Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows Notfall Sicherheits- Update Center // Verschlüsselungstrojaner (https://www.trojaner-board.de/116410-windows-notfall-sicherheits-update-center-verschluesselungstrojaner.html)

Bennsen 03.06.2012 21:39
Windows Notfall Sicherheits- Update Center // Verschlüsselungstrojaner
 
Hallo zusammen,

habe mir leider den Verschlüsselungstrojaner eingefangen.

Den Scan mit Malwarebytes Anti-Malware habe ich bereits durchgeführt. Leider ohne Befund:

Zitat:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.03.06

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Benni :: *** [Administrator]

Schutz: Deaktiviert

03.06.2012 21:40:45
mbam-log-2012-06-03 (21-40-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 363572
Laufzeit: 36 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Wie geht's nun weiter? :(

Edit: Haben nun noch die OTL.txt sowie die Extra.txt nachgereicht.

cosinus 05.06.2012 20:48
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Allgemeine Hinweise bzgl. des Verschlüsselungstrojaners:
Wann genau deine Daten entschlüsselt werden können wird dir niemand genau sagen können außer vllt einer :glaskugel: es kann sein, dass du eine neuere Variante hast, deren Verschlüsselungsalgorithmus noch unbekannt ist. Sowas kann man (noch) nicht entschlüsseln und ohne Schlüssel schon garnicht - ist ja auch logisch, sonst wär es ja keine vernünftige Verschlüsselung
Einfach hier nochmal reinsehen in regelmäßigen Abständen, obige Hinweise beachten. 8 Tools mitsamt hunderten Diskussionsbeiträgen stehen da schon

Entschlüsselungsversuche der verschlüsselten Dateien sind nur auf zusätzliche Kopien der verschlüsselten Dateien anzuwenden, sonst zerhackt man sich die noch weiter ohne die "original" verschlüsselte Datei mehr zu haben. Das willst du sicher nicht!

Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html

Bennsen 06.06.2012 17:26
Hallo cosinus, danke für dein Feedback.

Mittlerweile habe ich Montag, Dienstag und Mittwoch im abgesicherten Modus neue Scans durchgeführt. Der Scan vom Montag förderte infizierte Daten ans Tageslicht. Die anderen beiden nicht. War wohl bis dato "nur" nicht bekannt.

Habe die Scans unten angehängt.


Den möglichen Verursacher habe ich noch auf dem E-Mail-Server bei web.de. So wie ich lesen konnte, mögt ihr diese auch gerne haben. Wie gehe ich bei web.de vor, wenn ich diesen euch zukommen lassen möchte?

Zitat:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.04.07

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Benni :: *** [Administrator]

Schutz: Deaktiviert

04.06.2012 21:22:27
mbam-log-2012-06-04 (21-22-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 363554
Laufzeit: 32 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ECC6A129 (Trojan.Agent) -> Daten: C:\Users\***\AppData\Roaming\Vvrvggurgv\A7ABADBBECC6A1295BC3.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\AppData\Roaming\Vvrvggurgv\A7ABADBBECC6A1295BC3.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Zitat:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.05.05

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Benni :: *** [Administrator]

Schutz: Deaktiviert

05.06.2012 18:54:11
mbam-log-2012-06-05 (18-54-11).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 363798
Laufzeit: 36 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Zitat:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.06.04

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Benni :: *** [Administrator]

Schutz: Deaktiviert

06.06.2012 17:30:58
mbam-log-2012-06-06 (17-30-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 363925
Laufzeit: 37 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 07.06.2012 11:15
Verdächtige Mails mit Anhang bitte an uns zur Analyse weiterleiten!
markusg - trojaner-board.de



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Bennsen 07.06.2012 22:27
Mails mit verdächtigen Daten sind raus.

Check mit ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=41ef56b324ca39499c971bdb4635804c
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-07 09:24:20
# local_time=2012-06-07 11:24:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 20473633 20473633 0 0
# compatibility_mode=5893 16776573 100 94 77750 90731203 0 0
# compatibility_mode=8192 67108863 100 0 136 136 0 0
# scanned=154830
# found=0
# cleaned=0
# scan_time=2907

cosinus 07.06.2012 22:29
Ok, danke! :daumenhoc

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? (abgesehen von der Verschlüsselung)
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Bennsen 07.06.2012 23:32
Zitat:
Zitat von cosinus (Beitrag 841997)
Ok, danke! :daumenhoc

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? (abgesehen von der Verschlüsselung)
Jap läuft wieder.


Zitat:
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
Im Startmenu auch alles normal, überall was drin und fehlende Daten sind mir bisher nicht aufgefallen.

cosinus 08.06.2012 09:18
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Bennsen 08.06.2012 12:16
und bitte sehr :)

Code:
OTL logfile created on: 6/8/2012 12:52:54 PM - Run 3
OTL by OldTimer - Version 3.2.46.0    Folder = C:\Users\Benni\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.80 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 57.05% Memory free
7.59 Gb Paging File | 5.29 Gb Available in Paging File | 69.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 199.75 Gb Free Space | 71.14% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.39 Gb Free Space | 70.00% Space Free | Partition Type: FAT32
 
Computer Name: *** | User Name: Benni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/06/03 22:43:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
PRC - [2012/05/08 19:43:52 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 19:43:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 19:43:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/11 20:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/07/06 18:20:10 | 001,698,360 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011/07/01 09:51:49 | 003,520,000 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files (x86)\Hardcopy\hardcopy.exe
PRC - [2011/04/22 14:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/03/18 09:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
PRC - [2011/03/16 12:26:42 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2011/03/16 12:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2010/10/19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2010/07/16 15:54:06 | 000,634,192 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2010/06/14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
PRC - [2010/05/08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010/05/08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/05/06 02:30:26 | 011,268,096 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2010/05/06 02:30:06 | 000,298,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2010/03/04 01:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/04 01:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/02/02 02:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2010/02/02 02:05:52 | 000,704,512 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
PRC - [2010/01/08 23:56:26 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010/01/08 23:55:54 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/12/29 23:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008/10/02 11:24:58 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\USBKVM Switcher\USBKVM.exe
PRC - [2008/04/25 13:25:42 | 005,147,136 | ---- | M] () -- C:\Program Files (x86)\teXXas\teXXas.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/10/07 16:56:22 | 000,323,584 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2011/07/01 09:49:14 | 002,920,960 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDllS.dll
MOD - [2011/03/18 09:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/09/30 10:14:19 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy_03.dll
MOD - [2010/04/21 11:00:35 | 000,058,368 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDLL2_30_Win32.dll
MOD - [2008/10/02 11:24:58 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\USBKVM Switcher\USBKVM.exe
MOD - [2008/04/25 13:25:42 | 005,147,136 | ---- | M] () -- C:\Program Files (x86)\teXXas\teXXas.exe
MOD - [2007/07/17 17:26:18 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\USBKVM Switcher\kEYHOOK.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/11/06 14:02:30 | 000,271,360 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2011/11/06 14:02:29 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/10/24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV:64bit: - [2011/09/12 18:08:46 | 000,142,904 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2011/05/13 14:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/07/21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/07/16 15:54:06 | 000,462,160 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/06/14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2010/02/18 23:52:30 | 002,045,232 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2010/02/02 02:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV:64bit: - [2010/02/02 02:05:52 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge)
SRV:64bit: - [2010/01/21 19:42:44 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/12/29 23:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/14 03:41:21 | 000,084,480 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/04 01:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2012/05/08 19:43:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 19:43:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/04/25 18:21:59 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/08/11 20:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/07/06 18:20:10 | 001,698,360 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011/04/22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/03/16 12:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010/10/19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/05/08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010/05/06 02:30:06 | 000,298,496 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 01:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/04 01:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/02/18 23:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010/01/08 23:55:54 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009/12/07 20:36:10 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/11/23 20:08:10 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/07/14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/05/08 19:43:52 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 19:43:52 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/06 14:02:31 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/10/11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/03 18:04:26 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/13 14:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 14:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/04/18 21:37:44 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2011/04/18 21:37:44 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2011/04/18 21:37:44 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2011/04/18 21:37:44 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2011/04/18 20:52:36 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/09/16 17:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6)
DRV:64bit: - [2010/09/12 22:31:45 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/04/21 21:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/09 15:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010/04/07 17:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/03/25 10:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/03/20 11:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/16 21:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/02/03 16:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/02/02 02:11:36 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock)
DRV:64bit: - [2010/02/02 02:11:34 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\RsvLock.sys -- (RsvLock)
DRV:64bit: - [2010/02/02 02:11:32 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot)
DRV:64bit: - [2010/02/01 21:12:14 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/01/30 07:46:04 | 000,089,344 | ---- | M] (Realtek Semiconductor Corp.) [2 MP Fixed] [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2010/01/21 19:42:48 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2010/01/19 06:40:04 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/01/08 23:45:26 | 000,409,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/07 20:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/07 20:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/01/07 20:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/07 20:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/07 19:37:40 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009/12/11 23:32:06 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/12/01 19:55:31 | 000,359,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/10/29 02:54:00 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/10/26 23:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/10/21 22:37:52 | 000,040,760 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2009/09/17 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:32:52 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/02/02 02:11:46 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/02/02 02:11:28 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010/02/02 02:11:24 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\rsvlock.sys -- (RsvLock)
DRV - [2010/02/02 02:11:22 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}
IE:64bit: - HKLM\..\SearchScopes\{72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}
IE - HKLM\..\SearchScopes\{72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2950353771-3107622344-1812751157-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-2950353771-3107622344-1812751157-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-2950353771-3107622344-1812751157-1002\..\SearchScopes,DefaultScope = {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}
IE - HKU\S-1-5-21-2950353771-3107622344-1812751157-1002\..\SearchScopes\{72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2950353771-3107622344-1812751157-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/12/04 14:43:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 18:21:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/10 20:56:38 | 000,000,000 | ---D | M]
 
