Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Rechner nach Virusfund sauber? (https://www.trojaner-board.de/118516-rechner-virusfund-sauber.html)

Blobbit 04.07.2012 14:16
Rechner nach Virusfund sauber?
 
Hallo,

ich hatte gestern einen Routine-Systemscan von Avira machen lassen und der ergab 9 Funde, z.B. EXP/2011-3544.DL.1 und EXP/CVE-2012-0507, beide in einem Java Ordner (s.Logfile).

Ich habe alle Dateien gelöscht und Java deinstalliert und neu installiert, weil ich noch die alte Version 6 hatte. Jetzt ist die neueste drauf. Habe dann einen weiteren Scan (auch aller USB-Sticks) gemacht, bei dem dann nichts mehr von Avira gefunden wurde. (s.Logfile)

Leider habe ich aber keine Ahnung davon, was diese Exploits anrichten können oder wie sie sich verstecken und verbreiten, und ich würde gerne wissen, ob mein System nun wieder sauber ist.

Betriebssystem ist Win 7 Professional (32bit) mit SP1.

Hier das Log vom ersten Avira-Scan:

Zitat:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 3. Juli 2012 17:31

Es wird nach 3829258 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : KATHISLÄPPI

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 15:27:21
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 15:27:21
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 15:27:22
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 15:27:22
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 15:27:09
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 17:24:25
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 17:03:54
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 11:51:17
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 07:26:01
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 07:26:01
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 07:26:01
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 07:26:01
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 07:26:01
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 07:26:02
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 07:26:02
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 07:26:02
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 07:26:02
VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 15:01:04
VBASE015.VDF : 7.11.34.202 2048 Bytes 02.07.2012 15:01:04
VBASE016.VDF : 7.11.34.203 2048 Bytes 02.07.2012 15:01:05
VBASE017.VDF : 7.11.34.204 2048 Bytes 02.07.2012 15:01:05
VBASE018.VDF : 7.11.34.205 2048 Bytes 02.07.2012 15:01:05
VBASE019.VDF : 7.11.34.206 2048 Bytes 02.07.2012 15:01:05
VBASE020.VDF : 7.11.34.207 2048 Bytes 02.07.2012 15:01:05
VBASE021.VDF : 7.11.34.208 2048 Bytes 02.07.2012 15:01:05
VBASE022.VDF : 7.11.34.209 2048 Bytes 02.07.2012 15:01:05
VBASE023.VDF : 7.11.34.210 2048 Bytes 02.07.2012 15:01:05
VBASE024.VDF : 7.11.34.211 2048 Bytes 02.07.2012 15:01:05
VBASE025.VDF : 7.11.34.212 2048 Bytes 02.07.2012 15:01:05
VBASE026.VDF : 7.11.34.213 2048 Bytes 02.07.2012 15:01:05
VBASE027.VDF : 7.11.34.214 2048 Bytes 02.07.2012 15:01:05
VBASE028.VDF : 7.11.34.215 2048 Bytes 02.07.2012 15:01:05
VBASE029.VDF : 7.11.34.216 2048 Bytes 02.07.2012 15:01:05
VBASE030.VDF : 7.11.34.217 2048 Bytes 02.07.2012 15:01:05
VBASE031.VDF : 7.11.34.242 38912 Bytes 03.07.2012 15:01:05
Engineversion : 8.2.10.102
AEVDF.DLL : 8.1.2.8 106867 Bytes 01.06.2012 18:31:58
AESCRIPT.DLL : 8.1.4.28 455035 Bytes 21.06.2012 16:17:20
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 17:03:19
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 15:38:46
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.22 807288 Bytes 21.06.2012 16:17:08
AEOFFICE.DLL : 8.1.2.40 201082 Bytes 29.06.2012 07:25:56
AEHEUR.DLL : 8.1.4.58 4993399 Bytes 29.06.2012 07:25:56
AEHELP.DLL : 8.1.23.2 258422 Bytes 29.06.2012 07:25:50
AEGEN.DLL : 8.1.5.30 422261 Bytes 14.06.2012 15:36:50
AEEXP.DLL : 8.1.0.58 82292 Bytes 29.06.2012 07:25:57
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.10 201080 Bytes 01.06.2012 18:31:55
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 15:27:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 15:27:21
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 15:27:22
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 15:27:21
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 15:27:21
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 15:27:22
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 15:27:21
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 15:27:22
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 15:27:21
RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 15:27:21

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Dienstag, 3. Juli 2012 17:31

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrStMonW.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'FNPLicensingService.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '109' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrYNSvc.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'StikyNot.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdcBase.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '206' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ePowerSvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'xaudio.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '127' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files\Handbrake\uninst.exe
[WARNUNG] Unerwartetes Dateiende erreicht
Die Registry wurde durchsucht ( '1232' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Program Files\Handbrake\uninst.exe
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QR343MWY\swflash[1].cab
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\13b4a51a-6152a2f7
[0] Archivtyp: ZIP
--> a/Help.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
--> a/Test.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\efe71aa-33dc8636
[0] Archivtyp: ZIP
--> rc.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
--> Dot.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
--> ER.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/3544.CU.1.A
--> rb.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2011-3544.CB
--> lz.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.DK.1
--> rd.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.CR
--> ra.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.DL.1
C:\Windows\SoftwareDistribution\Download\ad38d7e87e25c4a99978459e75766094\BIT7471.tmp
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
Beginne mit der Suche in 'D:\' <Katharina>

Beginne mit der Desinfektion:
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\efe71aa-33dc8636
[FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.DL.1
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\13b4a51a-6152a2f7
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-0507
[HINWEIS] Die Datei wurde gelöscht.


Ende des Suchlaufs: Dienstag, 3. Juli 2012 19:32
Benötigte Zeit: 1:22:00 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

26500 Verzeichnisse wurden überprüft
643788 Dateien wurden geprüft
9 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
2 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
643779 Dateien ohne Befall
8779 Archive wurden durchsucht
4 Warnungen
2 Hinweise
502381 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

Und hier das vom zweiten Scan nach Löschen der Funde:

Zitat:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 3. Juli 2012 20:03

Es wird nach 3829258 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : ***
Computername : KATHISLÄPPI

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 15:27:21
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 15:27:21
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 15:27:22
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 15:27:22
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 15:27:09
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 09:07:39
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 17:24:25
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 17:03:54
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 11:51:17
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 07:26:01
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 07:26:01
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 07:26:01
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 07:26:01
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 07:26:01
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 07:26:02
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 07:26:02
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 07:26:02
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 07:26:02
VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 15:01:04
VBASE015.VDF : 7.11.34.202 2048 Bytes 02.07.2012 15:01:04
VBASE016.VDF : 7.11.34.203 2048 Bytes 02.07.2012 15:01:05
VBASE017.VDF : 7.11.34.204 2048 Bytes 02.07.2012 15:01:05
VBASE018.VDF : 7.11.34.205 2048 Bytes 02.07.2012 15:01:05
VBASE019.VDF : 7.11.34.206 2048 Bytes 02.07.2012 15:01:05
VBASE020.VDF : 7.11.34.207 2048 Bytes 02.07.2012 15:01:05
VBASE021.VDF : 7.11.34.208 2048 Bytes 02.07.2012 15:01:05
VBASE022.VDF : 7.11.34.209 2048 Bytes 02.07.2012 15:01:05
VBASE023.VDF : 7.11.34.210 2048 Bytes 02.07.2012 15:01:05
VBASE024.VDF : 7.11.34.211 2048 Bytes 02.07.2012 15:01:05
VBASE025.VDF : 7.11.34.212 2048 Bytes 02.07.2012 15:01:05
VBASE026.VDF : 7.11.34.213 2048 Bytes 02.07.2012 15:01:05
VBASE027.VDF : 7.11.34.214 2048 Bytes 02.07.2012 15:01:05
VBASE028.VDF : 7.11.34.215 2048 Bytes 02.07.2012 15:01:05
VBASE029.VDF : 7.11.34.216 2048 Bytes 02.07.2012 15:01:05
VBASE030.VDF : 7.11.34.217 2048 Bytes 02.07.2012 15:01:05
VBASE031.VDF : 7.11.34.242 38912 Bytes 03.07.2012 15:01:05
Engineversion : 8.2.10.102
AEVDF.DLL : 8.1.2.8 106867 Bytes 01.06.2012 18:31:58
AESCRIPT.DLL : 8.1.4.28 455035 Bytes 21.06.2012 16:17:20
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 17:03:19
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 15:38:46
AERDL.DLL : 8.1.9.15 639348 Bytes 08.09.2011 21:16:06
AEPACK.DLL : 8.2.16.22 807288 Bytes 21.06.2012 16:17:08
AEOFFICE.DLL : 8.1.2.40 201082 Bytes 29.06.2012 07:25:56
AEHEUR.DLL : 8.1.4.58 4993399 Bytes 29.06.2012 07:25:56
AEHELP.DLL : 8.1.23.2 258422 Bytes 29.06.2012 07:25:50
AEGEN.DLL : 8.1.5.30 422261 Bytes 14.06.2012 15:36:50
AEEXP.DLL : 8.1.0.58 82292 Bytes 29.06.2012 07:25:57
AEEMU.DLL : 8.1.3.0 393589 Bytes 01.09.2011 21:46:01
AECORE.DLL : 8.1.25.10 201080 Bytes 01.06.2012 18:31:55
AEBB.DLL : 8.1.1.0 53618 Bytes 01.09.2011 21:46:01
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 15:27:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 15:27:21
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 15:27:22
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 15:27:21
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 15:27:21
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 15:27:22
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 15:27:21
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 15:27:22
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 15:27:21
RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 15:27:21

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Manuelle Auswahl
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, F:, G:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660,
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +APPL,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Dienstag, 3. Juli 2012 20:03

