Virenprogramm konnte einige Datein nicht öffnen

M.D. · 21.04.2012, 14:04

Hallo,

ich habe heute mein Virenprogramm - avast - laufen lassen und es konnte einige programme nicht öffnen. Ich benutze Windows 7 (64bit).

Danach habe ich HijackThis durchlaufen lassen und er zeigte mir unter anderem das hier:

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

(Wenn es notwendig ist stelle ich auch das gesammte Logfile hier rein)

Das Logfile von DDS:

[quote]
.DDS Logfile:

Code:

ATTFilter

DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_29
Run by xxxxxx at 14:23:43 on 2012-04-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4087.2944 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
mRun: [UIExec] "C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [<NO NAME>] 
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 83.169.185.161 83.169.185.225
TCP: Interfaces\{CD71A72C-134A-4437-B0C8-C66E26B7D3ED} : DhcpNameServer = 83.169.185.161 83.169.185.225
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B922D405-6D13-4A2B-AE89-08A030DA4402}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
{B922D405-6D13-4A2B-AE89-08A030DA4402}
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
mRun-x64: [UIExec] "C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [(Standard)] 
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
IE-X64: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=
FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-4-12 784792]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-30 44768]
R2 UI Assistant Service;UI Assistant Service;C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe [2011-8-27 247296]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 gupdate;Google Update-Dienst (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-29 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 253088]
S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;C:\Spiele\Dragonage\Origins\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-29 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-7-14 19544]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2012-04-21 04:58:42	8917360	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{50DA5133-48B2-49BD-A574-E43DC4044CA8}\mpengine.dll
2012-04-12 17:35:33	--------	d-----w-	C:\Program Files (x86)\pdfforge Toolbar
2012-04-12 17:35:33	--------	d-----w-	C:\Program Files (x86)\Common Files\Spigot
2012-04-12 17:35:33	--------	d-----w-	C:\Program Files (x86)\Application Updater
2012-04-11 04:24:27	81408	----a-w-	C:\Windows\System32\imagehlp.dll
2012-04-11 04:24:27	23408	----a-w-	C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 04:24:27	159232	----a-w-	C:\Windows\SysWow64\imagehlp.dll
2012-04-11 04:24:26	5120	----a-w-	C:\Windows\SysWow64\wmi.dll
2012-04-11 04:24:26	5120	----a-w-	C:\Windows\System32\wmi.dll
2012-04-11 04:24:26	220672	----a-w-	C:\Windows\System32\wintrust.dll
2012-04-11 04:24:26	172544	----a-w-	C:\Windows\SysWow64\wintrust.dll
2012-04-07 09:46:41	--------	d-----w-	C:\Users\xxxxxxxxxx\AppData\Local\Ubisoft Game Launcher
2012-04-07 09:46:11	--------	d-----w-	C:\ProgramData\Solidshield
2012-04-07 08:49:39	--------	d-----w-	C:\Users\xxxxx\AppData\Roaming\Ubisoft
2012-04-04 05:53:56	182160	----a-w-	C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53:56	182160	----a-w-	C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-03 18:08:35	418464	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M  ====================
.
2012-04-18 03:58:32	70304	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 23:15:19	41184	----a-w-	C:\Windows\avastSS.scr
2012-03-06 23:04:06	819032	----a-w-	C:\Windows\System32\drivers\aswSnx.sys
2012-03-06 23:02:20	53080	----a-w-	C:\Windows\System32\drivers\aswRdr2.sys
2012-03-06 23:01:52	69976	----a-w-	C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-02 14:17:10	466456	----a-w-	C:\Windows\System32\wrap_oal.dll
2012-03-02 14:17:10	444952	----a-w-	C:\Windows\SysWow64\wrap_oal.dll
2012-03-02 14:17:10	122904	----a-w-	C:\Windows\System32\OpenAL32.dll
2012-03-02 14:17:10	109080	----a-w-	C:\Windows\SysWow64\OpenAL32.dll
2012-02-28 06:56:48	2311168	----a-w-	C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56	1390080	----a-w-	C:\Windows\System32\wininet.dll
2012-02-28 06:48:57	1493504	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55	1799168	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21	1427456	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07	1127424	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-02-23 08:18:36	279656	------w-	C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26	1031680	----a-w-	C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22	826880	----a-w-	C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24	210944	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32	23552	----a-w-	C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07	1544192	----a-w-	C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43	1077248	----a-w-	C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34	3145728	----a-w-	C:\Windows\System32\win32k.sys
2012-01-25 06:38:39	77312	----a-w-	C:\Windows\System32\rdpwsx.dll
2012-01-25 06:38:38	149504	----a-w-	C:\Windows\System32\rdpcorekmts.dll
2012-01-25 06:33:30	9216	----a-w-	C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 14:24:07,11 ===============

--- --- ---

Ich sorge mich etwas, da ich mich mit soetwas nicht sehr auskenne. Ich bitte um Prüfung.