[2011/12/30 15:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions
[2011/12/30 15:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012/05/03 19:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\u8az1igw.default\extensions
[2011/07/07 19:47:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/12/04 14:43:05 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PROTECTTOOLS SECURITY MANAGER\BIN\FIREFOXEXT
[2012/04/25 18:21:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/06/30 20:30:14 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/01 21:25:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/01 21:25:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/01 21:25:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/01 21:25:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/01 21:25:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/01 21:25:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2950353771-3107622344-1812751157-1002..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-2950353771-3107622344-1812751157-1002..\Run: [teXXas] C:\Program Files (x86)\teXXas\teXXas.exe ()
O4 - HKU\S-1-5-21-2950353771-3107622344-1812751157-1002..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2670FBF0-D659-497C-99CB-9CA7DF5C372E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C577670-A637-4B32-9E35-4D95C8501F26}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD741717-2B46-4C3E-B31B-C8A9CDDB3115}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D28C39D7-EF2C-4CA6-BB92-B5CD1BAE5CEE}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{26fb0b56-edcd-11e0-ba67-ac811257c045}\Shell - "" = AutoRun
O33 - MountPoints2\{26fb0b56-edcd-11e0-ba67-ac811257c045}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{26fb0b6c-edcd-11e0-ba67-ac811257c045}\Shell - "" = AutoRun
O33 - MountPoints2\{26fb0b6c-edcd-11e0-ba67-ac811257c045}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{717564dd-3fa8-11e1-b313-cc52af05ae12}\Shell - "" = AutoRun
O33 - MountPoints2\{717564dd-3fa8-11e1-b313-cc52af05ae12}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/07 22:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/07 22:32:34 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Benni\Desktop\esetsmartinstaller_enu.exe
[2012/06/06 22:28:58 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\Progs
[2012/06/06 22:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/06 22:26:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/06 22:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/06 22:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/06 22:20:28 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\Windows Beispielbilder
[2012/06/03 22:43:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2012/06/03 22:25:42 | 000,000,000 | ---D | C] -- C:\HP_RECOVERY_mountHPSF
[2012/06/03 21:38:26 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Malwarebytes
[2012/06/03 21:38:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/06/03 21:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/03 21:38:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/03 21:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/03 20:58:00 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Vvrvggurgv
[2012/05/25 19:11:36 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Q-Dir
[2012/05/25 19:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Q-Dir
[2012/05/25 19:11:34 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\Favorites_Q_Dir
[2012/05/25 19:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Q-Dir
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/08 12:26:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/08 12:11:38 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 12:11:38 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 12:08:45 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/08 12:08:45 | 000,656,294 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/06/08 12:08:45 | 000,616,800 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/08 12:08:45 | 000,130,894 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/06/08 12:08:45 | 000,107,180 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/08 12:04:01 | 4076,265,472 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/07 22:32:36 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Benni\Desktop\esetsmartinstaller_enu.exe
[2012/06/03 22:43:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2012/06/03 22:43:49 | 000,050,477 | ---- | M] () -- C:\Users\Benni\Desktop\Defogger.exe
[2012/06/03 21:38:21 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/03 21:19:43 | 000,000,332 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForBenni.job
[2012/05/25 19:55:19 | 000,015,189 | ---- | M] () -- C:\windows\Q-Dir.ini
[2012/05/11 12:39:39 | 002,799,343 | ---- | M] () -- C:\Users\Benni\Desktop\Studienarbeit_Krutsch_Stand 10.05.2012.pdf
 
========== Files Created - No Company Name ==========
 
[2012/06/03 22:43:49 | 000,050,477 | ---- | C] () -- C:\Users\Benni\Desktop\Defogger.exe
[2012/06/03 21:38:21 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/25 19:11:25 | 000,015,189 | ---- | C] () -- C:\windows\Q-Dir.ini
[2011/10/07 16:56:22 | 000,323,584 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2011/05/19 09:50:58 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2011/05/19 09:50:58 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2010/09/12 22:42:11 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdffdid.sys
[2010/09/12 22:15:46 | 000,000,202 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini
[2010/07/16 15:54:06 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2010/07/16 15:54:06 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2010/07/16 15:54:06 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2010/07/15 17:01:46 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
 
========== LOP Check ==========
 
[2011/07/07 18:15:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DigitalPersona
[2011/07/13 22:14:33 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\EAC
[2012/03/15 00:03:52 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\IrfanView
[2012/05/25 19:55:19 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Q-Dir
[2011/12/30 15:46:15 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TomTom
[2012/06/04 21:56:37 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Vvrvggurgv
[2012/04/25 18:19:57 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/12/13 22:56:05 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\AccurateRip
[2011/09/17 13:59:29 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Adobe
[2011/10/14 23:29:20 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Avira
[2011/07/07 18:15:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DigitalPersona
[2011/07/13 22:14:33 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\EAC
[2011/12/04 15:54:14 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Hewlett-Packard
[2011/12/04 15:54:44 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Hewlett-Packard Company
[2012/06/03 22:25:39 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\hpqLog
[2012/03/18 18:53:28 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\HpUpdate
[2011/07/07 19:43:26 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Identities
[2012/03/15 00:03:52 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\IrfanView
[2011/07/07 19:46:44 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Macromedia
[2012/06/03 21:38:26 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Malwarebytes
[2012/02/16 20:55:23 | 000,000,000 | --SD | M] -- C:\Users\Benni\AppData\Roaming\Microsoft
[2011/07/07 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Mozilla
[2012/05/25 19:55:19 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Q-Dir
[2011/10/28 18:50:43 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Roxio
[2012/05/17 00:59:13 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Skype
[2011/12/30 15:46:15 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TomTom
[2011/08/19 21:25:54 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\vlc
[2012/06/04 21:56:37 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Vvrvggurgv
[2012/01/23 23:09:18 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2012/01/17 20:48:02 | 000,010,134 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1f6d6691df50b157\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010/01/08 23:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2010/01/08 23:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\swsetup\Drivers\32\HDD\IaStor.sys
[2010/01/08 23:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\swsetup\INTELMSM\Winall\Driver\IaStor.sys
[2010/01/08 23:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2010/01/08 23:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\swsetup\Drivers\64\HDD\IaStor.sys
[2010/01/08 23:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\swsetup\INTELMSM\Winall\Driver64\IaStor.sys
[2010/01/08 23:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\windows\SysNative\drivers\iaStor.sys
[2010/01/08 23:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5db459a8209eb08e\iaStor.sys
[2010/01/08 23:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_9ec067702a498bab\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\windows\SysNative\netlogon.dll
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\windows\SysNative\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/09/12 22:24:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/09/12 22:24:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2010/09/12 22:24:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >

cosinus 08.06.2012 13:14
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: []  File not found
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{26fb0b56-edcd-11e0-ba67-ac811257c045}\Shell - "" = AutoRun
O33 - MountPoints2\{26fb0b56-edcd-11e0-ba67-ac811257c045}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{26fb0b6c-edcd-11e0-ba67-ac811257c045}\Shell - "" = AutoRun
O33 - MountPoints2\{26fb0b6c-edcd-11e0-ba67-ac811257c045}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{717564dd-3fa8-11e1-b313-cc52af05ae12}\Shell - "" = AutoRun
O33 - MountPoints2\{717564dd-3fa8-11e1-b313-cc52af05ae12}\Shell\AutoRun\command - "" = D:\AutoRun.exe
:Files
C:\Users\Benni\AppData\Roaming\Vvrvggurgv
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Bennsen 08.06.2012 15:43
Und auch das erledigt :)

Code:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26fb0b56-edcd-11e0-ba67-ac811257c045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26fb0b56-edcd-11e0-ba67-ac811257c045}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26fb0b56-edcd-11e0-ba67-ac811257c045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26fb0b56-edcd-11e0-ba67-ac811257c045}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26fb0b6c-edcd-11e0-ba67-ac811257c045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26fb0b6c-edcd-11e0-ba67-ac811257c045}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26fb0b6c-edcd-11e0-ba67-ac811257c045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26fb0b6c-edcd-11e0-ba67-ac811257c045}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{717564dd-3fa8-11e1-b313-cc52af05ae12}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{717564dd-3fa8-11e1-b313-cc52af05ae12}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{717564dd-3fa8-11e1-b313-cc52af05ae12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{717564dd-3fa8-11e1-b313-cc52af05ae12}\ not found.
File D:\AutoRun.exe not found.
========== FILES ==========
C:\Users\Benni\AppData\Roaming\Vvrvggurgv folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Benni
->Temp folder emptied: 847052214 bytes
->Temporary Internet Files folder emptied: 55000676 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 592452614 bytes
->Flash cache emptied: 31171 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 358738074 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,768.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Benni
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.46.0 log created on 06082012_163530