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Bootsektor 'F:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'G:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'BrStMonW.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'StikyNot.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmdcBase.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1194' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QR343MWY\swflash[1].cab
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
C:\Windows\SoftwareDistribution\Download\ad38d7e87e25c4a99978459e75766094\BIT7471.tmp
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
Beginne mit der Suche in 'D:\' <Katharina>
Beginne mit der Suche in 'E:\'
Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'F:\' <INTENSO>
Beginne mit der Suche in 'G:\' <Transcend>


Ende des Suchlaufs: Dienstag, 3. Juli 2012 21:37
Benötigte Zeit: 1:34:20 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

26778 Verzeichnisse wurden überprüft
698078 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
698078 Dateien ohne Befall
15066 Archive wurden durchsucht
2 Warnungen
0 Hinweise

Ich habe dann noch OTL laufen lassen:

Zitat:
OTL logfile created on: 04.07.2012 09:55:05 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\***\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 75,58% Memory free
5,99 Gb Paging File | 5,09 Gb Available in Paging File | 84,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 7,22 Gb Free Space | 14,79% Space Free | Partition Type: NTFS
Drive D: | 62,86 Gb Total Space | 1,23 Gb Free Space | 1,95% Space Free | Partition Type: NTFS

Computer Name: KATHISLÄPPI | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
MOD - C:\Programme\Brother\BrUtilities\BrLogAPI.dll ()
MOD - C:\Programme\Filzip\fzshext.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14597
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 7C 33 86 9D 94 CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{64D07A23-70CA-4B42-A153-A748A482741C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=9621eb39-4e86-4b99-8445-36f6e6688379&apn_sauid=29707ED1-A83A-4FD0-B7C1-FF640792C608
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {ff356687-aa08-463d-a46c-11c451824939}:5.5.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 21:36:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.03 19:46:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.22 13:10:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 21:36:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.03 19:46:02 | 000,000,000 | ---D | M]

[2011.02.22 21:05:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.02.22 21:05:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.29 10:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bew6pf6y.default\extensions
[2012.03.30 15:49:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bew6pf6y.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.06.23 18:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Thunderbird\Profiles\y2qjhrun.default\extensions
[2012.06.23 18:27:10 | 000,000,000 | ---D | M] (TT DeepDark) -- C:\Users\***\AppData\Roaming\mozilla\Thunderbird\Profiles\y2qjhrun.default\extensions\{9ed238c0-af95-11e0-9f1c-0800200c9a66}
[2011.02.22 21:00:57 | 000,000,000 | ---D | M] (Leopard Mail-Default-Aqua) -- C:\Users\Katharina Therre\AppData\Roaming\mozilla\Thunderbird\Profiles\y2qjhrun.default\extensions\LeopardMailDefaultAqua@reo-2007
[2012.03.17 17:37:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.29 10:13:11 | 000,743,305 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BEW6PF6Y.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.16 21:36:54 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.16 21:36:51 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.06.16 21:36:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.16 21:36:51 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012.06.16 21:36:51 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.06.16 21:36:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.06.16 21:36:51 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A4C0B1F-A49B-44EC-91CD-4CE0601981A0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E80286E2-5580-4D5A-95FF-00D11B587DE9}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.04 09:50:02 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.03 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.07.03 19:46:02 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.07.03 19:46:01 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.07.03 19:45:40 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.07.03 19:45:40 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.07.03 19:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.25 09:30:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
[2012.06.19 18:03:49 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.19 18:03:49 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.19 18:03:29 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.19 18:03:29 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.19 18:03:29 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.19 18:03:01 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.19 18:03:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.13 17:12:23 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.06.13 16:26:35 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.06.13 16:26:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.13 16:26:33 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.13 16:26:33 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.13 16:26:33 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.13 16:26:30 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.13 16:26:30 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.13 16:26:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.06.13 16:26:29 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012.07.04 10:00:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.04 09:50:05 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.04 09:30:29 | 000,016,560 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 09:30:29 | 000,016,560 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 09:27:50 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.04 09:27:50 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.04 09:27:50 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.04 09:27:50 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.04 09:24:13 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.04 09:22:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.04 09:22:38 | 2414,436,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.03 19:45:29 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012.07.03 19:45:29 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012.07.03 19:45:29 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012.07.03 19:45:29 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012.07.03 19:45:29 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012.06.25 09:19:51 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.25 09:19:51 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.13 18:14:02 | 002,313,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.12 23:00:27 | 000,005,632 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 17:30:49 | 000,001,580 | ---- | M] () -- C:\Users\***\Desktop\Brother Control Center.lnk

========== Files Created - No Company Name ==========

[2012.06.10 17:30:49 | 000,001,580 | ---- | C] () -- C:\Users\***\Desktop\Brother Control Center.lnk
[2012.04.15 15:12:53 | 000,000,892 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini
[2012.04.04 18:55:24 | 000,005,632 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.14 13:20:49 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2011.12.14 13:20:49 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2011.02.23 18:07:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.16 20:02:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.31 16:32:01 | 000,007,603 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.01.11 20:06:31 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2010.11.21 17:49:52 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.21 17:48:36 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT
[2010.11.19 10:26:54 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2010.11.19 10:26:54 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2010.11.18 10:44:35 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2010.11.18 02:55:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

========== LOP Check ==========

[2011.10.22 15:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2012.04.16 17:36:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.04.15 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2011.04.07 13:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.03.08 19:36:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder
[2010.11.20 12:29:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011.10.22 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nitro PDF
[2011.02.22 21:04:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.10.27 14:18:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2012.02.14 09:43:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Zitat:
OTL Extras logfile created on: 04.07.2012 09:55:05 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\***\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 75,58% Memory free
5,99 Gb Paging File | 5,09 Gb Available in Paging File | 84,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 7,22 Gb Free Space | 14,79% Space Free | Partition Type: NTFS
Drive D: | 62,86 Gb Total Space | 1,23 Gb Free Space | 1,95% Space Free | Partition Type: NTFS

Computer Name: KATHISLÄPPI | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0915E1D9-6D53-465D-B59A-DE67D7D2753B}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{0F5B3C97-40D9-4265-8AED-5F25EB6BD653}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B07826D-FFB3-465B-AEE5-0B25FD506814}" = rport=445 | protocol=6 | dir=out | app=system |
"{1EC673CE-9310-467E-8347-A6219CC1054C}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{28359C71-F2D9-4B25-865B-620A21C1B289}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{3237F1DD-D572-4B53-BB88-B780995E64D1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{38DBA5E2-476D-48F9-8AE5-379970AC5010}" = rport=139 | protocol=6 | dir=out | app=system |
"{4BD753CC-76FD-42FF-882E-C2951DE3F5B6}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{551E8D06-23FA-4907-BFB4-2A590C154EB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{63850985-7D58-45CF-9A39-87E1A2D3D445}" = lport=10243 | protocol=6 | dir=in | app=system |
"{66DA7ECF-5016-4208-A200-C2D84454D925}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6B5FCF42-4639-4A44-B1C0-D131EF2CB647}" = lport=139 | protocol=6 | dir=in | app=system |
"{6DC87085-9B7C-4998-9F59-E8952C51D944}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{7C44873A-5EC0-46AA-804A-1C481AF63C61}" = lport=137 | protocol=17 | dir=in | app=system |
"{7D25E632-E022-4AC6-AEBC-8A4BA1980D06}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E542DCB-F8C9-4B86-BF68-E1B31137AD01}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{960E0C23-AC93-4DFB-8A7A-5A421CF89EE3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A2433027-43CF-499A-8CC3-70925603B7D3}" = rport=138 | protocol=17 | dir=out | app=system |
"{A47B97CC-C5B1-44F5-9E99-4DF0F891611E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B1A0D829-CE38-49A6-A89F-3BF206C94B21}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B62CA94A-B0E7-4A56-92DE-2860A53FDB25}" = lport=445 | protocol=6 | dir=in | app=system |
"{B6FE30E9-665C-4D19-AE2C-FC2E30D1694F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA172486-94AB-45AF-84EF-642D0CF6F85E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BA8D90A8-76DE-4950-82F2-8E110F923670}" = lport=138 | protocol=17 | dir=in | app=system |
"{C8EC1701-33D0-4977-B5F0-FA0D0EFD8E10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA360C0D-0039-4520-B684-A11323D45FAE}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{D7E0EB5F-7CB7-4C9F-9298-B3D573075AB2}" = rport=137 | protocol=17 | dir=out | app=system |
"{F50D3F94-18BD-4FC9-A8D8-805B0D17F454}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF4E8492-4516-4EFC-8DB1-7F96C3B0443C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C24221-ABAE-4E3C-A098-D1E7ECF95EEF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{069C70D2-DC70-4932-9D9C-9611325F6B86}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{15EEED38-A0EC-4315-9696-BA1131B79DEB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1C5E1507-5780-4E4F-A873-3E5F5AC06ED4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{21BCA7C9-66A2-4FF0-AF1C-EEE785E680BE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{245AB9D0-7B9A-4859-A7C8-C453C06AAEF0}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{375657F2-DEF2-4ED0-9851-F0EC65243345}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{3CF08FB0-C461-4A55-8CE2-EA77BC856E42}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{412CB3B1-C5BE-4176-9E1B-1F12A29FA674}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{414FA7FF-C6E9-4994-A407-0460580878A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{42D90C58-73F1-43CD-9C09-0E4F3512EED6}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{42DD0C19-CF85-4F36-A59B-4C4BEDED4786}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FAC63A7-36C9-4910-A9DC-71D85E716839}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{4FAF70CD-8AE5-4CDE-9933-26AD805E5609}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{5B9DFE2A-2C51-4F64-9366-9E1EA5515B7B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5CE604B9-CCA1-4997-A475-C183A3EF59CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7ABB7898-70B8-45FA-91FE-0215CC781A01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7C02A629-5FA2-4681-A1E1-738CCC13545F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{93E0B9D3-526B-45FB-AB6B-C9E3D1100EBA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{947E1130-1158-4B6F-8D6D-3E34F980C4CB}" = protocol=6 | dir=out | app=system |
"{9CCAE732-3ED9-4373-AC84-D12785BE117C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9E1EC619-E935-4E46-B14C-86CECFDE393E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9F4731C5-871D-4174-BCF2-E0FEE0B06698}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AFD8EF63-CFD8-4781-81D4-967D4993F083}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB4A5D0F-6153-469D-906F-1D001BBB2185}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BDD4151C-0FC7-4BD5-BCA4-A13DCBD5ACD5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BECE4218-67D9-4306-85C9-DFB83B84FB2C}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{D9738D6F-509B-493E-88F8-678DD5F67405}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DBA91C8B-2B07-4826-B7E5-76B185FCA23A}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{EE0555D1-0D2D-46CC-8DBD-4C0BE70573C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{8D783A4F-7A03-4B28-8388-D78819FAB9DD}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"TCP Query User{8F2CEFF7-6351-40BF-8B95-5DA084C625A1}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"TCP Query User{FFD21398-A0BD-4BB5-87F4-311DC48ED85D}C:\program files\ibm\spss\statistics\20\stats.exe" = protocol=6 | dir=in | app=c:\program files\ibm\spss\statistics\20\stats.exe |
"UDP Query User{78209775-AAE7-41A1-B20B-3BF319E8CE34}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |
"UDP Query User{C8287E7C-F0FB-408E-A5F2-91340A8C97B8}C:\program files\ibm\spss\statistics\20\stats.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\stats.exe |
"UDP Query User{D355E85D-3F7E-494A-B403-D64916F1CCD2}C:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ibm\spss\statistics\20\jre\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2AF8017B-E503-408F-AACE-8A335452CAD2}" = IBM SPSS Statistics 20
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVDStyler_is1" = DVDStyler v2.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Filzip 3.0.6.93_is1" = Filzip 3.06
"InfraRecorder" = InfraRecorder
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 en-GB)" = Mozilla Firefox 13.0.1 (x86 en-GB)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.10
"XMedia Recode" = XMedia Recode 3.0.3.4