M.D.

cosinus · 21.04.2012, 17:27

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

M.D. · 22.04.2012, 11:22

Hallo,

ich habe jetzt alles gemacht.

Malwarebytes
Vorherige Logs habe ich nicht.

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.22.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
xxxxx:: xxxxxxxPC [Administrator]

22.04.2012 09:48:58
mbam-log-2012-04-22 (10-47-42).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 421062
Laufzeit: 55 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\xxxxxxx\Downloads\SoftonicDownloader_fuer_domination.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.

(Ende)

ESET Online Scanner

Code:

ATTFilter

 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=88dca47627960d418c13b104ef9a9629
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-22 09:02:59
# local_time=2012-04-22 11:02:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 66239376 66239376 0 0
# compatibility_mode=768 16777215 100 0 66252495 66252495 0 0
# compatibility_mode=5893 16776573 100 94 97058 86714830 0 0
# compatibility_mode=8192 67108863 100 0 257 257 0 0
# scanned=18313
# found=0
# cleaned=0
# scan_time=400
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=88dca47627960d418c13b104ef9a9629
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-22 10:08:38
# local_time=2012-04-22 12:08:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 66239885 66239885 0 0
# compatibility_mode=768 16777215 100 0 66256604 66256604 0 0
# compatibility_mode=5893 16776573 100 94 97567 86715339 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=230143
# found=3
# cleaned=0
# scan_time=3829
C:\Program Files (x86)\Trend Micro\HijackThis\backups\backup-20100714-185357-454.dll	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\xxxxxxx\Downloads\SoftonicDownloader_fuer_domination.exe	Win32/SoftonicDownloader application (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\9c9af.msi	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I

cosinus · 22.04.2012, 19:23

Zitat:

C:\Users\xxxxxxx\Downloads\SoftonicDownloader_fuer_domination.exe

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Zitat:

Keine Aktion durchgeführt.
-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

M.D. · 23.04.2012, 17:19

Hallo,

die Toolbar habe ich entfernt.

Und Malwarebytes gleich nochmal durchlaufen lassen. Es wurde nichts mehr gefunden.

Heißt das es war nur diese Toolbar?

Grüße

M.D.

cosinus · 23.04.2012, 21:16

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

M.D. · 25.04.2012, 15:31

1) ja
2) nein, alles vorhanden

cosinus · 25.04.2012, 15:46

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

M.D. · 26.04.2012, 17:01

Hallo,

ich habe alles gemacht wie du gesagt hast

Code:

ATTFilter

OTL logfile created on: 26.04.2012 17:24:30 - Run 1
OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\xxxxxx\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,51% Memory free
7,98 Gb Paging File | 6,64 Gb Available in Paging File | 83,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 770,57 Gb Free Space | 82,73% Space Free | Partition Type: NTFS
 
Computer Name: xxxxxx-PC | User Name: xxxxx| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.26 17:18:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxxxx\Downloads\OTL.exe
PRC - [2012.04.12 10:39:18 | 000,980,832 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.04.12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.11 18:13:20 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2010.01.13 19:14:00 | 000,247,296 | ---- | M] () -- C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.11 18:13:20 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
MOD - [2010.06.03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.08.18 03:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.04.18 05:58:32 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.01.13 19:14:00 | 000,247,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Spiele\Dragonage\Origins\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.07 01:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 01:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 01:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.07 01:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 01:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 01:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.10.29 19:28:24 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.10.29 19:28:24 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.08.20 18:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.08.18 04:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.08.17 13:20:46 | 001,235,968 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2006.06.02 15:39:08 | 000,215,552 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RT2500.sys -- (RT2500)
DRV - [2011.01.19 00:16:38 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.09.28 02:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-5975212467994412%3A4c9v7d-trzl&ie=UTF-8&q={searchTerms}&sa=Search&ub=_|0U0I0DzutDtDtD0EtB0EyBtD0E0A0EtAtN0P1C0S1Czu0P0D0F0CtN0C0H0Nzu0S0R0C0HyE|_&cr=552546863
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F F4 AE AB D4 C5 CA 01  [binary data]
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\..\SearchScopes\{D18A128F-CD2A-47D6-9BBD-6CA6194CFC95}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..extensions.enabledItems: {b66bc4c3-6d25-4a10-8c59-01daa9063051}:1.5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.30 20:59:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.15 08:11:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.11 16:14:59 | 000,000,000 | ---D | M]
 