Files\Folders moved on Reboot...
C:\Users\Benni\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 08.06.2012 17:23
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Bennsen 09.06.2012 02:30
Code:
03:27:14.0141 4244        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
03:27:14.0330 4244        ============================================================
03:27:14.0330 4244        Current date / time: 2012/06/09 03:27:14.0330
03:27:14.0330 4244        SystemInfo:
03:27:14.0330 4244       
03:27:14.0331 4244        OS Version: 6.1.7600 ServicePack: 0.0
03:27:14.0331 4244        Product type: Workstation
03:27:14.0331 4244        ComputerName: ***
03:27:14.0331 4244        UserName: Benni
03:27:14.0331 4244        Windows directory: C:\windows
03:27:14.0331 4244        System windows directory: C:\windows
03:27:14.0331 4244        Running under WOW64
03:27:14.0331 4244        Processor architecture: Intel x64
03:27:14.0331 4244        Number of processors: 4
03:27:14.0331 4244        Page size: 0x1000
03:27:14.0331 4244        Boot type: Normal boot
03:27:14.0331 4244        ============================================================
03:27:14.0859 4244        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:27:14.0870 4244        ============================================================
03:27:14.0870 4244        \Device\Harddisk0\DR0:
03:27:14.0870 4244        MBR partitions:
03:27:14.0870 4244        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
03:27:14.0870 4244        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23197000
03:27:14.0870 4244        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2322D800, BlocksNum 0x1E00000
03:27:14.0870 4244        \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x2502D800, BlocksNum 0x3FD800
03:27:14.0870 4244        ============================================================
03:27:14.0894 4244        C: <-> \Device\Harddisk0\DR0\Partition1
03:27:14.0922 4244        F: <-> \Device\Harddisk0\DR0\Partition3
03:27:14.0923 4244        ============================================================
03:27:14.0923 4244        Initialize success
03:27:14.0923 4244        ============================================================
03:27:21.0559 2928        ============================================================
03:27:21.0559 2928        Scan started
03:27:21.0559 2928        Mode: Manual; SigCheck; TDLFS;
03:27:21.0559 2928        ============================================================
03:27:21.0962 2928        1394ohci        (69aa89a20dee08bfa650aab6ce37bd10) C:\windows\system32\drivers\1394ohci.sys
03:27:22.0065 2928        1394ohci - ok
03:27:22.0145 2928        ac.sharedstore  (5e8efeb338deb1f485420b090fe6c85e) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
03:27:22.0170 2928        ac.sharedstore - ok
03:27:22.0217 2928        Accelerometer  (5c368f4b04ed2a923e6afca2d37baff5) C:\windows\system32\DRIVERS\Accelerometer.sys
03:27:22.0258 2928        Accelerometer - ok
03:27:22.0304 2928        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
03:27:22.0334 2928        ACPI - ok
03:27:22.0372 2928        AcpiPmi        (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
03:27:22.0399 2928        AcpiPmi - ok
03:27:22.0512 2928        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
03:27:22.0527 2928        AdobeARMservice - ok
03:27:22.0581 2928        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
03:27:22.0614 2928        adp94xx - ok
03:27:22.0676 2928        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
03:27:22.0705 2928        adpahci - ok
03:27:22.0729 2928        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
03:27:22.0754 2928        adpu320 - ok
03:27:22.0784 2928        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
03:27:22.0857 2928        AeLookupSvc - ok
03:27:22.0962 2928        AESTFilters    (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
03:27:22.0983 2928        AESTFilters - ok
03:27:23.0047 2928        AFD            (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
03:27:23.0079 2928        AFD - ok
03:27:23.0117 2928        AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
03:27:23.0135 2928        AgereModemAudio - ok
03:27:23.0235 2928        AgereSoftModem  (a6ab6f0ace87da76b4c401813d18be95) C:\windows\system32\DRIVERS\agrsm64.sys
03:27:23.0275 2928        AgereSoftModem - ok
03:27:23.0308 2928        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
03:27:23.0329 2928        agp440 - ok
03:27:23.0368 2928        ALG            (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
03:27:23.0392 2928        ALG - ok
03:27:23.0420 2928        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
03:27:23.0440 2928        aliide - ok
03:27:23.0451 2928        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
03:27:23.0471 2928        amdide - ok
03:27:23.0500 2928        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
03:27:23.0522 2928        AmdK8 - ok
03:27:23.0553 2928        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
03:27:23.0575 2928        AmdPPM - ok
03:27:23.0617 2928        amdsata        (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
03:27:23.0639 2928        amdsata - ok
03:27:23.0682 2928        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
03:27:23.0707 2928        amdsbs - ok
03:27:23.0724 2928        amdxata        (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
03:27:23.0744 2928        amdxata - ok
03:27:23.0849 2928        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
03:27:23.0869 2928        AntiVirSchedulerService - ok
03:27:23.0923 2928        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
03:27:23.0940 2928        AntiVirService - ok
03:27:23.0975 2928        AppID          (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
03:27:24.0008 2928        AppID - ok
03:27:24.0032 2928        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
03:27:24.0106 2928        AppIDSvc - ok
03:27:24.0126 2928        Appinfo        (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
03:27:24.0147 2928        Appinfo - ok
03:27:24.0190 2928        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\windows\System32\appmgmts.dll
03:27:24.0213 2928        AppMgmt - ok
03:27:24.0250 2928        arc            (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
03:27:24.0271 2928        arc - ok
03:27:24.0292 2928        arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
03:27:24.0314 2928        arcsas - ok
03:27:24.0349 2928        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
03:27:24.0421 2928        AsyncMac - ok
03:27:24.0461 2928        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
03:27:24.0481 2928        atapi - ok
03:27:24.0555 2928        AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
03:27:24.0643 2928        AudioEndpointBuilder - ok
03:27:24.0653 2928        AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
03:27:24.0738 2928        AudioSrv - ok
03:27:24.0817 2928        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\windows\system32\DRIVERS\avgntflt.sys
03:27:24.0836 2928        avgntflt - ok
03:27:24.0869 2928        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\windows\system32\DRIVERS\avipbb.sys
03:27:24.0889 2928        avipbb - ok
03:27:24.0905 2928        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\windows\system32\DRIVERS\avkmgr.sys
03:27:24.0922 2928        avkmgr - ok
03:27:24.0962 2928        AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
03:27:24.0994 2928        AxInstSV - ok
03:27:25.0058 2928        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
03:27:25.0086 2928        b06bdrv - ok
03:27:25.0139 2928        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
03:27:25.0165 2928        b57nd60a - ok
03:27:25.0276 2928        BBSvc          (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
03:27:25.0303 2928        BBSvc - ok
03:27:25.0355 2928        BBUpdate        (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
03:27:25.0381 2928        BBUpdate - ok
03:27:25.0588 2928        BCM43XX        (35756e37d5fdee22fbf27090a14fe608) C:\windows\system32\DRIVERS\bcmwl664.sys
03:27:25.0696 2928        BCM43XX - ok
03:27:25.0838 2928        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
03:27:25.0859 2928        BDESVC - ok
03:27:25.0910 2928        Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
03:27:25.0981 2928        Beep - ok
03:27:26.0053 2928        BFE            (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll
03:27:26.0139 2928        BFE - ok
03:27:26.0204 2928        BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\System32\qmgr.dll
03:27:26.0296 2928        BITS - ok
03:27:26.0370 2928        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
03:27:26.0392 2928        blbdrive - ok
03:27:26.0417 2928        bowser          (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
03:27:26.0438 2928        bowser - ok
03:27:26.0471 2928        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
03:27:26.0498 2928        BrFiltLo - ok
03:27:26.0515 2928        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
03:27:26.0542 2928        BrFiltUp - ok
03:27:26.0586 2928        Browser        (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
03:27:26.0661 2928        Browser - ok
03:27:26.0693 2928        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
03:27:26.0720 2928        Brserid - ok
03:27:26.0738 2928        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
03:27:26.0765 2928        BrSerWdm - ok
03:27:26.0780 2928        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
03:27:26.0807 2928        BrUsbMdm - ok
03:27:26.0834 2928        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
03:27:26.0856 2928        BrUsbSer - ok
03:27:26.0894 2928        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
03:27:26.0915 2928        BthEnum - ok
03:27:26.0941 2928        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
03:27:26.0970 2928        BTHMODEM - ok
03:27:27.0003 2928        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
03:27:27.0032 2928        BthPan - ok
03:27:27.0089 2928        BTHPORT        (538392664fee486620dfea146f2500bc) C:\windows\System32\Drivers\BTHport.sys
03:27:27.0120 2928        BTHPORT - ok
03:27:27.0163 2928        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
03:27:27.0237 2928        bthserv - ok
03:27:27.0257 2928        BTHUSB          (6e71522e317b22257d8e37a1584b5829) C:\windows\System32\Drivers\BTHUSB.sys
03:27:27.0279 2928        BTHUSB - ok
03:27:27.0325 2928        btwaudio        (af838d8029ae7c27470862d63fa54d24) C:\windows\system32\drivers\btwaudio.sys
03:27:27.0342 2928        btwaudio - ok
03:27:27.0380 2928        btwavdt        (5c849bd7c78791c5cee9f4651d7fe38d) C:\windows\system32\DRIVERS\btwavdt.sys
03:27:27.0397 2928        btwavdt - ok
03:27:27.0514 2928        btwdins        (10ffb5fa51d5713d872b41a59dfc2213) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
03:27:27.0553 2928        btwdins - ok
03:27:27.0566 2928        btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys
03:27:27.0580 2928        btwl2cap - ok
03:27:27.0611 2928        btwrchid        (3e1991afa851a36dc978b0a1b0535c8b) C:\windows\system32\DRIVERS\btwrchid.sys
03:27:27.0626 2928        btwrchid - ok
03:27:27.0668 2928        cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
03:27:27.0741 2928        cdfs - ok
03:27:27.0782 2928        cdrom          (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
03:27:27.0806 2928        cdrom - ok
03:27:27.0849 2928        CertPropSvc    (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
03:27:27.0922 2928        CertPropSvc - ok
03:27:27.0936 2928        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
03:27:27.0963 2928        circlass - ok
03:27:27.0997 2928        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
03:27:28.0027 2928        CLFS - ok
03:27:28.0091 2928        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:27:28.0109 2928        clr_optimization_v2.0.50727_32 - ok
03:27:28.0158 2928        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:27:28.0176 2928        clr_optimization_v2.0.50727_64 - ok
03:27:28.0244 2928        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:27:28.0264 2928        clr_optimization_v4.0.30319_32 - ok
03:27:28.0301 2928        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:27:28.0319 2928        clr_optimization_v4.0.30319_64 - ok
03:27:28.0352 2928        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
03:27:28.0373 2928        CmBatt - ok
03:27:28.0396 2928        cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
03:27:28.0416 2928        cmdide - ok
03:27:28.0475 2928        CNG            (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
03:27:28.0518 2928        CNG - ok
03:27:28.0538 2928        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
03:27:28.0558 2928        Compbatt - ok
03:27:28.0583 2928        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
03:27:28.0610 2928        CompositeBus - ok
03:27:28.0620 2928        COMSysApp - ok
03:27:28.0668 2928        CpqDfw - ok
03:27:28.0699 2928        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
03:27:28.0719 2928        crcdisk - ok
03:27:28.0762 2928        CryptSvc        (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll