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04.07.2012 03:56:50 | Computer Name = KathisLäppi | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/04 09:56:50.317]: [00001820]: GetDeviceIpAddress:
GetAddressByName [BRW002258119101] Error

Error - 04.07.2012 03:57:20 | Computer Name = KathisLäppi | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/04 09:57:20.363]: [00001820]: GetDeviceIpAddress:
GetAddressByName [BRW002258119101] Error

Error - 04.07.2012 03:57:50 | Computer Name = KathisLäppi | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/04 09:57:50.409]: [00001820]: GetDeviceIpAddress:
GetAddressByName [BRW002258119101] Error

Error - 04.07.2012 03:58:20 | Computer Name = KathisLäppi | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/04 09:58:20.454]: [00001820]: GetDeviceIpAddress:
GetAddressByName [BRW002258119101] Error

Error - 04.07.2012 03:58:50 | Computer Name = KathisLäppi | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/04 09:58:50.500]: [00001820]: GetDeviceIpAddress:
GetAddressByName [BRW002258119101] Error

Error - 04.07.2012 03:59:20 | Computer Name = KathisLäppi | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/04 09:59:20.545]: [00001820]: GetDeviceIpAddress:
GetAddressByName [BRW002258119101] Error

Error - 04.07.2012 03:59:50 | Computer Name = KathisLäppi | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/04 09:59:50.591]: [00001820]: GetDeviceIpAddress:
GetAddressByName [BRW002258119101] Error

Error - 04.07.2012 04:00:20 | Computer Name = KathisLäppi | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/04 10:00:20.637]: [00001820]: GetDeviceIpAddress:
GetAddressByName [BRW002258119101] Error

Error - 04.07.2012 04:00:50 | Computer Name = KathisLäppi | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/04 10:00:50.682]: [00001820]: GetDeviceIpAddress:
GetAddressByName [BRW002258119101] Error

Error - 04.07.2012 04:01:20 | Computer Name = KathisLäppi | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2012/07/04 10:01:20.728]: [00001820]: GetDeviceIpAddress:
GetAddressByName [BRW002258119101] Error

[ System Events ]
Error - 23.09.2011 14:48:43 | Computer Name = KathisLäppi | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 30.09.2011 06:48:26 | Computer Name = KathisLäppi | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 11.10.2011 08:09:56 | Computer Name = KathisLäppi | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.

Error - 13.10.2011 05:12:06 | Computer Name = KathisLäppi | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 13.10.2011 08:38:30 | Computer Name = KathisLäppi | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 14.10.2011 02:53:04 | Computer Name = KathisLäppi | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.2.100
mit dem Computer mit der Netzwerkhardwareadresse C4-17-FE-4B-92-F1 ermittelt. Netzwerkvorgänge
könnten daher auf diesem System unterbrochen werden.

Error - 16.10.2011 05:45:53 | Computer Name = KathisLäppi | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.

Error - 18.10.2011 10:09:42 | Computer Name = KathisLäppi | Source = DCOM | ID = 10010
Description =

Error - 19.10.2011 16:52:04 | Computer Name = KathisLäppi | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.

Error - 20.10.2011 03:50:06 | Computer Name = KathisLäppi | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.


< End of report >

Und Malwarebytes als Vollscan:

Zitat:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.04.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
*** :: KATHISLÄPPI [Administrator]

04.07.2012 10:37:13
mbam-log-2012-07-04 (10-37-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 354554
Laufzeit: 58 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
D:\Fun\Witziges\bse.exe (JokeApp.NotFunny) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Fun\Witziges\Geschenk.exe (PUP.Joke.Geschenk) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\Fun\Witziges\Langeweile1_1.exe (PUP.Joke.Langeweile) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Gmer ist beim ersten Mal abgestürzt kurz nach Beginn des Scans, beim darauffolgenden Versuch hat es aber funktioniert:

Zitat:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-04 13:53:49
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541612J9SA00 rev.SBDOC70P
Running: 48xskxk3.exe; Driver: C:\Users\KATHAR~1\AppData\Local\Temp\pwlyakow.sys


---- System - GMER 1.0.15 ----

SSDT 8DA5B896 ZwCreateSection
SSDT 8DA5B8A0 ZwRequestWaitReplyPort
SSDT 8DA5B89B ZwSetContextThread
SSDT 8DA5B8A5 ZwSetSecurityObject
SSDT 8DA5B8AA ZwSystemDebugControl
SSDT 8DA5B837 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C853C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82CC5EAC 4 Bytes [96, B8, A5, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82CC6208 4 Bytes [A0, B8, A5, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82CC624C 4 Bytes [9B, B8, A5, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82CC62C8 4 Bytes [A5, B8, A5, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82CC631C 4 Bytes [AA, B8, A5, 8D]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x91427340, 0x3EE217, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0016cee45613
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0016cee45613 (not active ControlSet)

---- EOF - GMER 1.0.15 ----


Danke schonmal für Hilfe damit!
Gruß, Blobbit

cosinus 05.07.2012 15:08
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Blobbit 05.07.2012 15:50
Hallo, und danke für die schnelle Antwort.
ich habe Malwarebytes erst als Alternative zu Avira benutzt, als ich die Funde schon hatte (also danach), um zu gucken, ob ein anderes Programm als Avira auch nichts findet. Ich habe vor dem Vollscan noch einen Quickscan gemacht, bei dem aber nichts gefunden wurde:

Zitat:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.04.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
*** :: KATHISLÄPPI [Administrator]

04.07.2012 10:31:28
mbam-log-2012-07-04 (10-31-28).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212245
Laufzeit: 4 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Ansonsten habe ich immer mit Avira gescannt, aber leider keine Berichte mehr darüber, weil mir entgangen war, dass Avira standardmäßig nur Berichte aufbewahrt, die in den letzten 30 Tagen erstellt wurden... -.-

cosinus 05.07.2012 16:11
Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.

Blobbit 05.07.2012 20:28
Habe ESET ausgeführt, hat nichts gefunden:

Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=df7136347898624d96d831c0683e7bb5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-05 07:21:55
# local_time=2012-07-05 09:21:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 22847599 22847599 0 0
# compatibility_mode=5893 16776573 100 94 123295 93141003 0 0
# compatibility_mode=8192 67108863 100 0 7026 7026 0 0
# scanned=152596
# found=0
# cleaned=0
# scan_time=6303
Allerdings hat er noch am Anfang gesagt, dass der Windows Defender an ist. Ich hab versucht, den auszustellen, was aber nicht geklappt hat, auch nicht wenn ich versucht habe den Dienst im Taskmanager zu beenden ("Zugriff verweigert"). Ich hoffe, das ist nicht schlimm, ansonsten bräuchte ich eine Anweisung, wie ich den Defender aus kriege, dann mach ich den Scan halt nochmal.

Grüße
Blobbit

-- edit:
Defender abstellen hab ich gefunden. Sorry für die Nachfrage! Ist nur noch die Frage, ob ich den ESET Scan nochmal laufen lassen soll.
Liebe Grüße!

cosinus 05.07.2012 20:57
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Blobbit 05.07.2012 21:01
Der normale Modus ging eigentlich die ganze Zeit (für meine Begriffe) uneingeschränkt. War ja nur beim Routinescan auf die Funde gestoßen, nicht, weil irgendwas komisch war.
Eine Zeit lang hat sich der Rechner mal öfters aufgehängt, als ich ihn in den Ruhezustand fahren wollte, sodass ich ihn dann per Knopfdruck ausmachen musste. Da habe ich aber auch schonmal gescannt und nicht gefunden. Nun geht es auch schon seit längerem wieder ohne Probleme.

Im Startmenu fehlt mir auf den ersten Blick nichts (nutze es aber auch nicht oft), nur der Autostart-Ordner ist leer. Keine Ahnung, ob das vorher auch schon so war.