[2011.08.11 17:49:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Extensions
[2011.08.11 17:49:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.04.12 19:35:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\ecy3sklo.default\extensions
[2010.10.02 13:09:01 | 000,000,000 | ---D | M] (FoxGame) -- C:\Users\xxxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\ecy3sklo.default\extensions\{b66bc4c3-6d25-4a10-8c59-01daa9063051}
[2012.03.02 06:55:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\ecy3sklo.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.04.20 06:09:54 | 000,000,950 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-1.xml
[2010.06.24 17:02:18 | 000,000,950 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-2.xml
[2010.06.28 13:02:23 | 000,000,950 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-3.xml
[2010.08.06 16:35:19 | 000,000,950 | ---- | M] () -- C:\Users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-4.xml
[2010.09.11 10:07:40 | 000,000,950 | ---- | M] () -- C:\Users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-5.xml
[2010.09.18 05:41:11 | 000,000,950 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-6.xml
[2011.08.05 10:05:51 | 000,000,950 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-7.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin.xml
[2012.01.26 07:24:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.15 08:11:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.30 12:52:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.25 07:52:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.25 07:52:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.25 07:52:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.25 07:52:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.25 07:52:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.25 07:52:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: avast! WebRep = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000..\Run: [PeerBlock] C:\Programme\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.161 83.169.185.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD71A72C-134A-4437-B0C8-C66E26B7D3ED}: DhcpNameServer = 83.169.185.161 83.169.185.225
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{db3ea4ca-c3fe-11e0-baea-000e2e70eae3}\Shell - "" = AutoRun
O33 - MountPoints2\{db3ea4ca-c3fe-11e0-baea-000e2e70eae3}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk -  - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: HP Update 4300C - hkey= - key= - C:\sj657\hpupdate.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.22 10:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.04.18 16:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.04.12 19:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.04.12 19:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2012.04.12 19:35:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.04.07 12:07:30 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Documents\ANNO 2070
[2012.04.07 11:46:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Local\Ubisoft Game Launcher
[2012.04.07 11:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2012.04.07 10:49:39 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Ubisoft
[2012.04.07 10:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.26 17:28:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.26 16:39:39 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.26 16:39:39 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.26 16:37:10 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.26 16:37:10 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.26 16:37:10 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.26 16:37:10 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.26 16:37:10 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.26 16:32:21 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.26 16:32:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.26 16:32:06 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.25 19:31:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.21 15:02:22 | 000,001,827 | ---- | M] () -- C:\Users\xxxxxxx\Desktop\Logfile.zip
[2012.04.21 14:05:32 | 000,000,000 | ---- | M] () -- C:\Users\xxxxxx\defogger_reenable
[2012.04.15 07:32:03 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.04.07 13:46:16 | 000,001,040 | ---- | M] () -- C:\Users\xxxxxxx\Desktop\Anno5 - Verknüpfung.lnk
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.30 20:59:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
 