03:27:28.0838 2928        CryptSvc - ok
03:27:28.0887 2928        CSC            (4a6173c2279b498cd8f57cae504564cb) C:\windows\system32\drivers\csc.sys
03:27:28.0918 2928        CSC - ok
03:27:28.0967 2928        CscService      (873fbf927c06e5cee04dec617502f8fd) C:\windows\System32\cscsvc.dll
03:27:29.0000 2928        CscService - ok
03:27:29.0056 2928        DAMDrv          (a8ba4da23ac20bda23ca15234d42a3fa) C:\windows\system32\DRIVERS\DAMDrv64.sys
03:27:29.0071 2928        DAMDrv - ok
03:27:29.0150 2928        DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
03:27:29.0234 2928        DcomLaunch - ok
03:27:29.0341 2928        DCService.exe  (cc8b5c964b777f4ec3e89f13b4b5ff0f) C:\ProgramData\DatacardService\DCService.exe
03:27:29.0351 2928        DCService.exe ( UnsignedFile.Multi.Generic ) - warning
03:27:29.0351 2928        DCService.exe - detected UnsignedFile.Multi.Generic (1)
03:27:29.0469 2928        DEBridge        (e6e9610d76418357a7ec725989687cb4) c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
03:27:29.0489 2928        DEBridge ( UnsignedFile.Multi.Generic ) - warning
03:27:29.0490 2928        DEBridge - detected UnsignedFile.Multi.Generic (1)
03:27:29.0588 2928        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
03:27:29.0666 2928        defragsvc - ok
03:27:29.0730 2928        DfsC            (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
03:27:29.0751 2928        DfsC - ok
03:27:29.0796 2928        Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
03:27:29.0834 2928        Dhcp - ok
03:27:29.0861 2928        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
03:27:29.0933 2928        discache - ok
03:27:29.0975 2928        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
03:27:29.0996 2928        Disk - ok
03:27:30.0028 2928        Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
03:27:30.0053 2928        Dnscache - ok
03:27:30.0092 2928        dot3svc        (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
03:27:30.0169 2928        dot3svc - ok
03:27:30.0263 2928        DpHost          (e0e65ed0985a28fb18128d6099e985c4) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
03:27:30.0290 2928        DpHost - ok
03:27:30.0309 2928        DPS            (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
03:27:30.0386 2928        DPS - ok
03:27:30.0416 2928        drmkaud        (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
03:27:30.0443 2928        drmkaud - ok
03:27:30.0552 2928        DXGKrnl        (46156d3d372b502cd8c063c8e2b1cdc2) C:\windows\System32\drivers\dxgkrnl.sys
03:27:30.0600 2928        DXGKrnl - ok
03:27:30.0658 2928        e1kexpress      (e6bdb3c7ef35d82ff987576b9cf07a57) C:\windows\system32\DRIVERS\e1k62x64.sys
03:27:30.0681 2928        e1kexpress - ok
03:27:30.0714 2928        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
03:27:30.0788 2928        EapHost - ok
03:27:31.0006 2928        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
03:27:31.0094 2928        ebdrv - ok
03:27:31.0202 2928        EFS            (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
03:27:31.0223 2928        EFS - ok
03:27:31.0325 2928        ehRecvr        (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
03:27:31.0359 2928        ehRecvr - ok
03:27:31.0386 2928        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
03:27:31.0410 2928        ehSched - ok
03:27:31.0485 2928        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
03:27:31.0521 2928        elxstor - ok
03:27:31.0536 2928        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
03:27:31.0557 2928        ErrDev - ok
03:27:31.0623 2928        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
03:27:31.0705 2928        EventSystem - ok
03:27:31.0763 2928        ewusbnet        (23b79b19f49a037eba4a9a3bb03ed91d) C:\windows\system32\DRIVERS\ewusbnet.sys
03:27:31.0785 2928        ewusbnet - ok
03:27:31.0826 2928        ew_hwusbdev    (e2cbb821c7cae0ef8b56de28ed85c740) C:\windows\system32\DRIVERS\ew_hwusbdev.sys
03:27:31.0846 2928        ew_hwusbdev - ok
03:27:31.0896 2928        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
03:27:31.0970 2928        exfat - ok
03:27:32.0001 2928        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
03:27:32.0076 2928        fastfat - ok
03:27:32.0149 2928        Fax            (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
03:27:32.0184 2928        Fax - ok
03:27:32.0217 2928        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
03:27:32.0239 2928        fdc - ok
03:27:32.0257 2928        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
03:27:32.0330 2928        fdPHost - ok
03:27:32.0339 2928        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
03:27:32.0414 2928        FDResPub - ok
03:27:32.0452 2928        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
03:27:32.0473 2928        FileInfo - ok
03:27:32.0489 2928        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
03:27:32.0562 2928        Filetrace - ok
03:27:32.0668 2928        FLCDLOCK        (614b050875190ffe7abbaf0cbb4fbbba) c:\Windows\SysWOW64\flcdlock.exe
03:27:32.0690 2928        FLCDLOCK - ok
03:27:32.0724 2928        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
03:27:32.0744 2928        flpydisk - ok
03:27:32.0777 2928        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
03:27:32.0802 2928        FltMgr - ok
03:27:32.0898 2928        FontCache      (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll
03:27:32.0942 2928        FontCache - ok
03:27:33.0026 2928        FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:27:33.0041 2928        FontCache3.0.0.0 - ok
03:27:33.0083 2928        FsDepends      (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
03:27:33.0105 2928        FsDepends - ok
03:27:33.0123 2928        Fs_Rec          (d3e3f93d67821a2db2b3d9fac2dc2064) C:\windows\system32\drivers\Fs_Rec.sys
03:27:33.0143 2928        Fs_Rec - ok
03:27:33.0176 2928        fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
03:27:33.0206 2928        fvevol - ok
03:27:33.0249 2928        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
03:27:33.0270 2928        gagp30kx - ok
03:27:33.0343 2928        gpsvc          (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
03:27:33.0392 2928        gpsvc - ok
03:27:33.0420 2928        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
03:27:33.0441 2928        hcw85cir - ok
03:27:33.0497 2928        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
03:27:33.0531 2928        HdAudAddService - ok
03:27:33.0566 2928        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
03:27:33.0595 2928        HDAudBus - ok
03:27:33.0637 2928        HECIx64        (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
03:27:33.0653 2928        HECIx64 - ok
03:27:33.0672 2928        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
03:27:33.0693 2928        HidBatt - ok
03:27:33.0720 2928        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
03:27:33.0748 2928        HidBth - ok
03:27:33.0791 2928        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
03:27:33.0819 2928        HidIr - ok
03:27:33.0853 2928        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
03:27:33.0927 2928        hidserv - ok
03:27:33.0962 2928        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
03:27:33.0982 2928        HidUsb - ok
03:27:34.0004 2928        hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
03:27:34.0080 2928        hkmsvc - ok
03:27:34.0099 2928        HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
03:27:34.0125 2928        HomeGroupListener - ok
03:27:34.0163 2928        HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
03:27:34.0188 2928        HomeGroupProvider - ok
03:27:34.0321 2928        HP Power Assistant Service (fcd7a3d515b7ba9276e7c82a45b4ab02) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
03:27:34.0340 2928        HP Power Assistant Service - ok
03:27:34.0414 2928        HP ProtectTools Service (657e81df0625198c97f91c09ae9611fc) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
03:27:34.0424 2928        HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
03:27:34.0424 2928        HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
03:27:34.0470 2928        HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
03:27:34.0486 2928        HP Support Assistant Service - ok
03:27:34.0535 2928        HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
03:27:34.0552 2928        HP Wireless Assistant Service - ok
03:27:34.0636 2928        HPDayStarterService (a4a0e006a1826ea2629e59de2008bb9d) c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
03:27:34.0643 2928        HPDayStarterService ( UnsignedFile.Multi.Generic ) - warning
03:27:34.0643 2928        HPDayStarterService - detected UnsignedFile.Multi.Generic (1)
03:27:34.0714 2928        HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
03:27:34.0734 2928        HPDrvMntSvc.exe - ok
03:27:34.0782 2928        hpdskflt        (4e0bec0f78096ffd6d3314b497fc49d3) C:\windows\system32\DRIVERS\hpdskflt.sys
03:27:34.0796 2928        hpdskflt - ok
03:27:34.0852 2928        HpFkCryptService (5afb3f9b74553bd933555e1c800d2ce1) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
03:27:34.0874 2928        HpFkCryptService - ok
03:27:34.0940 2928        HPFSService    (e123b122d5217f724b1d2641010c9d3c) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
03:27:34.0953 2928        HPFSService ( UnsignedFile.Multi.Generic ) - warning
03:27:34.0953 2928        HPFSService - detected UnsignedFile.Multi.Generic (1)
03:27:35.0110 2928        hpHotkeyMonitor (7d10e0f2f603a3ce65f0b9750f7abdb2) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
03:27:35.0176 2928        hpHotkeyMonitor - ok
03:27:35.0302 2928        HpqKbFiltr      (b98ee5d4535a685634b90f7e04de0df7) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
03:27:35.0317 2928        HpqKbFiltr - ok
03:27:35.0465 2928        hpqwmiex        (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
03:27:35.0509 2928        hpqwmiex - ok
03:27:35.0541 2928        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
03:27:35.0563 2928        HpSAMD - ok
03:27:35.0605 2928        hpsrv          (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\windows\system32\Hpservice.exe
03:27:35.0621 2928        hpsrv - ok
03:27:35.0700 2928        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
03:27:35.0786 2928        HTTP - ok
03:27:35.0826 2928        huawei_enumerator (08b1a06a55f068a17a51ba26618cf50f) C:\windows\system32\DRIVERS\ew_jubusenum.sys
03:27:35.0845 2928        huawei_enumerator - ok
03:27:35.0882 2928        hwdatacard      (6e5cd3984742a922d0c183c7e82c3c94) C:\windows\system32\DRIVERS\ewusbmdm.sys
03:27:35.0905 2928        hwdatacard - ok
03:27:35.0922 2928        hwpolicy        (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
03:27:35.0941 2928        hwpolicy - ok
03:27:35.0982 2928        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
03:27:36.0004 2928        i8042prt - ok
03:27:36.0111 2928        IAANTMON        (d782f0c741ee2d50ac8d38774597fb2b) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
03:27:36.0136 2928        IAANTMON - ok
03:27:36.0167 2928        iaStor          (dc0b4553d089e2bd07aebd9ea30beafb) C:\windows\system32\DRIVERS\iaStor.sys
03:27:36.0193 2928        iaStor - ok
03:27:36.0252 2928        iaStorV        (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
03:27:36.0283 2928        iaStorV - ok
03:27:36.0419 2928        idsvc          (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:27:36.0460 2928        idsvc - ok
03:27:37.0095 2928        igfx            (2a22ab054f4630d2ef4bab2853f6d5f6) C:\windows\system32\DRIVERS\igdkmd64.sys
03:27:37.0338 2928        igfx - ok
03:27:37.0483 2928        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
03:27:37.0504 2928        iirsp - ok
03:27:37.0576 2928        IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
03:27:37.0667 2928        IKEEXT - ok
03:27:37.0717 2928        Impcd          (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
03:27:37.0735 2928        Impcd - ok
03:27:37.0793 2928        IntcDAud        (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
03:27:37.0816 2928        IntcDAud - ok
03:27:37.0860 2928        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
03:27:37.0879 2928        intelide - ok
03:27:37.0905 2928        intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
03:27:37.0927 2928        intelppm - ok
03:27:37.0953 2928        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
03:27:38.0027 2928        IPBusEnum - ok
03:27:38.0053 2928        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
03:27:38.0128 2928        IpFilterDriver - ok
03:27:38.0184 2928        iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
03:27:38.0265 2928        iphlpsvc - ok
03:27:38.0294 2928        IPMIDRV        (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
03:27:38.0314 2928        IPMIDRV - ok
03:27:38.0338 2928        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
03:27:38.0406 2928        IPNAT - ok
03:27:38.0431 2928        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
03:27:38.0461 2928        IRENUM - ok
03:27:38.0479 2928        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