Gruß
Blobbit

cosinus 05.07.2012 21:19
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Blobbit 05.07.2012 22:00
So, hier die Logfile von OTL:

Code:
OTL logfile created on: 05.07.2012 22:32:26 - Run 3
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\***\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,11% Memory free
5,99 Gb Paging File | 4,98 Gb Available in Paging File | 83,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 6,92 Gb Free Space | 14,17% Space Free | Partition Type: NTFS
Drive D: | 62,86 Gb Total Space | 3,26 Gb Free Space | 5,18% Space Free | Partition Type: NTFS
 
Computer Name: KATHISLÄPPI | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU ()
MOD - C:\Programme\Filzip\fzshext.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14597
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 7C 33 86 9D 94 CC 01  [binary data]
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\..\SearchScopes\{64D07A23-70CA-4B42-A153-A748A482741C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=9621eb39-4e86-4b99-8445-36f6e6688379&apn_sauid=29707ED1-A83A-4FD0-B7C1-FF640792C608
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {ff356687-aa08-463d-a46c-11c451824939}:5.5.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 21:36:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.04 16:15:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.22 13:10:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 21:36:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.04 16:15:47 | 000,000,000 | ---D | M]
 
[2011.02.22 21:05:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.02.22 21:05:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.04 15:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bew6pf6y.default\extensions
[2012.03.30 15:49:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bew6pf6y.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.06.23 18:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Thunderbird\Profiles\y2qjhrun.default\extensions
[2012.06.23 18:27:10 | 000,000,000 | ---D | M] (TT DeepDark) -- C:\Users\***\AppData\Roaming\mozilla\Thunderbird\Profiles\y2qjhrun.default\extensions\{9ed238c0-af95-11e0-9f1c-0800200c9a66}
[2011.02.22 21:00:57 | 000,000,000 | ---D | M] (Leopard Mail-Default-Aqua) -- C:\Users\***\AppData\Roaming\mozilla\Thunderbird\Profiles\y2qjhrun.default\extensions\LeopardMailDefaultAqua@reo-2007
[2012.03.17 17:37:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.04 15:48:37 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BEW6PF6Y.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.16 21:36:54 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.16 21:36:51 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012.06.16 21:36:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.16 21:36:51 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012.06.16 21:36:51 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012.06.16 21:36:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012.06.16 21:36:51 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A4C0B1F-A49B-44EC-91CD-4CE0601981A0}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E80286E2-5580-4D5A-95FF-00D11B587DE9}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe - (Acer Inc.)
MsConfig - StartUpReg: Adobe_ID0ENQBO - hkey= - key= - C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: RocketDock - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D456C702-E045-F1A9-4056-6BA1D13F4274} - Browser Customizations
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.05 22:23:07 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.05 17:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.05 17:39:27 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.07.04 15:42:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.04 10:28:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.07.04 10:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.04 10:28:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.04 10:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.03 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.07.03 19:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.25 09:30:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.05 22:23:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.07.05 22:00:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.05 18:00:07 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.05 17:39:28 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2012.07.05 14:29:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.04 16:28:17 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.04 16:28:17 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.04 16:28:17 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.04 16:28:17 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.04 14:13:24 | 000,016,560 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 14:13:24 | 000,016,560 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 14:05:43 | 2414,436,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.13 18:14:02 | 002,313,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.12 23:00:27 | 000,005,632 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.10 17:30:49 | 000,001,580 | ---- | M] () -- C:\Users\***\Desktop\Brother Control Center.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.04 16:15:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.06.10 17:30:49 | 000,001,580 | ---- | C] () -- C:\Users\***\Desktop\Brother Control Center.lnk
[2012.04.15 15:12:53 | 000,000,892 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini
[2012.04.04 18:55:24 | 000,005,632 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.14 13:20:49 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2011.12.14 13:20:49 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2011.02.23 18:07:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.02.16 20:02:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.31 16:32:01 | 000,007,603 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2011.01.11 20:06:31 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2010.11.21 17:49:52 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.21 17:48:36 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT
[2010.11.19 10:26:54 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2010.11.19 10:26:54 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2010.11.18 10:44:35 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2010.11.18 02:55:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== LOP Check ==========
 
[2011.10.22 15:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2012.04.16 17:36:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.04.15 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2011.04.07 13:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2011.03.08 19:36:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder
[2010.11.20 12:29:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011.10.22 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nitro PDF
[2011.02.22 21:04:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.10.27 14:18:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2012.02.14 09:43:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.07.04 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2012.05.22 11:04:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011.10.15 09:04:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2010.11.21 17:54:12 | 000,000,000 | R--D | M] -- C:\Users\***\AppData\Roaming\Brother
[2011.10.22 15:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2011.03.15 10:54:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2012.04.16 17:36:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.04.15 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2011.04.07 13:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.11.18 01:08:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2011.03.08 19:36:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder
[2010.11.21 17:45:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2010.11.20 12:29:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2010.11.19 10:50:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.07.04 10:28:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.03.27 18:58:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Player Classic
[2012.06.25 09:30:06 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.02.22 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.10.22 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nitro PDF
[2012.06.01 11:28:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2012.06.01 11:28:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2011.02.22 21:04:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.01.31 23:32:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2011.10.27 14:18:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2012.05.05 13:25:07 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >

cosinus 06.07.2012 08:14
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=14597
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 7C 33 86 9D 94 CC 01  [binary data]
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\..\SearchScopes\{64D07A23-70CA-4B42-A153-A748A482741C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=9621eb39-4e86-4b99-8445-36f6e6688379&apn_sauid=29707ED1-A83A-4FD0-B7C1-FF640792C608
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - user.js - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Blobbit 06.07.2012 09:38
Hallo, ist ohne Probleme durchgelaufen, gab einen Neustart:

Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-3905438483-2618847446-3028115750-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3905438483-2618847446-3028115750-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3905438483-2618847446-3028115750-1001\Software\Microsoft\Internet Explorer\SearchScopes\{64D07A23-70CA-4B42-A153-A748A482741C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64D07A23-70CA-4B42-A153-A748A482741C}\ not found.
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 310207326 bytes
->Temporary Internet Files folder emptied: 76307344 bytes
->Java cache emptied: 12895871 bytes
->FireFox cache emptied: 594885756 bytes
->Flash cache emptied: 71456 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132863870 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.075,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07062012_102549

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Gruß
Blobbit

cosinus 06.07.2012 10:44
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Blobbit 06.07.2012 11:00
Hier der Report, hab mit den zwei Funden noch nichts gemacht.