========== Files Created - No Company Name ==========
 
[2012.04.21 14:56:06 | 000,001,827 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Logfile.zip
[2012.04.21 14:05:32 | 000,000,000 | ---- | C] () -- C:\Users\xxxxxx\defogger_reenable
[2012.04.07 13:46:16 | 000,001,040 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Anno5 - Verknüpfung.lnk
[2012.04.03 20:08:47 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2010.07.21 18:46:16 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2010.03.18 14:44:29 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxx\AppData\Roaming\Bullzip
[2010.06.16 13:37:13 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Canon
[2010.03.17 09:21:43 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\GHISLER
[2012.04.21 20:00:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxx\AppData\Roaming\ICQ
[2011.12.11 08:22:37 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Nokia
[2011.06.18 12:29:37 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\OpenCandy
[2010.07.26 13:44:40 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Opera
[2011.09.09 18:40:17 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxx\AppData\Roaming\Origin
[2010.07.21 18:43:26 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PC Suite
[2011.04.01 13:25:01 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxx\AppData\Roaming\Petroglyph
[2011.08.11 18:15:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Philips
[2011.08.11 17:48:51 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Philips-Songbird
[2010.03.19 15:34:13 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxx\AppData\Roaming\SpeedSim
[2010.03.27 16:38:37 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\SPORE
[2012.04.07 10:49:39 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Ubisoft
[2011.06.18 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Uniblue
[2012.04.26 16:32:17 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.29 07:11:27 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxx\AppData\Roaming\Adobe
[2010.07.09 15:22:26 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Apple Computer
[2011.05.05 11:18:05 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\ArcSoft
[2010.03.18 14:44:29 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Bullzip
[2010.06.16 13:37:13 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Canon
[2010.03.17 09:21:43 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\GHISLER
[2012.04.21 20:00:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\ICQ
[2010.03.16 17:39:19 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Identities
[2010.03.17 15:14:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\InstallShield
[2010.03.17 15:56:27 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Macromedia
[2010.07.14 12:32:30 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Media Center Programs
[2011.09.29 07:11:27 | 000,000,000 | --SD | M] -- C:\Users\xxxxx\AppData\Roaming\Microsoft
[2012.04.21 19:58:45 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\mIRC
[2010.03.17 15:40:52 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Mozilla
[2010.03.17 15:49:48 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Nero
[2011.12.11 08:22:37 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Nokia
[2011.06.18 12:29:37 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\OpenCandy
[2010.07.26 13:44:40 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Opera
[2011.09.09 18:40:17 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Origin
[2010.07.21 18:43:26 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\PC Suite
[2011.04.01 13:25:01 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Petroglyph
[2011.08.11 18:15:51 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Philips
[2011.08.11 17:48:51 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Philips-Songbird
[2010.03.20 16:47:15 | 000,000,000 | RH-D | M] -- C:\Users\xxxxx\AppData\Roaming\SecuROM
[2011.11.27 09:55:04 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Skype
[2010.03.19 15:34:13 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\SpeedSim
[2010.03.27 16:38:37 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\SPORE
[2012.04.07 10:49:39 | 000,000,000 | ---D | M] -- C:\Users\xxxxx\AppData\Roaming\Ubisoft
[2011.06.18 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Uniblue
[2011.04.01 13:18:56 | 000,000,000 | ---D | M] -- C:\Users\xxxx\AppData\Roaming\Xfire
 
< %APPDATA%\*.exe /s >
[2010.11.06 17:14:31 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.04.04 11:34:45 | 000,010,134 | R--- | M] () -- C:\Users\xxxx\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.06.07 20:58:20 | 005,845,432 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\xxxxxx\AppData\Roaming\OpenCandy\OpenCandy_46EEF2092F46467CB43256C7F9D0AFE7\driverscanner (9).exe
[2011.06.18 12:29:39 | 000,416,160 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\OpenCandy\OpenCandy_46EEF2092F46467CB43256C7F9D0AFE7\LatestDLMgr.exe
[2011.09.26 16:59:30 | 005,905,040 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\xxxxxx\AppData\Roaming\Uniblue\DriverScanner\_temp\ub.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.03.17 09:12:41 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.03.17 09:12:41 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

--- --- ---

cosinus · 26.04.2012, 19:57

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
SRV - [2012.04.12 10:31:34 | 000,784,792 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F F4 AE AB D4 C5 CA 01  [binary data]
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\..\SearchScopes\{D18A128F-CD2A-47D6-9BBD-6CA6194CFC95}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=302398&p={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
FF - user.js - File not found
[2012.04.20 06:09:54 | 000,000,950 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-1.xml
[2010.06.24 17:02:18 | 000,000,950 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-2.xml
[2010.06.28 13:02:23 | 000,000,950 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-3.xml
[2010.08.06 16:35:19 | 000,000,950 | ---- | M] () -- C:\Users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-4.xml
[2010.09.11 10:07:40 | 000,000,950 | ---- | M] () -- C:\Users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-5.xml
[2010.09.18 05:41:11 | 000,000,950 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-6.xml
[2011.08.05 10:05:51 | 000,000,950 | ---- | M] () -- C:\Users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-7.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{db3ea4ca-c3fe-11e0-baea-000e2e70eae3}\Shell - "" = AutoRun
O33 - MountPoints2\{db3ea4ca-c3fe-11e0-baea-000e2e70eae3}\Shell\AutoRun\command - "" = E:\setup.exe
:Files
C:\Program Files (x86)\pdfforge Toolbar
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Application Updater
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

M.D. · 27.04.2012, 13:40

Hallo

Was sind das eigentlich für programme?