03:27:38.0500 2928        isapnp - ok
03:27:38.0526 2928        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
03:27:38.0552 2928        iScsiPrt - ok
03:27:38.0572 2928        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
03:27:38.0592 2928        kbdclass - ok
03:27:38.0619 2928        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
03:27:38.0640 2928        kbdhid - ok
03:27:38.0677 2928        KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
03:27:38.0698 2928        KeyIso - ok
03:27:38.0716 2928        KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
03:27:38.0738 2928        KSecDD - ok
03:27:38.0757 2928        KSecPkg        (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
03:27:38.0781 2928        KSecPkg - ok
03:27:38.0807 2928        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
03:27:38.0881 2928        ksthunk - ok
03:27:38.0931 2928        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
03:27:39.0012 2928        KtmRm - ok
03:27:39.0070 2928        LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\windows\system32\srvsvc.dll
03:27:39.0093 2928        LanmanServer - ok
03:27:39.0124 2928        LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
03:27:39.0193 2928        LanmanWorkstation - ok
03:27:39.0281 2928        LightScribeService (c34411a244029f1c08687f7c752c4563) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
03:27:39.0288 2928        LightScribeService ( UnsignedFile.Multi.Generic ) - warning
03:27:39.0288 2928        LightScribeService - detected UnsignedFile.Multi.Generic (1)
03:27:39.0333 2928        lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
03:27:39.0407 2928        lltdio - ok
03:27:39.0445 2928        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
03:27:39.0525 2928        lltdsvc - ok
03:27:39.0552 2928        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
03:27:39.0626 2928        lmhosts - ok
03:27:39.0724 2928        LMS            (271f79326cd571bd271d45c47148ed78) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
03:27:39.0746 2928        LMS - ok
03:27:39.0793 2928        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
03:27:39.0816 2928        LSI_FC - ok
03:27:39.0834 2928        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
03:27:39.0856 2928        LSI_SAS - ok
03:27:39.0871 2928        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
03:27:39.0891 2928        LSI_SAS2 - ok
03:27:39.0923 2928        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
03:27:39.0946 2928        LSI_SCSI - ok
03:27:39.0979 2928        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
03:27:40.0052 2928        luafv - ok
03:27:40.0098 2928        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
03:27:40.0116 2928        MBAMProtector - ok
03:27:40.0186 2928        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
03:27:40.0221 2928        MBAMService - ok
03:27:40.0268 2928        Mcx2Svc        (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
03:27:40.0292 2928        Mcx2Svc - ok
03:27:40.0323 2928        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
03:27:40.0343 2928        megasas - ok
03:27:40.0377 2928        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
03:27:40.0404 2928        MegaSR - ok
03:27:40.0448 2928        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
03:27:40.0521 2928        MMCSS - ok
03:27:40.0546 2928        Modem          (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
03:27:40.0619 2928        Modem - ok
03:27:40.0647 2928        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
03:27:40.0674 2928        monitor - ok
03:27:40.0712 2928        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
03:27:40.0732 2928        mouclass - ok
03:27:40.0775 2928        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
03:27:40.0796 2928        mouhid - ok
03:27:40.0827 2928        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
03:27:40.0848 2928        mountmgr - ok
03:27:40.0940 2928        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:27:40.0959 2928        MozillaMaintenance - ok
03:27:40.0989 2928        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
03:27:41.0012 2928        mpio - ok
03:27:41.0033 2928        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
03:27:41.0108 2928        mpsdrv - ok
03:27:41.0176 2928        MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\windows\system32\mpssvc.dll
03:27:41.0263 2928        MpsSvc - ok
03:27:41.0321 2928        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
03:27:41.0351 2928        MRxDAV - ok
03:27:41.0386 2928        mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
03:27:41.0407 2928        mrxsmb - ok
03:27:41.0447 2928        mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
03:27:41.0472 2928        mrxsmb10 - ok
03:27:41.0488 2928        mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
03:27:41.0510 2928        mrxsmb20 - ok
03:27:41.0551 2928        msahci          (2ba4ff3d5eb68587dd662a896f649c7d) C:\windows\system32\drivers\msahci.sys
03:27:41.0572 2928        msahci - ok
03:27:41.0608 2928        msdsm          (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
03:27:41.0632 2928        msdsm - ok
03:27:41.0667 2928        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
03:27:41.0694 2928        MSDTC - ok
03:27:41.0737 2928        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
03:27:41.0809 2928        Msfs - ok
03:27:41.0833 2928        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
03:27:41.0906 2928        mshidkmdf - ok
03:27:41.0923 2928        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
03:27:41.0943 2928        msisadrv - ok
03:27:41.0976 2928        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
03:27:42.0050 2928        MSiSCSI - ok
03:27:42.0054 2928        msiserver - ok
03:27:42.0081 2928        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
03:27:42.0149 2928        MSKSSRV - ok
03:27:42.0153 2928        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
03:27:42.0219 2928        MSPCLOCK - ok
03:27:42.0224 2928        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
03:27:42.0291 2928        MSPQM - ok
03:27:42.0328 2928        MsRPC          (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
03:27:42.0356 2928        MsRPC - ok
03:27:42.0389 2928        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
03:27:42.0408 2928        mssmbios - ok
03:27:42.0420 2928        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
03:27:42.0487 2928        MSTEE - ok
03:27:42.0502 2928        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
03:27:42.0522 2928        MTConfig - ok
03:27:42.0540 2928        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
03:27:42.0560 2928        Mup - ok
03:27:42.0614 2928        napagent        (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
03:27:42.0696 2928        napagent - ok
03:27:42.0738 2928        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
03:27:42.0774 2928        NativeWifiP - ok
03:27:42.0853 2928        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
03:27:42.0902 2928        NDIS - ok
03:27:42.0924 2928        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
03:27:42.0998 2928        NdisCap - ok
03:27:43.0020 2928        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
03:27:43.0093 2928        NdisTapi - ok
03:27:43.0130 2928        Ndisuio        (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
03:27:43.0203 2928        Ndisuio - ok
03:27:43.0227 2928        NdisWan        (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
03:27:43.0294 2928        NdisWan - ok
03:27:43.0308 2928        NDProxy        (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
03:27:43.0375 2928        NDProxy - ok
03:27:43.0403 2928        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
03:27:43.0469 2928        NetBIOS - ok
03:27:43.0501 2928        NetBT          (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
03:27:43.0570 2928        NetBT - ok
03:27:43.0610 2928        Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
03:27:43.0632 2928        Netlogon - ok
03:27:43.0685 2928        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
03:27:43.0769 2928        Netman - ok
03:27:43.0806 2928        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
03:27:43.0891 2928        netprofm - ok
03:27:43.0975 2928        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:27:43.0993 2928        NetTcpPortSharing - ok
03:27:44.0499 2928        NETw5s64        (39ede676d17f37af4573c2b33ec28aca) C:\windows\system32\DRIVERS\NETw5s64.sys
03:27:44.0677 2928        NETw5s64 - ok
03:27:44.0926 2928        Netzmanager Service (70b5b4e69a07895df30291cab6abda54) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
03:27:44.0991 2928        Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
03:27:44.0991 2928        Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
03:27:45.0114 2928        nfrd960        (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
03:27:45.0134 2928        nfrd960 - ok
03:27:45.0187 2928        NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
03:27:45.0267 2928        NlaSvc - ok
03:27:45.0292 2928        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
03:27:45.0364 2928        Npfs - ok
03:27:45.0376 2928        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
03:27:45.0448 2928        nsi - ok
03:27:45.0470 2928        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
03:27:45.0534 2928        nsiproxy - ok
03:27:45.0667 2928        Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
03:27:45.0738 2928        Ntfs - ok
03:27:45.0838 2928        Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
03:27:45.0909 2928        Null - ok
03:27:45.0959 2928        nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
03:27:45.0982 2928        nvraid - ok
03:27:46.0020 2928        nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
03:27:46.0044 2928        nvstor - ok
03:27:46.0086 2928        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
03:27:46.0109 2928        nv_agp - ok
03:27:46.0138 2928        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
03:27:46.0159 2928        ohci1394 - ok
03:27:46.0252 2928        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:27:46.0271 2928        ose - ok
03:27:46.0651 2928        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
03:27:46.0825 2928        osppsvc - ok
03:27:46.0964 2928        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
03:27:46.0990 2928        p2pimsvc - ok
03:27:47.0029 2928        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
03:27:47.0059 2928        p2psvc - ok
03:27:47.0101 2928        Parport        (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
03:27:47.0124 2928        Parport - ok
03:27:47.0155 2928        partmgr        (90061b1acfe8ccaa5345750ffe08d8b8) C:\windows\system32\drivers\partmgr.sys
03:27:47.0177 2928        partmgr - ok
03:27:47.0200 2928        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
03:27:47.0235 2928        PcaSvc - ok
03:27:47.0262 2928        pci            (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
03:27:47.0286 2928        pci - ok
03:27:47.0320 2928        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
03:27:47.0340 2928        pciide - ok
03:27:47.0382 2928        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
03:27:47.0407 2928        pcmcia - ok
03:27:47.0435 2928        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
03:27:47.0456 2928        pcw - ok
03:27:47.0509 2928        pdfcDispatcher - ok
03:27:47.0568 2928        PdiService      (4a8cc4d25525f456069887d5e8c53225) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
03:27:47.0585 2928        PdiService - ok
03:27:47.0635 2928        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
03:27:47.0721 2928        PEAUTH - ok
03:27:47.0824 2928        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\windows\system32\peerdistsvc.dll
03:27:47.0875 2928        PeerDistSvc - ok
03:27:47.0942 2928        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
03:27:47.0966 2928        PerfHost - ok
03:27:48.0137 2928        pla            (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
03:27:48.0240 2928        pla - ok
03:27:48.0310 2928        PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
03:27:48.0339 2928        PlugPlay - ok
03:27:48.0354 2928        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
03:27:48.0377 2928        PNRPAutoReg - ok
03:27:48.0414 2928        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
03:27:48.0443 2928        PNRPsvc - ok
03:27:48.0502 2928        PolicyAgent    (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
03:27:48.0586 2928        PolicyAgent - ok
03:27:48.0624 2928        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
03:27:48.0702 2928        Power - ok
03:27:48.0754 2928        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
03:27:48.0828 2928        PptpMiniport - ok
03:27:48.0858 2928        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
03:27:48.0880 2928        Processor - ok
03:27:48.0909 2928        ProfSvc        (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll
03:27:48.0987 2928        ProfSvc - ok