Code:
11:55:49.0489 3836        TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08
11:55:49.0505 3836        ============================================================
11:55:49.0505 3836        Current date / time: 2012/07/06 11:55:49.0505
11:55:49.0505 3836        SystemInfo:
11:55:49.0505 3836       
11:55:49.0505 3836        OS Version: 6.1.7601 ServicePack: 1.0
11:55:49.0505 3836        Product type: Workstation
11:55:49.0505 3836        ComputerName: KATHISLÄPPI
11:55:49.0505 3836        UserName: Katharina Therre
11:55:49.0505 3836        Windows directory: C:\Windows
11:55:49.0505 3836        System windows directory: C:\Windows
11:55:49.0505 3836        Processor architecture: Intel x86
11:55:49.0505 3836        Number of processors: 2
11:55:49.0505 3836        Page size: 0x1000
11:55:49.0505 3836        Boot type: Normal boot
11:55:49.0505 3836        ============================================================
11:55:50.0706 3836        Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:55:50.0722 3836        ============================================================
11:55:50.0722 3836        \Device\Harddisk0\DR0:
11:55:50.0722 3836        MBR partitions:
11:55:50.0722 3836        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:55:50.0722 3836        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x61A7800
11:55:50.0722 3836        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61DA000, BlocksNum 0x7DBA000
11:55:50.0722 3836        ============================================================
11:55:50.0737 3836        C: <-> \Device\Harddisk0\DR0\Partition1
11:55:50.0768 3836        D: <-> \Device\Harddisk0\DR0\Partition2
11:55:50.0768 3836        ============================================================
11:55:50.0768 3836        Initialize success
11:55:50.0768 3836        ============================================================
11:56:15.0572 2912        ============================================================
11:56:15.0572 2912        Scan started
11:56:15.0572 2912        Mode: Manual; SigCheck; TDLFS;
11:56:15.0572 2912        ============================================================
11:56:16.0306 2912        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:56:16.0430 2912        1394ohci - ok
11:56:16.0462 2912        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:56:16.0493 2912        ACPI - ok
11:56:16.0524 2912        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:56:16.0602 2912        AcpiPmi - ok
11:56:16.0665 2912        adfs            (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
11:56:16.0696 2912        adfs - ok
11:56:16.0852 2912        Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
11:56:16.0883 2912        Adobe Version Cue CS4 - ok
11:56:16.0992 2912        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:56:17.0008 2912        AdobeARMservice - ok
11:56:17.0133 2912        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:56:17.0179 2912        adp94xx - ok
11:56:17.0226 2912        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:56:17.0242 2912        adpahci - ok
11:56:17.0273 2912        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:56:17.0289 2912        adpu320 - ok
11:56:17.0320 2912        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
11:56:17.0382 2912        AeLookupSvc - ok
11:56:17.0460 2912        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
11:56:17.0523 2912        AFD - ok
11:56:17.0569 2912        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:56:17.0585 2912        agp440 - ok
11:56:17.0616 2912        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:56:17.0647 2912        aic78xx - ok
11:56:17.0694 2912        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
11:56:17.0741 2912        ALG - ok
11:56:17.0772 2912        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:56:17.0788 2912        aliide - ok
11:56:17.0803 2912        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:56:17.0819 2912        amdagp - ok
11:56:17.0850 2912        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:56:17.0866 2912        amdide - ok
11:56:17.0913 2912        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:56:17.0944 2912        AmdK8 - ok
11:56:17.0959 2912        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:56:18.0006 2912        AmdPPM - ok
11:56:18.0069 2912        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:56:18.0084 2912        amdsata - ok
11:56:18.0115 2912        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:56:18.0131 2912        amdsbs - ok
11:56:18.0147 2912        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:56:18.0162 2912        amdxata - ok
11:56:18.0271 2912        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:56:18.0287 2912        AntiVirSchedulerService - ok
11:56:18.0349 2912        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:56:18.0365 2912        AntiVirService - ok
11:56:18.0412 2912        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:56:18.0568 2912        AppID - ok
11:56:18.0615 2912        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
11:56:18.0708 2912        AppIDSvc - ok
11:56:18.0755 2912        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
11:56:18.0817 2912        Appinfo - ok
11:56:18.0849 2912        AppMgmt        (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
11:56:18.0880 2912        AppMgmt - ok
11:56:18.0911 2912        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:56:18.0927 2912        arc - ok
11:56:18.0958 2912        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:56:18.0973 2912        arcsas - ok
11:56:19.0005 2912        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:56:19.0051 2912        AsyncMac - ok
11:56:19.0083 2912        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:56:19.0098 2912        atapi - ok
11:56:19.0176 2912        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:56:19.0239 2912        AudioEndpointBuilder - ok
11:56:19.0254 2912        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:56:19.0301 2912        Audiosrv - ok
11:56:19.0363 2912        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
11:56:19.0410 2912        avgntflt - ok
11:56:19.0473 2912        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
11:56:19.0488 2912        avipbb - ok
11:56:19.0535 2912        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
11:56:19.0551 2912        avkmgr - ok
11:56:19.0597 2912        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
11:56:19.0644 2912        AxInstSV - ok
11:56:19.0707 2912        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:56:19.0753 2912        b06bdrv - ok
11:56:19.0800 2912        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:56:19.0816 2912        b57nd60x - ok
11:56:19.0863 2912        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
11:56:19.0909 2912        BDESVC - ok
11:56:19.0925 2912        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:56:19.0987 2912        Beep - ok
11:56:20.0065 2912        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
11:56:20.0128 2912        BFE - ok
11:56:20.0190 2912        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
11:56:20.0253 2912        BITS - ok
11:56:20.0284 2912        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:56:20.0315 2912        blbdrive - ok
11:56:20.0346 2912        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:56:20.0393 2912        bowser - ok
11:56:20.0424 2912        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:56:20.0487 2912        BrFiltLo - ok
11:56:20.0502 2912        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:56:20.0533 2912        BrFiltUp - ok
11:56:20.0580 2912        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
11:56:20.0674 2912        Browser - ok
11:56:20.0721 2912        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:56:20.0752 2912        Brserid - ok
11:56:20.0767 2912        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:56:20.0814 2912        BrSerWdm - ok
11:56:20.0830 2912        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:56:20.0877 2912        BrUsbMdm - ok
11:56:20.0877 2912        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:56:20.0908 2912        BrUsbSer - ok
11:56:21.0001 2912        BrYNSvc        (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
11:56:21.0017 2912        BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
11:56:21.0017 2912        BrYNSvc - detected UnsignedFile.Multi.Generic (1)
11:56:21.0095 2912        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
11:56:21.0142 2912        BthEnum - ok
11:56:21.0173 2912        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:56:21.0189 2912        BTHMODEM - ok
11:56:21.0220 2912        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
11:56:21.0251 2912        BthPan - ok
11:56:21.0329 2912        BTHPORT        (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
11:56:21.0376 2912        BTHPORT - ok
11:56:21.0423 2912        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
11:56:21.0469 2912        bthserv - ok
11:56:21.0485 2912        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
11:56:21.0516 2912        BTHUSB - ok
11:56:21.0563 2912        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:56:21.0610 2912        cdfs - ok
11:56:21.0672 2912        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
11:56:21.0719 2912        cdrom - ok
11:56:21.0766 2912        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:56:21.0828 2912        CertPropSvc - ok
11:56:21.0859 2912        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:56:21.0875 2912        circlass - ok
11:56:21.0922 2912        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:56:21.0937 2912        CLFS - ok
11:56:22.0015 2912        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:56:22.0031 2912        clr_optimization_v2.0.50727_32 - ok
11:56:22.0125 2912        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:56:22.0140 2912        clr_optimization_v4.0.30319_32 - ok
11:56:22.0156 2912        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:56:22.0171 2912        CmBatt - ok
11:56:22.0203 2912        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:56:22.0218 2912        cmdide - ok
11:56:22.0265 2912        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
11:56:22.0296 2912        CNG - ok
11:56:22.0327 2912        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:56:22.0343 2912        Compbatt - ok
11:56:22.0390 2912        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
11:56:22.0421 2912        CompositeBus - ok
11:56:22.0421 2912        COMSysApp - ok
11:56:22.0452 2912        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:56:22.0483 2912        crcdisk - ok
11:56:22.0530 2912        CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
11:56:22.0561 2912        CryptSvc - ok
11:56:22.0624 2912        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
11:56:22.0686 2912        CSC - ok
11:56:22.0733 2912        CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
11:56:22.0795 2912        CscService - ok
11:56:22.0842 2912        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:56:22.0905 2912        DcomLaunch - ok
11:56:22.0936 2912        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
11:56:22.0998 2912        defragsvc - ok
11:56:23.0076 2912        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
11:56:23.0139 2912        DfsC - ok
11:56:23.0232 2912        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
11:56:23.0295 2912        Dhcp - ok
11:56:23.0326 2912        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:56:23.0373 2912        discache - ok
11:56:23.0435 2912        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:56:23.0451 2912        Disk - ok
11:56:23.0482 2912        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
11:56:23.0513 2912        Dnscache - ok
11:56:23.0575 2912        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
11:56:23.0638 2912        dot3svc - ok
11:56:23.0700 2912        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
11:56:23.0763 2912        DPS - ok
11:56:23.0794 2912        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:56:23.0825 2912        drmkaud - ok
11:56:23.0887 2912        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:56:23.0934 2912        DXGKrnl - ok
11:56:23.0981 2912        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
11:56:24.0028 2912        EapHost - ok
11:56:24.0262 2912        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:56:24.0371 2912        ebdrv - ok
11:56:24.0480 2912        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
11:56:24.0511 2912        EFS - ok
11:56:24.0605 2912        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
11:56:24.0652 2912        ehRecvr - ok
11:56:24.0683 2912        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
11:56:24.0714 2912        ehSched - ok
11:56:24.0823 2912        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:56:24.0870 2912        elxstor - ok
11:56:24.0901 2912        EMSCR          (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys
11:56:24.0933 2912        EMSCR - ok
11:56:24.0964 2912        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:56:25.0011 2912        ErrDev - ok
11:56:25.0042 2912        ESDCR          (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys
11:56:25.0089 2912        ESDCR - ok
11:56:25.0120 2912        ESMCR          (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys
11:56:25.0167 2912        ESMCR - ok
11:56:25.0213 2912        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
11:56:25.0260 2912        EventSystem - ok
11:56:25.0291 2912        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:56:25.0338 2912        exfat - ok
11:56:25.0369 2912        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:56:25.0432 2912        fastfat - ok
11:56:25.0510 2912        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
11:56:25.0541 2912        Fax - ok
11:56:25.0557 2912        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:56:25.0572 2912        fdc - ok
11:56:25.0603 2912        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
11:56:25.0650 2912        fdPHost - ok
11:56:25.0666 2912        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
11:56:25.0728 2912        FDResPub - ok
11:56:25.0744 2912        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:56:25.0759 2912        FileInfo - ok
11:56:25.0791 2912        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:56:25.0837 2912        Filetrace - ok
11:56:25.0947 2912        FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:56:25.0978 2912        FLEXnet Licensing Service - ok
11:56:25.0993 2912        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:56:26.0025 2912        flpydisk - ok
11:56:26.0040 2912        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:56:26.0071 2912        FltMgr - ok
11:56:26.0149 2912        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
11:56:26.0212 2912        FontCache - ok
11:56:26.0305 2912        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:56:26.0321 2912        FontCache3.0.0.0 - ok
11:56:26.0337 2912        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:56:26.0352 2912        FsDepends - ok
11:56:26.0399 2912        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
11:56:26.0415 2912        Fs_Rec - ok
11:56:26.0461 2912        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:56:26.0477 2912        fvevol - ok
11:56:26.0524 2912        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:56:26.0539 2912        gagp30kx - ok
11:56:26.0602 2912        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
11:56:26.0680 2912        gpsvc - ok
11:56:26.0851 2912        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:56:26.0883 2912        gupdate - ok
11:56:26.0883 2912        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:56:26.0914 2912        gupdatem - ok
11:56:26.0929 2912        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:56:26.0961 2912        hcw85cir - ok
11:56:27.0007 2912        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
11:56:27.0054 2912        HdAudAddService - ok
11:56:27.0101 2912        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
11:56:27.0148 2912        HDAudBus - ok
11:56:27.0163 2912        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:56:27.0210 2912        HidBatt - ok
11:56:27.0241 2912        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:56:27.0273 2912        HidBth - ok
11:56:27.0304 2912        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:56:27.0335 2912        HidIr - ok
11:56:27.0366 2912        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
11:56:27.0413 2912        hidserv - ok
11:56:27.0475 2912        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
11:56:27.0491 2912        HidUsb - ok
11:56:27.0522 2912        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
11:56:27.0585 2912        hkmsvc - ok
11:56:27.0616 2912        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
11:56:27.0663 2912        HomeGroupListener - ok
11:56:27.0694 2912        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
11:56:27.0741 2912        HomeGroupProvider - ok
11:56:27.0803 2912        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:56:27.0819 2912        HpSAMD - ok
11:56:27.0928 2912        HSF_DPV        (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:56:28.0006 2912        HSF_DPV - ok
11:56:28.0084 2912        HSXHWAZL        (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
11:56:28.0131 2912        HSXHWAZL - ok
11:56:28.0224 2912        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:56:28.0287 2912        HTTP - ok