Code:

ATTFilter

All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-2504710067-1709549152-2115112438-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2504710067-1709549152-2115112438-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2504710067-1709549152-2115112438-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll moved successfully.
HKEY_USERS\S-1-5-21-2504710067-1709549152-2115112438-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2504710067-1709549152-2115112438-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2504710067-1709549152-2115112438-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-2504710067-1709549152-2115112438-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D18A128F-CD2A-47D6-9BBD-6CA6194CFC95}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D18A128F-CD2A-47D6-9BBD-6CA6194CFC95}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=" removed from keyword.URL
C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\5.4\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db3ea4ca-c3fe-11e0-baea-000e2e70eae3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db3ea4ca-c3fe-11e0-baea-000e2e70eae3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db3ea4ca-c3fe-11e0-baea-000e2e70eae3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db3ea4ca-c3fe-11e0-baea-000e2e70eae3}\ not found.
File E:\setup.exe not found.
========== FILES ==========
C:\Program Files (x86)\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\5.4 folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Program Files (x86)\Application Updater folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: xxxxxxx
->Temp folder emptied: 2287138172 bytes
->Temporary Internet Files folder emptied: 183569947 bytes
->Java cache emptied: 21335637 bytes
->FireFox cache emptied: 175488254 bytes
->Google Chrome cache emptied: 8477713 bytes
->Opera cache emptied: 13886599 bytes
->Flash cache emptied: 58420 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11682227 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 6101036 bytes
 
Total Files Cleaned = 2.582,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: xxxxxx
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.1 log created on 04272012_142455

Files\Folders moved on Reboot...
C:\Users\xxxxxx\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Gruß
M.D.

cosinus · 27.04.2012, 13:48

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

M.D. · 27.04.2012, 14:57

So schon fertig.

Code:

ATTFilter

15:45:16.0219 1640	TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
15:45:16.0318 1640	============================================================
15:45:16.0318 1640	Current date / time: 2012/04/27 15:45:16.0318
15:45:16.0318 1640	SystemInfo:
15:45:16.0318 1640	
15:45:16.0319 1640	OS Version: 6.1.7601 ServicePack: 1.0
15:45:16.0319 1640	Product type: Workstation
15:45:16.0319 1640	ComputerName: xxxxxxx-PC
15:45:16.0319 1640	UserName: xxxxx
15:45:16.0319 1640	Windows directory: C:\Windows
15:45:16.0319 1640	System windows directory: C:\Windows
15:45:16.0319 1640	Running under WOW64
15:45:16.0319 1640	Processor architecture: Intel x64
15:45:16.0319 1640	Number of processors: 4
15:45:16.0319 1640	Page size: 0x1000
15:45:16.0319 1640	Boot type: Normal boot
15:45:16.0319 1640	============================================================
15:45:17.0323 1640	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:45:17.0329 1640	============================================================
15:45:17.0329 1640	\Device\Harddisk0\DR0:
15:45:17.0329 1640	MBR partitions:
15:45:17.0329 1640	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:45:17.0329 1640	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
15:45:17.0329 1640	============================================================
15:45:17.0360 1640	C: <-> \Device\Harddisk0\DR0\Partition1
15:45:17.0360 1640	============================================================
15:45:17.0360 1640	Initialize success
15:45:17.0360 1640	============================================================
15:48:10.0080 3628	============================================================
15:48:10.0080 3628	Scan started
15:48:10.0080 3628	Mode: Manual; SigCheck; TDLFS; 
15:48:10.0080 3628	============================================================
15:48:10.0455 3628	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:48:10.0564 3628	1394ohci - ok
15:48:10.0595 3628	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:48:10.0626 3628	ACPI - ok
15:48:10.0642 3628	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:48:10.0673 3628	AcpiPmi - ok
15:48:10.0751 3628	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:48:10.0767 3628	AdobeARMservice - ok
15:48:10.0923 3628	AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:48:10.0938 3628	AdobeFlashPlayerUpdateSvc - ok
15:48:11.0016 3628	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:48:11.0048 3628	adp94xx - ok
15:48:11.0094 3628	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:48:11.0126 3628	adpahci - ok
15:48:11.0141 3628	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:48:11.0157 3628	adpu320 - ok
15:48:11.0188 3628	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:48:11.0235 3628	AeLookupSvc - ok
15:48:11.0297 3628	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:48:11.0391 3628	AFD - ok
15:48:11.0422 3628	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:48:11.0438 3628	agp440 - ok
15:48:11.0453 3628	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:48:11.0500 3628	ALG - ok
15:48:11.0516 3628	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:48:11.0516 3628	aliide - ok
15:48:11.0562 3628	AMD External Events Utility (d696f317bd465a602566f8e1dcce15f7) C:\Windows\system32\atiesrxx.exe
15:48:11.0594 3628	AMD External Events Utility - ok
15:48:11.0609 3628	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:48:11.0609 3628	amdide - ok
15:48:11.0640 3628	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:48:11.0687 3628	AmdK8 - ok
15:48:11.0687 3628	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:48:11.0734 3628	AmdPPM - ok
15:48:11.0765 3628	amdsata         (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
15:48:11.0781 3628	amdsata - ok
15:48:11.0812 3628	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:48:11.0828 3628	amdsbs - ok
15:48:11.0843 3628	amdxata         (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
15:48:11.0859 3628	amdxata - ok
15:48:11.0890 3628	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:48:11.0937 3628	AppID - ok
15:48:11.0952 3628	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:48:11.0984 3628	AppIDSvc - ok
15:48:12.0030 3628	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:48:12.0077 3628	Appinfo - ok
15:48:12.0171 3628	Apple Mobile Device (2e3e53a6aef23e24f402c7855b9b1542) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:48:12.0186 3628	Apple Mobile Device - ok
15:48:12.0202 3628	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:48:12.0218 3628	arc - ok
15:48:12.0233 3628	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:48:12.0249 3628	arcsas - ok
15:48:12.0296 3628	aswFsBlk        (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
15:48:12.0358 3628	aswFsBlk - ok
15:48:12.0420 3628	aswMonFlt       (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
15:48:12.0436 3628	aswMonFlt - ok
15:48:12.0452 3628	aswRdr          (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
15:48:12.0483 3628	aswRdr - ok
15:48:12.0561 3628	aswSnx          (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
15:48:12.0592 3628	aswSnx - ok
15:48:12.0654 3628	aswSP           (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
15:48:12.0670 3628	aswSP - ok
15:48:12.0701 3628	aswTdi          (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
15:48:12.0717 3628	aswTdi - ok
15:48:12.0732 3628	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:48:12.0795 3628	AsyncMac - ok
15:48:12.0826 3628	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:48:12.0842 3628	atapi - ok
15:48:13.0122 3628	atikmdag        (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
15:48:13.0263 3628	atikmdag - ok
15:48:13.0403 3628	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:48:13.0512 3628	AudioEndpointBuilder - ok
15:48:13.0512 3628	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:48:13.0544 3628	AudioSrv - ok
15:48:13.0746 3628	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:48:13.0762 3628	avast! Antivirus - ok
15:48:13.0918 3628	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:48:13.0980 3628	AxInstSV - ok
15:48:14.0027 3628	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:48:14.0074 3628	b06bdrv - ok
15:48:14.0105 3628	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:48:14.0168 3628	b57nd60a - ok