03:27:49.0011 2928        ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
03:27:49.0031 2928        ProtectedStorage - ok
03:27:49.0057 2928        Psched          (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
03:27:49.0125 2928        Psched - ok
03:27:49.0156 2928        PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
03:27:49.0171 2928        PxHlpa64 - ok
03:27:49.0285 2928        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
03:27:49.0357 2928        ql2300 - ok
03:27:49.0453 2928        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
03:27:49.0476 2928        ql40xx - ok
03:27:49.0512 2928        QWAVE          (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
03:27:49.0548 2928        QWAVE - ok
03:27:49.0572 2928        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
03:27:49.0603 2928        QWAVEdrv - ok
03:27:49.0616 2928        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
03:27:49.0690 2928        RasAcd - ok
03:27:49.0723 2928        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
03:27:49.0797 2928        RasAgileVpn - ok
03:27:49.0809 2928        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
03:27:49.0880 2928        RasAuto - ok
03:27:49.0897 2928        Rasl2tp        (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
03:27:49.0964 2928        Rasl2tp - ok
03:27:50.0008 2928        RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
03:27:50.0080 2928        RasMan - ok
03:27:50.0095 2928        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
03:27:50.0164 2928        RasPppoe - ok
03:27:50.0183 2928        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
03:27:50.0251 2928        RasSstp - ok
03:27:50.0282 2928        rdbss          (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
03:27:50.0353 2928        rdbss - ok
03:27:50.0378 2928        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
03:27:50.0404 2928        rdpbus - ok
03:27:50.0429 2928        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
03:27:50.0489 2928        RDPCDD - ok
03:27:50.0530 2928        RDPDR          (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\windows\system32\drivers\rdpdr.sys
03:27:50.0549 2928        RDPDR - ok
03:27:50.0571 2928        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
03:27:50.0637 2928        RDPENCDD - ok
03:27:50.0663 2928        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
03:27:50.0735 2928        RDPREFMP - ok
03:27:50.0777 2928        RDPWD          (074ac702d8b8b660b0e1371555995386) C:\windows\system32\drivers\RDPWD.sys
03:27:50.0800 2928        RDPWD - ok
03:27:50.0855 2928        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
03:27:50.0880 2928        rdyboost - ok
03:27:50.0908 2928        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
03:27:50.0981 2928        RemoteAccess - ok
03:27:51.0010 2928        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
03:27:51.0086 2928        RemoteRegistry - ok
03:27:51.0133 2928        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
03:27:51.0163 2928        RFCOMM - ok
03:27:51.0199 2928        rimspci        (3dca561aaf776aa2e356fb5b142aa5f8) C:\windows\system32\DRIVERS\rimspe64.sys
03:27:51.0214 2928        rimspci - ok
03:27:51.0231 2928        risdpcie        (c4581f04aa130892555b821f1fbaa151) C:\windows\system32\DRIVERS\risdpe64.sys
03:27:51.0247 2928        risdpcie - ok
03:27:51.0263 2928        rixdpcie        (a4579105a3c5b6290701ead0c153e07a) C:\windows\system32\DRIVERS\rixdpe64.sys
03:27:51.0279 2928        rixdpcie - ok
03:27:51.0487 2928        RoxMediaDB10    (c48ae8b3067261a48fcc31979a3a1eb9) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
03:27:51.0535 2928        RoxMediaDB10 - ok
03:27:51.0565 2928        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
03:27:51.0642 2928        RpcEptMapper - ok
03:27:51.0671 2928        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
03:27:51.0695 2928        RpcLocator - ok
03:27:51.0743 2928        RpcSs          (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
03:27:51.0829 2928        RpcSs - ok
03:27:51.0895 2928        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
03:27:51.0968 2928        rspndr - ok
03:27:51.0992 2928        RsvLock        (26e0d15fb1835f7ed638f157ccd2e04d) C:\windows\system32\drivers\RsvLock.sys
03:27:52.0007 2928        RsvLock - ok
03:27:52.0037 2928        rtsuvc          (39a1cf40aa29a16fe176b825195a3e0b) C:\windows\system32\DRIVERS\rtsuvc.sys
03:27:52.0057 2928        rtsuvc - ok
03:27:52.0079 2928        s3cap          (88af6e02ab19df7fd07ecdf9c91e9af6) C:\windows\system32\DRIVERS\vms3cap.sys
03:27:52.0100 2928        s3cap - ok
03:27:52.0115 2928        SafeBoot        (6ef8e5e3a079c97c70915cf740e89977) C:\windows\system32\drivers\SafeBoot.sys
03:27:52.0116 2928        Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 6ef8e5e3a079c97c70915cf740e89977
03:27:52.0116 2928        SafeBoot ( LockedFile.Multi.Generic ) - warning
03:27:52.0116 2928        SafeBoot - detected LockedFile.Multi.Generic (1)
03:27:52.0144 2928        SamSs          (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
03:27:52.0166 2928        SamSs - ok
03:27:52.0173 2928        SbAlg          (fd8714a36c4646de22ddc7e36f6d09ef) C:\windows\system32\drivers\SbAlg.sys
03:27:52.0189 2928        SbAlg - ok
03:27:52.0204 2928        SbFsLock        (43027f1996f3ac6bd54b8a871996b7b3) C:\windows\system32\drivers\SbFsLock.sys
03:27:52.0218 2928        SbFsLock - ok
03:27:52.0245 2928        sbp2port        (9f0439389fbd5b5f900966c5c66bcfab) C:\windows\system32\drivers\sbp2port.sys
03:27:52.0267 2928        sbp2port - ok
03:27:52.0307 2928        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
03:27:52.0383 2928        SCardSvr - ok
03:27:52.0408 2928        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
03:27:52.0481 2928        scfilter - ok
03:27:52.0567 2928        Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
03:27:52.0612 2928        Schedule - ok
03:27:52.0643 2928        SCPolicySvc    (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
03:27:52.0717 2928        SCPolicySvc - ok
03:27:52.0758 2928        sdbus          (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\DRIVERS\sdbus.sys
03:27:52.0780 2928        sdbus - ok
03:27:52.0808 2928        SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
03:27:52.0832 2928        SDRSVC - ok
03:27:52.0863 2928        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
03:27:52.0936 2928        secdrv - ok
03:27:52.0943 2928        seclogon        (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
03:27:53.0016 2928        seclogon - ok
03:27:53.0046 2928        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
03:27:53.0120 2928        SENS - ok
03:27:53.0147 2928        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
03:27:53.0169 2928        SensrSvc - ok
03:27:53.0195 2928        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
03:27:53.0217 2928        Serenum - ok
03:27:53.0248 2928        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
03:27:53.0269 2928        Serial - ok
03:27:53.0301 2928        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
03:27:53.0321 2928        sermouse - ok
03:27:53.0359 2928        SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
03:27:53.0434 2928        SessionEnv - ok
03:27:53.0452 2928        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
03:27:53.0471 2928        sffdisk - ok
03:27:53.0492 2928        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
03:27:53.0512 2928        sffp_mmc - ok
03:27:53.0523 2928        sffp_sd        (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
03:27:53.0544 2928        sffp_sd - ok
03:27:53.0562 2928        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
03:27:53.0583 2928        sfloppy - ok
03:27:53.0652 2928        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
03:27:53.0731 2928        SharedAccess - ok
03:27:53.0772 2928        ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
03:27:53.0817 2928        ShellHWDetection - ok
03:27:53.0845 2928        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
03:27:53.0865 2928        SiSRaid2 - ok
03:27:53.0884 2928        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
03:27:53.0905 2928        SiSRaid4 - ok
03:27:53.0981 2928        SkypeUpdate    (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
03:27:54.0000 2928        SkypeUpdate - ok
03:27:54.0037 2928        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
03:27:54.0112 2928        Smb - ok
03:27:54.0153 2928        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
03:27:54.0178 2928        SNMPTRAP - ok
03:27:54.0190 2928        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
03:27:54.0210 2928        spldr - ok
03:27:54.0261 2928        Spooler        (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
03:27:54.0291 2928        Spooler - ok
03:27:54.0511 2928        sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
03:27:54.0613 2928        sppsvc - ok
03:27:54.0721 2928        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
03:27:54.0795 2928        sppuinotify - ok
03:27:54.0868 2928        srv            (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
03:27:54.0896 2928        srv - ok
03:27:54.0936 2928        srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
03:27:54.0962 2928        srv2 - ok
03:27:54.0980 2928        srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
03:27:55.0002 2928        srvnet - ok
03:27:55.0044 2928        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
03:27:55.0121 2928        SSDPSRV - ok
03:27:55.0154 2928        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
03:27:55.0228 2928        SstpSvc - ok
03:27:55.0329 2928        STacSV          (f8807aaf697e1d20c9d7716a4941e574) C:\Program Files\IDT\WDM\STacSV64.exe
03:27:55.0352 2928        STacSV - ok
03:27:55.0381 2928        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
03:27:55.0402 2928        stexstor - ok
03:27:55.0455 2928        STHDA          (96df19a03d37f8568141612d31f0d035) C:\windows\system32\DRIVERS\stwrt64.sys
03:27:55.0482 2928        STHDA - ok
03:27:55.0534 2928        StillCam        (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
03:27:55.0562 2928        StillCam - ok
03:27:55.0627 2928        stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
03:27:55.0672 2928        stisvc - ok
03:27:55.0739 2928        stllssvr        (ad989072596ab313d7fa13bcf69573f7) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
03:27:55.0754 2928        stllssvr - ok
03:27:55.0795 2928        storflt        (ffd7a6f15b14234b5b0e5d49e7961895) C:\windows\system32\DRIVERS\vmstorfl.sys
03:27:55.0818 2928        storflt - ok
03:27:55.0850 2928        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\windows\system32\storsvc.dll
03:27:55.0872 2928        StorSvc - ok
03:27:55.0904 2928        storvsc        (8fccbefc5c440b3c23454656e551b09a) C:\windows\system32\DRIVERS\storvsc.sys
03:27:55.0924 2928        storvsc - ok
03:27:55.0942 2928        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
03:27:55.0961 2928        swenum - ok
03:27:56.0018 2928        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
03:27:56.0103 2928        swprv - ok
03:27:56.0234 2928        SynTP          (d268d2a0db2a2bbe963e688d0b039267) C:\windows\system32\DRIVERS\SynTP.sys
03:27:56.0291 2928        SynTP - ok
03:27:56.0510 2928        SysMain        (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
03:27:56.0581 2928        SysMain - ok
03:27:56.0655 2928        TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
03:27:56.0689 2928        TabletInputService - ok
03:27:56.0724 2928        TapiSrv        (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
03:27:56.0805 2928        TapiSrv - ok
03:27:56.0828 2928        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
03:27:56.0898 2928        TBS - ok
03:27:57.0079 2928        Tcpip          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\drivers\tcpip.sys
03:27:57.0156 2928        Tcpip - ok
03:27:57.0368 2928        TCPIP6          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\DRIVERS\tcpip.sys
03:27:57.0445 2928        TCPIP6 - ok
03:27:57.0521 2928        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
03:27:57.0594 2928        tcpipreg - ok
03:27:57.0617 2928        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
03:27:57.0638 2928        TDPIPE - ok
03:27:57.0661 2928        TDTCP          (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys
03:27:57.0682 2928        TDTCP - ok
03:27:57.0716 2928        tdx            (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
03:27:57.0790 2928        tdx - ok
03:27:57.0873 2928        TelekomNM6      (4283d7125ba4bd0cb50bb0f78b54257a) C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys
03:27:57.0889 2928        TelekomNM6 - ok
03:27:57.0929 2928        TermDD          (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
03:27:57.0950 2928        TermDD - ok
03:27:58.0015 2928        TermService    (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
03:27:58.0104 2928        TermService - ok
03:27:58.0119 2928        Themes          (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
03:27:58.0151 2928        Themes - ok