11:56:28.0318 2912        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:56:28.0333 2912        hwpolicy - ok
11:56:28.0380 2912        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
11:56:28.0427 2912        i8042prt - ok
11:56:28.0505 2912        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:56:28.0536 2912        iaStorV - ok
11:56:28.0708 2912        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:56:28.0755 2912        idsvc - ok
11:56:28.0801 2912        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:56:28.0817 2912        iirsp - ok
11:56:28.0926 2912        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
11:56:29.0004 2912        IKEEXT - ok
11:56:29.0035 2912        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:56:29.0051 2912        intelide - ok
11:56:29.0098 2912        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:56:29.0129 2912        intelppm - ok
11:56:29.0160 2912        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
11:56:29.0207 2912        IPBusEnum - ok
11:56:29.0223 2912        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:56:29.0285 2912        IpFilterDriver - ok
11:56:29.0347 2912        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
11:56:29.0394 2912        iphlpsvc - ok
11:56:29.0441 2912        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:56:29.0488 2912        IPMIDRV - ok
11:56:29.0503 2912        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:56:29.0550 2912        IPNAT - ok
11:56:29.0597 2912        irda            (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
11:56:29.0644 2912        irda - ok
11:56:29.0659 2912        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:56:29.0691 2912        IRENUM - ok
11:56:29.0722 2912        Irmon          (4220d2f03d5c4226d0a1aa4b84025e45) C:\Windows\System32\irmon.dll
11:56:29.0737 2912        Irmon - ok
11:56:29.0784 2912        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:56:29.0800 2912        isapnp - ok
11:56:29.0831 2912        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:56:29.0862 2912        iScsiPrt - ok
11:56:29.0893 2912        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:56:29.0909 2912        kbdclass - ok
11:56:29.0940 2912        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
11:56:29.0987 2912        kbdhid - ok
11:56:30.0018 2912        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:56:30.0034 2912        KeyIso - ok
11:56:30.0049 2912        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
11:56:30.0065 2912        KSecDD - ok
11:56:30.0096 2912        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
11:56:30.0112 2912        KSecPkg - ok
11:56:30.0143 2912        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
11:56:30.0205 2912        KtmRm - ok
11:56:30.0268 2912        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
11:56:30.0346 2912        LanmanServer - ok
11:56:30.0377 2912        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
11:56:30.0439 2912        LanmanWorkstation - ok
11:56:30.0486 2912        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:56:30.0549 2912        lltdio - ok
11:56:30.0580 2912        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
11:56:30.0627 2912        lltdsvc - ok
11:56:30.0642 2912        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
11:56:30.0689 2912        lmhosts - ok
11:56:30.0720 2912        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:56:30.0751 2912        LSI_FC - ok
11:56:30.0767 2912        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:56:30.0783 2912        LSI_SAS - ok
11:56:30.0814 2912        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:56:30.0829 2912        LSI_SAS2 - ok
11:56:30.0829 2912        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:56:30.0861 2912        LSI_SCSI - ok
11:56:30.0892 2912        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:56:30.0939 2912        luafv - ok
11:56:30.0970 2912        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
11:56:30.0985 2912        Mcx2Svc - ok
11:56:31.0017 2912        mdmxsdk        (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:56:31.0048 2912        mdmxsdk - ok
11:56:31.0079 2912        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:56:31.0095 2912        megasas - ok
11:56:31.0141 2912        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:56:31.0173 2912        MegaSR - ok
11:56:31.0204 2912        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:56:31.0266 2912        MMCSS - ok
11:56:31.0282 2912        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:56:31.0344 2912        Modem - ok
11:56:31.0375 2912        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:56:31.0391 2912        monitor - ok
11:56:31.0453 2912        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
11:56:31.0469 2912        mouclass - ok
11:56:31.0500 2912        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:56:31.0516 2912        mouhid - ok
11:56:31.0563 2912        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:56:31.0578 2912        mountmgr - ok
11:56:31.0687 2912        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:56:31.0719 2912        MozillaMaintenance - ok
11:56:31.0750 2912        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:56:31.0765 2912        mpio - ok
11:56:31.0812 2912        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:56:31.0859 2912        mpsdrv - ok
11:56:31.0921 2912        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
11:56:31.0999 2912        MpsSvc - ok
11:56:32.0046 2912        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:56:32.0077 2912        MRxDAV - ok
11:56:32.0140 2912        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:56:32.0187 2912        mrxsmb - ok
11:56:32.0233 2912        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:56:32.0265 2912        mrxsmb10 - ok
11:56:32.0296 2912        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:56:32.0327 2912        mrxsmb20 - ok
11:56:32.0374 2912        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:56:32.0389 2912        msahci - ok
11:56:32.0421 2912        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:56:32.0452 2912        msdsm - ok
11:56:32.0483 2912        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
11:56:32.0514 2912        MSDTC - ok
11:56:32.0530 2912        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:56:32.0577 2912        Msfs - ok
11:56:32.0592 2912        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:56:32.0655 2912        mshidkmdf - ok
11:56:32.0670 2912        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:56:32.0686 2912        msisadrv - ok
11:56:32.0748 2912        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
11:56:32.0795 2912        MSiSCSI - ok
11:56:32.0811 2912        msiserver - ok
11:56:32.0857 2912        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:56:32.0904 2912        MSKSSRV - ok
11:56:32.0920 2912        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:56:32.0967 2912        MSPCLOCK - ok
11:56:32.0982 2912        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:56:33.0045 2912        MSPQM - ok
11:56:33.0076 2912        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:56:33.0091 2912        MsRPC - ok
11:56:33.0123 2912        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:56:33.0138 2912        mssmbios - ok
11:56:33.0169 2912        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:56:33.0216 2912        MSTEE - ok
11:56:33.0232 2912        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:56:33.0247 2912        MTConfig - ok
11:56:33.0263 2912        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:56:33.0279 2912        Mup - ok
11:56:33.0341 2912        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
11:56:33.0403 2912        napagent - ok
11:56:33.0435 2912        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:56:33.0466 2912        NativeWifiP - ok
11:56:33.0559 2912        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:56:33.0606 2912        NDIS - ok
11:56:33.0622 2912        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:56:33.0684 2912        NdisCap - ok
11:56:33.0715 2912        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:56:33.0762 2912        NdisTapi - ok
11:56:33.0809 2912        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:56:33.0856 2912        Ndisuio - ok
11:56:33.0903 2912        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:56:33.0965 2912        NdisWan - ok
11:56:33.0996 2912        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:56:34.0027 2912        NDProxy - ok
11:56:34.0074 2912        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:56:34.0121 2912        NetBIOS - ok
11:56:34.0168 2912        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:56:34.0199 2912        NetBT - ok
11:56:34.0246 2912        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:56:34.0261 2912        Netlogon - ok
11:56:34.0308 2912        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
11:56:34.0386 2912        Netman - ok
11:56:34.0417 2912        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
11:56:34.0480 2912        netprofm - ok
11:56:34.0573 2912        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:56:34.0605 2912        NetTcpPortSharing - ok
11:56:34.0901 2912        netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
11:56:35.0041 2912        netw5v32 - ok
11:56:35.0166 2912        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:56:35.0197 2912        nfrd960 - ok
11:56:35.0244 2912        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
11:56:35.0322 2912        NlaSvc - ok
11:56:35.0338 2912        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:56:35.0400 2912        Npfs - ok
11:56:35.0416 2912        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
11:56:35.0478 2912        nsi - ok
11:56:35.0494 2912        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:56:35.0556 2912        nsiproxy - ok
11:56:35.0697 2912        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:56:35.0759 2912        Ntfs - ok
11:56:35.0790 2912        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:56:35.0853 2912        Null - ok
11:56:36.0352 2912        nvlddmkm        (05b288b25c2ebd9a4e9e5114ae790876) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:56:36.0835 2912        nvlddmkm - ok
11:56:36.0991 2912        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:56:37.0023 2912        nvraid - ok
11:56:37.0038 2912        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:56:37.0069 2912        nvstor - ok
11:56:37.0116 2912        nvsvc          (e937a615d4289e83e234c3ec26092431) C:\Windows\system32\nvvsvc.exe
11:56:37.0132 2912        nvsvc - ok
11:56:37.0179 2912        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:56:37.0194 2912        nv_agp - ok
11:56:37.0303 2912        odserv          (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:56:37.0350 2912        odserv - ok
11:56:37.0366 2912        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:56:37.0397 2912        ohci1394 - ok
11:56:37.0444 2912        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:56:37.0475 2912        ose - ok
11:56:37.0522 2912        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:56:37.0553 2912        p2pimsvc - ok
11:56:37.0584 2912        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
11:56:37.0615 2912        p2psvc - ok
11:56:37.0647 2912        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:56:37.0678 2912        Parport - ok
11:56:37.0709 2912        partmgr        (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
11:56:37.0725 2912        partmgr - ok
11:56:37.0740 2912        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:56:37.0756 2912        Parvdm - ok
11:56:37.0787 2912        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
11:56:37.0803 2912        PcaSvc - ok
11:56:37.0849 2912        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:56:37.0865 2912        pci - ok
11:56:37.0881 2912        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:56:37.0896 2912        pciide - ok
11:56:37.0927 2912        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:56:37.0943 2912        pcmcia - ok
11:56:37.0959 2912        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:56:37.0974 2912        pcw - ok
11:56:38.0037 2912        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:56:38.0099 2912        PEAUTH - ok
11:56:38.0177 2912        PeerDistSvc    (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
11:56:38.0239 2912        PeerDistSvc - ok
11:56:38.0380 2912        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
11:56:38.0473 2912        pla - ok
11:56:38.0676 2912        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
11:56:38.0723 2912        PlugPlay - ok
11:56:38.0739 2912        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
11:56:38.0770 2912        PNRPAutoReg - ok
11:56:38.0801 2912        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:56:38.0832 2912        PNRPsvc - ok
11:56:38.0895 2912        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
11:56:38.0973 2912        PolicyAgent - ok
11:56:39.0019 2912        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
11:56:39.0051 2912        Power - ok
11:56:39.0129 2912        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:56:39.0191 2912        PptpMiniport - ok
11:56:39.0207 2912        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:56:39.0238 2912        Processor - ok
11:56:39.0269 2912        ProfSvc        (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
11:56:39.0300 2912        ProfSvc - ok
11:56:39.0347 2912        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:56:39.0363 2912        ProtectedStorage - ok
11:56:39.0394 2912        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:56:39.0441 2912        Psched - ok
11:56:39.0534 2912        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:56:39.0581 2912        ql2300 - ok
11:56:39.0721 2912        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:56:39.0753 2912        ql40xx - ok
11:56:39.0799 2912        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
11:56:39.0831 2912        QWAVE - ok
11:56:39.0862 2912        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:56:39.0877 2912        QWAVEdrv - ok
11:56:39.0955 2912        RapiMgr        (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
11:56:39.0971 2912        RapiMgr - ok
11:56:39.0987 2912        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:56:40.0033 2912        RasAcd - ok
11:56:40.0065 2912        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:56:40.0096 2912        RasAgileVpn - ok
11:56:40.0143 2912        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
11:56:40.0174 2912        RasAuto - ok
11:56:40.0205 2912        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:56:40.0252 2912        Rasl2tp - ok
11:56:40.0283 2912        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
11:56:40.0345 2912        RasMan - ok
11:56:40.0361 2912        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:56:40.0423 2912        RasPppoe - ok
11:56:40.0439 2912        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:56:40.0501 2912        RasSstp - ok
11:56:40.0548 2912        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:56:40.0611 2912        rdbss - ok
11:56:40.0611 2912        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:56:40.0642 2912        rdpbus - ok
11:56:40.0673 2912        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:56:40.0751 2912        RDPCDD - ok
11:56:40.0782 2912        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:56:40.0798 2912        RDPDR - ok
11:56:40.0845 2912        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:56:40.0891 2912        RDPENCDD - ok
11:56:40.0907 2912        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:56:40.0954 2912        RDPREFMP - ok
11:56:41.0001 2912        RDPWD          (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
11:56:41.0032 2912        RDPWD - ok
11:56:41.0094 2912        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:56:41.0110 2912        rdyboost - ok
11:56:41.0141 2912        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
11:56:41.0203 2912        RemoteAccess - ok
11:56:41.0235 2912        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
11:56:41.0297 2912        RemoteRegistry - ok
11:56:41.0359 2912        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
11:56:41.0406 2912        RFCOMM - ok
11:56:41.0422 2912        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
11:56:41.0469 2912        RpcEptMapper - ok
11:56:41.0515 2912        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
11:56:41.0547 2912        RpcLocator - ok
11:56:41.0593 2912        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:56:41.0656 2912        RpcSs - ok
11:56:41.0687 2912        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:56:41.0718 2912        rspndr - ok
11:56:41.0749 2912        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
11:56:41.0781 2912        s3cap - ok
11:56:41.0812 2912        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:56:41.0843 2912        SamSs - ok
11:56:41.0874 2912        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:56:41.0890 2912        sbp2port - ok
11:56:41.0921 2912        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
11:56:41.0968 2912        SCardSvr - ok
11:56:41.0999 2912        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:56:42.0061 2912        scfilter - ok
11:56:42.0155 2912        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
11:56:42.0217 2912        Schedule - ok