15:48:14.0214 3628	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:48:14.0246 3628	BDESVC - ok
15:48:14.0277 3628	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:48:14.0355 3628	Beep - ok
15:48:14.0433 3628	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:48:14.0495 3628	BFE - ok
15:48:14.0589 3628	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:48:14.0651 3628	BITS - ok
15:48:14.0682 3628	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:48:14.0714 3628	blbdrive - ok
15:48:14.0807 3628	Bonjour Service (5ab58c337ac65837fe404462ad6265ab) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:48:14.0838 3628	Bonjour Service - ok
15:48:14.0885 3628	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:48:14.0901 3628	bowser - ok
15:48:14.0901 3628	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:48:14.0948 3628	BrFiltLo - ok
15:48:14.0948 3628	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:48:14.0963 3628	BrFiltUp - ok
15:48:15.0010 3628	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:48:15.0088 3628	Browser - ok
15:48:15.0104 3628	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:48:15.0135 3628	Brserid - ok
15:48:15.0135 3628	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:48:15.0150 3628	BrSerWdm - ok
15:48:15.0166 3628	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:48:15.0182 3628	BrUsbMdm - ok
15:48:15.0182 3628	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:48:15.0197 3628	BrUsbSer - ok
15:48:15.0213 3628	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:48:15.0213 3628	BTHMODEM - ok
15:48:15.0244 3628	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:48:15.0275 3628	bthserv - ok
15:48:15.0291 3628	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:48:15.0322 3628	cdfs - ok
15:48:15.0353 3628	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:48:15.0384 3628	cdrom - ok
15:48:15.0416 3628	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:48:15.0478 3628	CertPropSvc - ok
15:48:15.0478 3628	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:48:15.0494 3628	circlass - ok
15:48:15.0525 3628	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:48:15.0540 3628	CLFS - ok
15:48:15.0618 3628	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:48:15.0634 3628	clr_optimization_v2.0.50727_32 - ok
15:48:15.0665 3628	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:48:15.0681 3628	clr_optimization_v2.0.50727_64 - ok
15:48:15.0681 3628	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:48:15.0712 3628	CmBatt - ok
15:48:15.0759 3628	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:48:15.0774 3628	cmdide - ok
15:48:15.0821 3628	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:48:15.0899 3628	CNG - ok
15:48:15.0899 3628	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:48:15.0930 3628	Compbatt - ok
15:48:15.0977 3628	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:48:16.0008 3628	CompositeBus - ok
15:48:16.0008 3628	COMSysApp - ok
15:48:16.0040 3628	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:48:16.0055 3628	crcdisk - ok
15:48:16.0102 3628	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:48:16.0164 3628	CryptSvc - ok
15:48:16.0289 3628	DAUpdaterSvc    (914a7156b0c0f10be645a02e13f576b2) C:\Spiele\Dragonage\Origins\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
15:48:16.0305 3628	DAUpdaterSvc - ok
15:48:16.0352 3628	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:48:16.0398 3628	DcomLaunch - ok
15:48:16.0445 3628	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:48:16.0492 3628	defragsvc - ok
15:48:16.0508 3628	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:48:16.0570 3628	DfsC - ok
15:48:16.0617 3628	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:48:16.0695 3628	Dhcp - ok
15:48:16.0726 3628	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:48:16.0757 3628	discache - ok
15:48:16.0773 3628	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:48:16.0788 3628	Disk - ok
15:48:16.0835 3628	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:48:16.0866 3628	Dnscache - ok
15:48:16.0913 3628	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:48:16.0976 3628	dot3svc - ok
15:48:17.0022 3628	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:48:17.0054 3628	DPS - ok
15:48:17.0069 3628	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:48:17.0100 3628	drmkaud - ok
15:48:17.0194 3628	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:48:17.0241 3628	DXGKrnl - ok
15:48:17.0256 3628	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:48:17.0288 3628	EapHost - ok
15:48:17.0459 3628	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:48:17.0568 3628	ebdrv - ok
15:48:17.0678 3628	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:48:17.0693 3628	EFS - ok
15:48:17.0787 3628	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:48:17.0834 3628	ehRecvr - ok
15:48:17.0880 3628	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:48:17.0912 3628	ehSched - ok
15:48:17.0974 3628	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:48:18.0021 3628	elxstor - ok
15:48:18.0036 3628	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:48:18.0068 3628	ErrDev - ok
15:48:18.0130 3628	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:48:18.0177 3628	EventSystem - ok
15:48:18.0192 3628	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:48:18.0224 3628	exfat - ok
15:48:18.0255 3628	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:48:18.0317 3628	fastfat - ok
15:48:18.0395 3628	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:48:18.0442 3628	Fax - ok
15:48:18.0442 3628	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:48:18.0458 3628	fdc - ok
15:48:18.0473 3628	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:48:18.0536 3628	fdPHost - ok
15:48:18.0551 3628	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:48:18.0567 3628	FDResPub - ok
15:48:18.0582 3628	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:48:18.0598 3628	FileInfo - ok
15:48:18.0614 3628	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:48:18.0645 3628	Filetrace - ok
15:48:18.0645 3628	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:48:18.0660 3628	flpydisk - ok
