\drivers\vpnva64.sys
2012-06-07 15:24 . 2011-09-09 15:59        107432        ----a-r-        c:\windows\system32\drivers\acsock64.sys
2012-05-08 21:10 . 2011-11-11 13:25        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 21:10 . 2011-11-11 13:25        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-06 21:37 . 2012-03-29 20:37        8744608        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-06-07 522744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-06-07 107432]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-01 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 46592]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-22 279616]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2009-08-26 71040]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2007-04-27 142120]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-06-07 478712]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [2009-06-24 48128]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-04 c:\windows\Tasks\MATLAB R2011b Startup Accelerator.job
- c:\program files\MATLAB\R2011b\bin\win64\MATLABStartupAccelerator.exe [2012-01-18 14:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-23 7981600]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{0ED86950-1512-4D79-83CB-751C7CBB0338}: NameServer = 193.194.148.20 193.194.149.101
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epj6lbtx.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-RuckZuck 4.0 Studentenversion - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Cisco Systems\VPN Client\cvpnd.exe
c:\windows\system32\hasplms.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-04  12:09:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-04 10:09
.
Vor Suchlauf: 8 Verzeichnis(se), 93.207.334.912 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 92.689.616.896 Bytes frei
.
- - End Of File - - 85A17E68DFE7EE79B79B2C587C40D67F
--- --- ---


*** ist wie immer der Standard Nutzer. +++ ist eine Abkürzung von diesem Standardnutzer gewesen, die ComboFix wohl gemacht hat. Ist ja aber an ~ zu erkennen.

Anschließend 2 kleine Auffälligkeiten:

1) Ich konnte Firefox nicht direkt starten. Es kam die von dir schon angesprochene Fehlermeldung und ich habe auf die anschließende Frage (irgendwas löschen) mit "nein" geantwortet und den Laptop neu gestartet.

2) In dem Moment, als ich auf neu starten geklickt habe, hab ich gesehen, dass neben "herunterfahren" dieses Warndreieck für Windows Updates war. Leider zu spät. Er hat dann ganz normal heruntergefahren und neu gestartet, wahrscheinlich keine Updates installiert (zumindest nicht so, dass er es einem sagt).

Nach dem Neustart alles gut. Allerdings ist das Warndreieck weg. Warte nun auf weitere Anweisungen von dir.

Hab grad nochmal geguckt: Das Zeichen für Windows Updates ist wieder da.

Viele Grüße, Rumpel


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:39 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131