03:27:58.0182 2928        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
03:27:58.0253 2928        THREADORDER - ok
03:27:58.0323 2928        TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
03:27:58.0338 2928        TomTomHOMEService - ok
03:27:58.0371 2928        TPM            (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys
03:27:58.0391 2928        TPM - ok
03:27:58.0436 2928        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
03:27:58.0512 2928        TrkWks - ok
03:27:58.0573 2928        TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
03:27:58.0598 2928        TrustedInstaller - ok
03:27:58.0621 2928        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
03:27:58.0692 2928        tssecsrv - ok
03:27:58.0719 2928        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
03:27:58.0794 2928        tunnel - ok
03:27:58.0841 2928        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
03:27:58.0862 2928        uagp35 - ok
03:27:58.0910 2928        udfs            (0e5e962b5649d544be54e8c90761ea2b) C:\windows\system32\DRIVERS\udfs.sys
03:27:58.0937 2928        udfs - ok
03:27:58.0974 2928        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
03:27:58.0999 2928        UI0Detect - ok
03:27:59.0041 2928        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
03:27:59.0062 2928        uliagpkx - ok
03:27:59.0089 2928        umbus          (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
03:27:59.0110 2928        umbus - ok
03:27:59.0144 2928        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
03:27:59.0165 2928        UmPass - ok
03:27:59.0199 2928        UmRdpService    (af0ac98ee5077eb844413eb54287fde3) C:\windows\System32\umrdp.dll
03:27:59.0225 2928        UmRdpService - ok
03:27:59.0477 2928        UNS            (5713e039c0622f40347735cba460b8fc) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
03:27:59.0565 2928        UNS - ok
03:27:59.0668 2928        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
03:27:59.0742 2928        upnphost - ok
03:27:59.0800 2928        usbccgp        (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
03:27:59.0822 2928        usbccgp - ok
03:27:59.0859 2928        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
03:27:59.0887 2928        usbcir - ok
03:27:59.0905 2928        usbehci        (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
03:27:59.0925 2928        usbehci - ok
03:27:59.0967 2928        usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
03:27:59.0992 2928        usbhub - ok
03:28:00.0013 2928        usbohci        (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
03:28:00.0034 2928        usbohci - ok
03:28:00.0064 2928        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
03:28:00.0091 2928        usbprint - ok
03:28:00.0116 2928        USBSTOR        (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
03:28:00.0138 2928        USBSTOR - ok
03:28:00.0180 2928        usbuhci        (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
03:28:00.0199 2928        usbuhci - ok
03:28:00.0237 2928        usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
03:28:00.0260 2928        usbvideo - ok
03:28:00.0294 2928        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
03:28:00.0370 2928        UxSms - ok
03:28:00.0403 2928        VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
03:28:00.0424 2928        VaultSvc - ok
03:28:00.0625 2928        vcsFPService    (bbe2b5036d2ff45458c747fb2513591d) C:\windows\system32\vcsFPService.exe
03:28:00.0705 2928        vcsFPService - ok
03:28:00.0819 2928        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
03:28:00.0841 2928        vdrvroot - ok
03:28:00.0890 2928        vds            (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
03:28:00.0926 2928        vds - ok
03:28:00.0962 2928        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
03:28:00.0990 2928        vga - ok
03:28:01.0011 2928        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
03:28:01.0084 2928        VgaSave - ok
03:28:01.0122 2928        vhdmp          (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
03:28:01.0147 2928        vhdmp - ok
03:28:01.0173 2928        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
03:28:01.0193 2928        viaide - ok
03:28:01.0224 2928        vmbus          (1501699d7eda984abc4155a7da5738d1) C:\windows\system32\DRIVERS\vmbus.sys
03:28:01.0249 2928        vmbus - ok
03:28:01.0283 2928        VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\windows\system32\DRIVERS\VMBusHID.sys
03:28:01.0303 2928        VMBusHID - ok
03:28:01.0320 2928        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
03:28:01.0342 2928        volmgr - ok
03:28:01.0385 2928        volmgrx        (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
03:28:01.0415 2928        volmgrx - ok
03:28:01.0459 2928        volsnap        (c9d0eaf58d6ba71e128e715ea43ad87d) C:\windows\system32\drivers\volsnap.sys
03:28:01.0488 2928        volsnap - ok
03:28:01.0520 2928        vpcbus          (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\windows\system32\DRIVERS\vpchbus.sys
03:28:01.0543 2928        vpcbus - ok
03:28:01.0571 2928        vpcnfltr        (8acda395841538ce9713a67fe8b2a3eb) C:\windows\system32\DRIVERS\vpcnfltr.sys
03:28:01.0592 2928        vpcnfltr - ok
03:28:01.0624 2928        vpcusb          (31924e31bc315773e6d149b157db46d5) C:\windows\system32\DRIVERS\vpcusb.sys
03:28:01.0645 2928        vpcusb - ok
03:28:01.0672 2928        vpcuxd          (14578ff302b4c985c9740a0f327ae3c0) C:\windows\system32\DRIVERS\vpcuxd.sys
03:28:01.0691 2928        vpcuxd - ok
03:28:01.0745 2928        vpcvmm          (a5d16559d80cfa1dcb98f46410be5551) C:\windows\system32\drivers\vpcvmm.sys
03:28:01.0776 2928        vpcvmm - ok
03:28:01.0816 2928        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
03:28:01.0840 2928        vsmraid - ok
03:28:01.0962 2928        VSS            (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
03:28:02.0019 2928        VSS - ok
03:28:02.0144 2928        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
03:28:02.0171 2928        vwifibus - ok
03:28:02.0198 2928        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
03:28:02.0229 2928        vwififlt - ok
03:28:02.0259 2928        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
03:28:02.0290 2928        vwifimp - ok
03:28:02.0337 2928        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
03:28:02.0418 2928        W32Time - ok
03:28:02.0450 2928        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
03:28:02.0472 2928        WacomPen - ok
03:28:02.0510 2928        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
03:28:02.0585 2928        WANARP - ok
03:28:02.0589 2928        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
03:28:02.0659 2928        Wanarpv6 - ok
03:28:02.0776 2928        WatAdminSvc    (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
03:28:02.0832 2928        WatAdminSvc - ok
03:28:02.0947 2928        wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
03:28:03.0000 2928        wbengine - ok
03:28:03.0114 2928        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
03:28:03.0149 2928        WbioSrvc - ok
03:28:03.0196 2928        wcncsvc        (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
03:28:03.0225 2928        wcncsvc - ok
03:28:03.0248 2928        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
03:28:03.0270 2928        WcsPlugInService - ok
03:28:03.0318 2928        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
03:28:03.0338 2928        Wd - ok
03:28:03.0406 2928        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
03:28:03.0447 2928        Wdf01000 - ok
03:28:03.0466 2928        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
03:28:03.0501 2928        WdiServiceHost - ok
03:28:03.0506 2928        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
03:28:03.0543 2928        WdiSystemHost - ok
03:28:03.0573 2928        WebClient      (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
03:28:03.0599 2928        WebClient - ok
03:28:03.0644 2928        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
03:28:03.0724 2928        Wecsvc - ok
03:28:03.0743 2928        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
03:28:03.0821 2928        wercplsupport - ok
03:28:03.0857 2928        WerSvc          (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
03:28:03.0934 2928        WerSvc - ok
03:28:03.0995 2928        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
03:28:04.0067 2928        WfpLwf - ok
03:28:04.0086 2928        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
03:28:04.0105 2928        WIMMount - ok
03:28:04.0148 2928        WinDefend - ok
03:28:04.0157 2928        WinHttpAutoProxySvc - ok
03:28:04.0220 2928        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
03:28:04.0297 2928        Winmgmt - ok
03:28:04.0447 2928        WinRM          (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
03:28:04.0565 2928        WinRM - ok
03:28:04.0676 2928        WinUSB          (4d52c872018af7e18d078978dcc3f6f2) C:\windows\system32\DRIVERS\WinUSB.sys
03:28:04.0695 2928        WinUSB - ok
03:28:04.0767 2928        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
03:28:04.0813 2928        Wlansvc - ok
03:28:05.0005 2928        wlidsvc        (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:28:05.0093 2928        wlidsvc - ok
03:28:05.0211 2928        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
03:28:05.0233 2928        WmiAcpi - ok
03:28:05.0299 2928        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
03:28:05.0325 2928        wmiApSrv - ok
03:28:05.0360 2928        WMPNetworkSvc - ok
03:28:05.0387 2928        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
03:28:05.0409 2928        WPCSvc - ok
03:28:05.0431 2928        WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
03:28:05.0458 2928        WPDBusEnum - ok
03:28:05.0483 2928        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
03:28:05.0554 2928        ws2ifsl - ok
03:28:05.0589 2928        wscsvc          (8f9f3969933c02da96eb0f84576db43e) C:\windows\System32\wscsvc.dll
03:28:05.0612 2928        wscsvc - ok
03:28:05.0618 2928        WSearch - ok
03:28:05.0801 2928        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
03:28:05.0900 2928        wuauserv - ok
03:28:06.0026 2928        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
03:28:06.0100 2928        WudfPf - ok
03:28:06.0141 2928        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
03:28:06.0215 2928        WUDFRd - ok
03:28:06.0249 2928        wudfsvc        (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
03:28:06.0327 2928        wudfsvc - ok
03:28:06.0367 2928        WwanSvc        (bddc282b619424088752bddb2501572f) C:\windows\System32\wwansvc.dll
03:28:06.0394 2928        WwanSvc - ok
03:28:06.0454 2928        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
03:28:07.0338 2928        \Device\Harddisk0\DR0 - ok
03:28:07.0345 2928        Boot (0x1200)  (aff3909263e923176cacaf5aaca3414e) \Device\Harddisk0\DR0\Partition0
03:28:07.0347 2928        \Device\Harddisk0\DR0\Partition0 - ok
03:28:07.0367 2928        Boot (0x1200)  (fd025b9932901aafa6ba86e92a064f82) \Device\Harddisk0\DR0\Partition1
03:28:07.0369 2928        \Device\Harddisk0\DR0\Partition1 - ok
03:28:07.0395 2928        Boot (0x1200)  (7c1526f42e5b511dfedf7030ce403473) \Device\Harddisk0\DR0\Partition2
03:28:07.0397 2928        \Device\Harddisk0\DR0\Partition2 - ok
03:28:07.0418 2928        Boot (0x1200)  (d22fabfeb93ed4d1724e390e82ff7b40) \Device\Harddisk0\DR0\Partition3
03:28:07.0419 2928        \Device\Harddisk0\DR0\Partition3 - ok
03:28:07.0420 2928        ============================================================
03:28:07.0420 2928        Scan finished
03:28:07.0420 2928        ============================================================
03:28:07.0433 3160        Detected object count: 8
03:28:07.0434 3160        Actual detected object count: 8
03:28:22.0414 3160        DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
03:28:22.0414 3160        DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:28:22.0415 3160        DEBridge ( UnsignedFile.Multi.Generic ) - skipped by user
03:28:22.0415 3160        DEBridge ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:28:22.0418 3160        HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
03:28:22.0418 3160        HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:28:22.0422 3160        HPDayStarterService ( UnsignedFile.Multi.Generic ) - skipped by user
03:28:22.0422 3160        HPDayStarterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:28:22.0425 3160        HPFSService ( UnsignedFile.Multi.Generic ) - skipped by user
03:28:22.0425 3160        HPFSService ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:28:22.0428 3160        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
03:28:22.0428 3160        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:28:22.0431 3160        Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
03:28:22.0432 3160        Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
03:28:22.0435 3160        SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
03:28:22.0435 3160        SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip

cosinus 09.06.2012 23:00
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Bennsen 10.06.2012 14:11
An dieser Stelle mal herzlichen Dank für deine Hilfe und deine Zeit die du dir nimmst mich hier durchzuleiten :abklatsch:.

Anbei der Log des Combo Fix:

Code:
ComboFix 12-06-09.02 - Benni 10.06.2012  14:52:14.1.4 - x64
Microsoft Windows 7 Professional  6.1.7600.0.1252.49.1031.18.3887.2278 [GMT 2:00]
ausgeführt von:: c:\users\Benni\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-10 bis 2012-06-10  ))))))))))))))))))))))))))))))
.
.
2012-06-10 12:59 . 2012-06-10 12:59        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-09 00:55 . 2012-05-08 17:02        8955792        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8711081E-F0C5-4092-B31F-697C78B5B55B}\mpengine.dll
2012-06-09 00:53 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-09 00:53 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-09 00:53 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-09 00:53 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-09 00:53 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-09 00:53 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-09 00:53 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-09 00:53 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-09 00:53 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-08 14:35 . 2012-06-08 14:35        --------        d-----w-        C:\_OTL
2012-06-07 20:33 . 2012-06-07 20:33        --------        d-----w-        c:\program files (x86)\ESET
2012-06-06 20:26 . 2012-06-06 20:26        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-06-06 20:26 . 2012-06-06 20:26        --------        d-----w-        c:\program files (x86)\Oracle
2012-06-06 20:25 . 2012-04-04 16:47        772504        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-06-06 20:25 . 2012-04-04 16:47        687504        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-06-06 20:25 . 2012-06-06 20:25        --------        d-----w-        c:\program files (x86)\Java
2012-06-03 20:25 . 2012-06-03 20:25        --------        d-----w-        C:\HP_RECOVERY_mountHPSF
2012-06-03 19:38 . 2012-06-03 19:38        --------        d-----w-        c:\users\Benni\AppData\Roaming\Malwarebytes
2012-06-03 19:38 . 2012-06-03 19:38        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-03 19:38 . 2012-06-03 19:38        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-03 19:38 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-05-25 17:11 . 2012-05-25 17:55        --------        d-----w-        c:\users\Benni\AppData\Roaming\Q-Dir
2012-05-25 17:11 . 2012-05-25 17:11        --------        d-----w-        c:\program files (x86)\Q-Dir
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 22:54 . 2012-04-04 15:32        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-10 22:54 . 2011-07-07 17:54        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:43 . 2011-10-14 21:28        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-08 17:43 . 2011-10-14 21:28        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-04-02 05:34 . 2012-05-08 17:11        5504880        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-04-02 04:46 . 2012-05-08 17:11        3902320        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-04-02 04:46 . 2012-05-08 17:11        3958128        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-04-02 03:01 . 2012-05-08 17:11        3143680        ----a-w-        c:\windows\system32\win32k.sys
2012-03-30 11:09 . 2012-05-08 17:10        1895280        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:55 . 2012-05-08 17:10        75632        ----a-w-        c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2736128]
"teXXas"="c:\program files (x86)\teXXas\teXXas.exe" [2008-04-25 5147136]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-05-06 11268096]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-03-03 111640]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-07-06 323128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-11 658424]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2011-7-8 3520000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
USBKVM Switcher.lnk - c:\program files (x86)\USBKVM Switcher\USBKVM.exe [2012-2-5 188416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36        75320        ----a-w-        c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          DPPassFilter scecli
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]
R3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [2010-09-16 45664]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-11-06 89600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-09-12 142904]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-10-19 32768]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-06-14 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-05-06 298496]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-07-06 1698360]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-11 1128952]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-03 c:\windows\Tasks\HPCeeScheduleForBenni.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 413208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-06 489472]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-09-12 14904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8C577670-A637-4B32-9E35-4D95C8501F26}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{CD741717-2B46-4C3E-B31B-C8A9CDDB3115}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\u8az1igw.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-10  15:03:49
ComboFix-quarantined-files.txt  2012-06-10 13:03
.
Vor Suchlauf: 15 Verzeichnis(se), 214.756.265.984 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 214.377.959.424 Bytes frei
.
- - End Of File - - 451BE3302F3516F3A6BBE6796DCFBEFA
Während dem Scan kam übrigens auch noch eine Fehlermeldung, dass die PEV.exe einen Fehler verursacht hat und nicht weiter ausgeführt werden kann. Hierzu hieß es, dass eine Meldung kommt, wenn man eine Lösung hierfür hat.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:09 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131