11:56:42.0249 2912        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:56:42.0295 2912        SCPolicySvc - ok
11:56:42.0342 2912        sdbus          (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
11:56:42.0373 2912        sdbus - ok
11:56:42.0405 2912        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
11:56:42.0420 2912        SDRSVC - ok
11:56:42.0467 2912        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:56:42.0514 2912        secdrv - ok
11:56:42.0545 2912        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
11:56:42.0607 2912        seclogon - ok
11:56:42.0623 2912        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
11:56:42.0670 2912        SENS - ok
11:56:42.0701 2912        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
11:56:42.0732 2912        SensrSvc - ok
11:56:42.0748 2912        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:56:42.0810 2912        Serenum - ok
11:56:42.0826 2912        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:56:42.0857 2912        Serial - ok
11:56:42.0888 2912        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:56:42.0919 2912        sermouse - ok
11:56:42.0966 2912        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
11:56:43.0013 2912        SessionEnv - ok
11:56:43.0060 2912        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
11:56:43.0091 2912        sffdisk - ok
11:56:43.0107 2912        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:56:43.0122 2912        sffp_mmc - ok
11:56:43.0138 2912        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
11:56:43.0153 2912        sffp_sd - ok
11:56:43.0185 2912        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:56:43.0216 2912        sfloppy - ok
11:56:43.0263 2912        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
11:56:43.0325 2912        SharedAccess - ok
11:56:43.0372 2912        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
11:56:43.0434 2912        ShellHWDetection - ok
11:56:43.0465 2912        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:56:43.0497 2912        sisagp - ok
11:56:43.0528 2912        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:56:43.0543 2912        SiSRaid2 - ok
11:56:43.0559 2912        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:56:43.0575 2912        SiSRaid4 - ok
11:56:43.0606 2912        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:56:43.0637 2912        Smb - ok
11:56:43.0684 2912        SMSCIRDA        (d1bf7148144ad1851893e84363f78130) C:\Windows\system32\DRIVERS\SMSCirda.sys
11:56:43.0731 2912        SMSCIRDA - ok
11:56:43.0793 2912        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
11:56:43.0824 2912        SNMPTRAP - ok
11:56:43.0855 2912        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:56:43.0871 2912        spldr - ok
11:56:43.0933 2912        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
11:56:43.0980 2912        Spooler - ok
11:56:44.0214 2912        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
11:56:44.0339 2912        sppsvc - ok
11:56:44.0448 2912        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
11:56:44.0495 2912        sppuinotify - ok
11:56:44.0557 2912        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:56:44.0604 2912        srv - ok
11:56:44.0651 2912        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:56:44.0682 2912        srv2 - ok
11:56:44.0729 2912        SrvHsfHDA      (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:56:44.0760 2912        SrvHsfHDA - ok
11:56:44.0838 2912        SrvHsfV92      (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
11:56:44.0885 2912        SrvHsfV92 - ok
11:56:44.0963 2912        SrvHsfWinac    (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
11:56:44.0994 2912        SrvHsfWinac - ok
11:56:45.0041 2912        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:56:45.0057 2912        srvnet - ok
11:56:45.0103 2912        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
11:56:45.0150 2912        SSDPSRV - ok
11:56:45.0213 2912        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
11:56:45.0228 2912        ssmdrv - ok
11:56:45.0244 2912        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
11:56:45.0291 2912        SstpSvc - ok
11:56:45.0322 2912        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:56:45.0337 2912        stexstor - ok
11:56:45.0353 2912        StillCam        (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
11:56:45.0400 2912        StillCam - ok
11:56:45.0447 2912        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
11:56:45.0493 2912        StiSvc - ok
11:56:45.0540 2912        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
11:56:45.0571 2912        storflt - ok
11:56:45.0587 2912        StorSvc        (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
11:56:45.0618 2912        StorSvc - ok
11:56:45.0634 2912        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
11:56:45.0649 2912        storvsc - ok
11:56:45.0665 2912        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:56:45.0681 2912        swenum - ok
11:56:45.0712 2912        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
11:56:45.0759 2912        swprv - ok
11:56:45.0821 2912        SynTP          (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys
11:56:45.0837 2912        SynTP - ok
11:56:45.0946 2912        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
11:56:46.0008 2912        SysMain - ok
11:56:46.0039 2912        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
11:56:46.0071 2912        TabletInputService - ok
11:56:46.0133 2912        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
11:56:46.0180 2912        TapiSrv - ok
11:56:46.0211 2912        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
11:56:46.0258 2912        TBS - ok
11:56:46.0398 2912        Tcpip          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
11:56:46.0445 2912        Tcpip - ok
11:56:46.0476 2912        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
11:56:46.0523 2912        TCPIP6 - ok
11:56:46.0570 2912        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:56:46.0632 2912        tcpipreg - ok
11:56:46.0663 2912        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:56:46.0695 2912        TDPIPE - ok
11:56:46.0726 2912        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
11:56:46.0757 2912        TDTCP - ok
11:56:46.0804 2912        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:56:46.0897 2912        tdx - ok
11:56:46.0944 2912        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:56:46.0960 2912        TermDD - ok
11:56:47.0038 2912        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
11:56:47.0116 2912        TermService - ok
11:56:47.0147 2912        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
11:56:47.0178 2912        Themes - ok
11:56:47.0209 2912        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:56:47.0256 2912        THREADORDER - ok
11:56:47.0272 2912        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
11:56:47.0319 2912        TrkWks - ok
11:56:47.0397 2912        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
11:56:47.0475 2912        TrustedInstaller - ok
11:56:47.0490 2912        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:56:47.0521 2912        tssecsrv - ok
11:56:47.0553 2912        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:56:47.0584 2912        TsUsbFlt - ok
11:56:47.0631 2912        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:56:47.0693 2912        tunnel - ok
11:56:47.0724 2912        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:56:47.0740 2912        uagp35 - ok
11:56:47.0802 2912        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:56:47.0865 2912        udfs - ok
11:56:47.0896 2912        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
11:56:47.0927 2912        UI0Detect - ok
11:56:47.0974 2912        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:56:47.0989 2912        uliagpkx - ok
11:56:48.0036 2912        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
11:56:48.0052 2912        umbus - ok
11:56:48.0083 2912        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:56:48.0099 2912        UmPass - ok
11:56:48.0145 2912        UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
11:56:48.0177 2912        UmRdpService - ok
11:56:48.0223 2912        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
11:56:48.0270 2912        upnphost - ok
11:56:48.0286 2912        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
11:56:48.0333 2912        usbccgp - ok
11:56:48.0379 2912        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:56:48.0411 2912        usbcir - ok
11:56:48.0442 2912        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
11:56:48.0457 2912        usbehci - ok
11:56:48.0504 2912        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:56:48.0535 2912        usbhub - ok
11:56:48.0551 2912        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
11:56:48.0567 2912        usbohci - ok
11:56:48.0598 2912        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:56:48.0629 2912        usbprint - ok
11:56:48.0660 2912        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
11:56:48.0691 2912        usbscan - ok
11:56:48.0723 2912        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:56:48.0738 2912        USBSTOR - ok
11:56:48.0769 2912        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:56:48.0785 2912        usbuhci - ok
11:56:48.0801 2912        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
11:56:48.0863 2912        UxSms - ok
11:56:48.0910 2912        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:56:48.0925 2912        VaultSvc - ok
11:56:48.0972 2912        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:56:48.0988 2912        vdrvroot - ok
11:56:49.0066 2912        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
11:56:49.0113 2912        vds - ok
11:56:49.0144 2912        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:56:49.0175 2912        vga - ok
11:56:49.0191 2912        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:56:49.0237 2912        VgaSave - ok
11:56:49.0284 2912        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:56:49.0300 2912        vhdmp - ok
11:56:49.0331 2912        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:56:49.0347 2912        viaagp - ok
11:56:49.0362 2912        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:56:49.0393 2912        ViaC7 - ok
11:56:49.0409 2912        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:56:49.0425 2912        viaide - ok
11:56:49.0456 2912        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
11:56:49.0471 2912        vmbus - ok
11:56:49.0487 2912        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
11:56:49.0534 2912        VMBusHID - ok
11:56:49.0565 2912        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:56:49.0581 2912        volmgr - ok
11:56:49.0627 2912        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:56:49.0643 2912        volmgrx - ok
11:56:49.0690 2912        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:56:49.0705 2912        volsnap - ok
11:56:49.0737 2912        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:56:49.0768 2912        vsmraid - ok
11:56:49.0861 2912        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
11:56:49.0939 2912        VSS - ok
11:56:49.0955 2912        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
11:56:49.0986 2912        vwifibus - ok
11:56:50.0033 2912        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
11:56:50.0095 2912        W32Time - ok
11:56:50.0127 2912        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:56:50.0142 2912        WacomPen - ok
11:56:50.0189 2912        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:56:50.0251 2912        WANARP - ok
11:56:50.0267 2912        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:56:50.0298 2912        Wanarpv6 - ok
11:56:50.0392 2912        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
11:56:50.0454 2912        wbengine - ok
11:56:50.0485 2912        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
11:56:50.0517 2912        WbioSrvc - ok
11:56:50.0563 2912        WcesComm        (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
11:56:50.0595 2912        WcesComm - ok
11:56:50.0641 2912        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
11:56:50.0688 2912        wcncsvc - ok
11:56:50.0704 2912        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
11:56:50.0735 2912        WcsPlugInService - ok
11:56:50.0782 2912        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:56:50.0797 2912        Wd - ok
11:56:50.0844 2912        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:56:50.0875 2912        Wdf01000 - ok
11:56:50.0907 2912        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:56:50.0922 2912        WdiServiceHost - ok
11:56:50.0938 2912        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:56:50.0953 2912        WdiSystemHost - ok
11:56:51.0000 2912        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
11:56:51.0047 2912        WebClient - ok
11:56:51.0078 2912        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
11:56:51.0125 2912        Wecsvc - ok
11:56:51.0141 2912        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
11:56:51.0203 2912        wercplsupport - ok
11:56:51.0219 2912        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
11:56:51.0265 2912        WerSvc - ok
11:56:51.0281 2912        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:56:51.0328 2912        WfpLwf - ok
11:56:51.0343 2912        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:56:51.0359 2912        WIMMount - ok
11:56:51.0421 2912        winachsf        (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:56:51.0453 2912        winachsf - ok
11:56:51.0577 2912        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
11:56:51.0624 2912        WinDefend - ok
11:56:51.0640 2912        WinHttpAutoProxySvc - ok
11:56:51.0780 2912        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
11:56:51.0827 2912        Winmgmt - ok
11:56:51.0952 2912        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
11:56:52.0030 2912        WinRM - ok
11:56:52.0123 2912        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
11:56:52.0170 2912        WinUsb - ok
11:56:52.0248 2912        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
11:56:52.0311 2912        Wlansvc - ok
11:56:52.0373 2912        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:56:52.0389 2912        WmiAcpi - ok
11:56:52.0467 2912        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
11:56:52.0513 2912        wmiApSrv - ok
11:56:52.0607 2912        WMIService      (d4dbd5df926a2a16f6f148559e006075) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
11:56:52.0638 2912        WMIService ( UnsignedFile.Multi.Generic ) - warning
11:56:52.0638 2912        WMIService - detected UnsignedFile.Multi.Generic (1)
11:56:52.0825 2912        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:56:52.0872 2912        WMPNetworkSvc - ok
11:56:52.0981 2912        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
11:56:52.0997 2912        WPCSvc - ok
11:56:53.0044 2912        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
11:56:53.0075 2912        WPDBusEnum - ok
11:56:53.0122 2912        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:56:53.0169 2912        ws2ifsl - ok
11:56:53.0200 2912        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
11:56:53.0231 2912        wscsvc - ok
11:56:53.0247 2912        WSearch - ok
11:56:53.0434 2912        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
11:56:53.0512 2912        wuauserv - ok
11:56:53.0668 2912        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:56:53.0715 2912        WudfPf - ok
11:56:53.0746 2912        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:56:53.0777 2912        WUDFRd - ok
11:56:53.0824 2912        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
11:56:53.0871 2912        wudfsvc - ok
11:56:53.0902 2912        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
11:56:53.0933 2912        WwanSvc - ok
11:56:53.0964 2912        XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
11:56:53.0995 2912        XAudio - ok
11:56:54.0042 2912        XAudioService  (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
11:56:54.0058 2912        XAudioService - ok
11:56:54.0105 2912        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:56:54.0448 2912        \Device\Harddisk0\DR0 - ok
11:56:54.0448 2912        Boot (0x1200)  (a0444e99c1e34d6dd371dc93c601125f) \Device\Harddisk0\DR0\Partition0
11:56:54.0463 2912        \Device\Harddisk0\DR0\Partition0 - ok
11:56:54.0479 2912        Boot (0x1200)  (526638cd647cccf0b95d81b0b50b345a) \Device\Harddisk0\DR0\Partition1
11:56:54.0479 2912        \Device\Harddisk0\DR0\Partition1 - ok
11:56:54.0510 2912        Boot (0x1200)  (575f68d1b17f2bb7351acb46a51aaaf1) \Device\Harddisk0\DR0\Partition2
11:56:54.0510 2912        \Device\Harddisk0\DR0\Partition2 - ok
11:56:54.0510 2912        ============================================================
11:56:54.0510 2912        Scan finished
11:56:54.0510 2912        ============================================================
11:56:54.0526 1160        Detected object count: 2
11:56:54.0526 1160        Actual detected object count: 2
11:57:19.0923 1160        BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:19.0923 1160        BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:57:19.0923 1160        WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:19.0923 1160        WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Gruß
Blobbit

cosinus 06.07.2012 11:59
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Blobbit 06.07.2012 12:52
Hier der Report von ComboFix:

Code:
ComboFix 12-07-06.01 - *** 06.07.2012  13:31:37.1.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.3070.2261 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-06 bis 2012-07-06  ))))))))))))))))))))))))))))))
.
.
2012-07-06 09:16 . 2012-05-31 03:41        6762896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{377AE203-FFF0-4603-84D4-1B3001A1F4AF}\mpengine.dll
2012-07-06 08:25 . 2012-07-06 08:25        --------        d-----w-        C:\_OTL
2012-07-05 15:39 . 2012-07-05 15:39        --------        d-----w-        c:\program files\ESET
2012-07-04 08:28 . 2012-07-04 08:28        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-07-04 08:28 . 2012-07-04 08:28        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-04 08:28 . 2012-07-04 08:28        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-07-04 08:28 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-03 17:46 . 2012-07-03 17:46        --------        d-----w-        c:\program files\Common Files\Java
2012-07-03 17:46 . 2012-07-03 17:45        772592        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-07-03 17:45 . 2012-07-03 17:45        --------        d-----w-        c:\program files\Java
2012-06-25 07:30 . 2012-06-25 07:30        --------        d-----w-        c:\users\***\AppData\Local\Macromedia
2012-06-19 16:03 . 2012-06-02 22:19        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-19 16:03 . 2012-06-02 22:19        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-19 16:03 . 2012-06-02 22:12        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-19 16:03 . 2012-06-02 22:19        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-19 16:03 . 2012-06-02 22:19        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-19 16:03 . 2012-06-02 22:19        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-19 16:03 . 2012-06-02 22:12        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-19 16:03 . 2012-06-02 13:19        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-19 16:03 . 2012-06-02 13:12        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-16 19:36 . 2012-06-16 19:36        770384        ----a-w-        c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-16 19:36 . 2012-06-16 19:36        421200        ----a-w-        c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-13 15:12 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\system32\qdvd.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:45 . 2011-03-23 07:32        687600        ----a-w-        c:\windows\system32\deployJava1.dll
2012-06-25 07:19 . 2012-04-04 14:25        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-06-25 07:19 . 2011-06-17 16:32        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 15:27 . 2011-10-15 07:03        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 15:27 . 2011-10-15 07:03        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-06-16 19:36 . 2011-05-06 14:18        85472        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 09:26        114688        ------w-        c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-04-06 07:01        119608        ----a-w-        c:\program files\ICQ7.4\ICQ.exe
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-09 17:54]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-09 17:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bew6pf6y.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-RocketDock - c:\program files\RocketDock\RocketDock.exe
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-06  13:44:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-06 11:44
.
Vor Suchlauf: 8.099.622.912 Bytes frei
Nach Suchlauf: 8.003.424.256 Bytes frei
.
- - End Of File - - 4C5CDAB31841D5A22C73C106CB5CAE69

Gruß
Blobbit


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:05 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129