15:48:18.0707 3628	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:48:18.0738 3628	FltMgr - ok
15:48:18.0832 3628	FontCache       (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
15:48:18.0926 3628	FontCache - ok
15:48:19.0004 3628	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:48:19.0035 3628	FontCache3.0.0.0 - ok
15:48:19.0050 3628	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:48:19.0066 3628	FsDepends - ok
15:48:19.0097 3628	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:48:19.0128 3628	Fs_Rec - ok
15:48:19.0160 3628	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:48:19.0191 3628	fvevol - ok
15:48:19.0222 3628	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:48:19.0238 3628	gagp30kx - ok
15:48:19.0284 3628	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:48:19.0300 3628	GEARAspiWDM - ok
15:48:19.0362 3628	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:48:19.0425 3628	gpsvc - ok
15:48:19.0503 3628	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:48:19.0518 3628	gupdate - ok
15:48:19.0534 3628	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:48:19.0534 3628	gupdatem - ok
15:48:19.0565 3628	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:48:19.0596 3628	hcw85cir - ok
15:48:19.0659 3628	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:48:19.0706 3628	HdAudAddService - ok
15:48:19.0752 3628	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:48:19.0784 3628	HDAudBus - ok
15:48:19.0784 3628	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:48:19.0799 3628	HidBatt - ok
15:48:19.0815 3628	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:48:19.0830 3628	HidBth - ok
15:48:19.0830 3628	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:48:19.0862 3628	HidIr - ok
15:48:19.0877 3628	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:48:19.0924 3628	hidserv - ok
15:48:19.0955 3628	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:48:19.0971 3628	HidUsb - ok
15:48:20.0018 3628	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:48:20.0096 3628	hkmsvc - ok
15:48:20.0158 3628	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:48:20.0174 3628	HomeGroupListener - ok
15:48:20.0220 3628	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:48:20.0252 3628	HomeGroupProvider - ok
15:48:20.0283 3628	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:48:20.0298 3628	HpSAMD - ok
15:48:20.0392 3628	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:48:20.0454 3628	HTTP - ok
15:48:20.0486 3628	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:48:20.0501 3628	hwpolicy - ok
15:48:20.0517 3628	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:48:20.0532 3628	i8042prt - ok
15:48:20.0579 3628	iaStorV         (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
15:48:20.0595 3628	iaStorV - ok
15:48:20.0673 3628	IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:48:20.0673 3628	IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:48:20.0673 3628	IDriverT - detected UnsignedFile.Multi.Generic (1)
15:48:20.0782 3628	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:48:20.0829 3628	idsvc - ok
15:48:20.0922 3628	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:48:20.0938 3628	iirsp - ok
15:48:21.0016 3628	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:48:21.0094 3628	IKEEXT - ok
15:48:21.0094 3628	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:48:21.0110 3628	intelide - ok
15:48:21.0141 3628	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:48:21.0156 3628	intelppm - ok
15:48:21.0172 3628	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:48:21.0203 3628	IPBusEnum - ok
15:48:21.0234 3628	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:48:21.0281 3628	IpFilterDriver - ok
15:48:21.0344 3628	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:48:21.0437 3628	iphlpsvc - ok
15:48:21.0468 3628	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:48:21.0500 3628	IPMIDRV - ok
15:48:21.0515 3628	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:48:21.0562 3628	IPNAT - ok
15:48:21.0624 3628	iPod Service    (24595ec9236d7e421661a2d4ffbd901a) C:\Program Files\iPod\bin\iPodService.exe
15:48:21.0656 3628	iPod Service - ok
15:48:21.0671 3628	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:48:21.0702 3628	IRENUM - ok
15:48:21.0718 3628	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:48:21.0734 3628	isapnp - ok
15:48:21.0780 3628	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:48:21.0796 3628	iScsiPrt - ok
15:48:21.0827 3628	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:48:21.0843 3628	kbdclass - ok
15:48:21.0858 3628	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:48:21.0905 3628	kbdhid - ok
15:48:21.0936 3628	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:48:21.0968 3628	KeyIso - ok
15:48:21.0983 3628	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:48:21.0999 3628	KSecDD - ok
15:48:22.0030 3628	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:48:22.0046 3628	KSecPkg - ok
15:48:22.0061 3628	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:48:22.0108 3628	ksthunk - ok
15:48:22.0155 3628	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:48:22.0248 3628	KtmRm - ok
15:48:22.0280 3628	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:48:22.0311 3628	LanmanServer - ok
15:48:22.0358 3628	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:48:22.0420 3628	LanmanWorkstation - ok
15:48:22.0451 3628	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:48:22.0498 3628	lltdio - ok
15:48:22.0545 3628	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:48:22.0607 3628	lltdsvc - ok
15:48:22.0638 3628	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:48:22.0670 3628	lmhosts - ok
15:48:22.0685 3628	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:48:22.0701 3628	LSI_FC - ok
15:48:22.0716 3628	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:48:22.0732 3628	LSI_SAS - ok
15:48:22.0748 3628	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:48:22.0763 3628	LSI_SAS2 - ok
15:48:22.0763 3628	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:48:22.0779 3628	LSI_SCSI - ok
15:48:22.0794 3628	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:48:22.0841 3628	luafv - ok
15:48:22.0888 3628	massfilter      (23488767cb18fc3ff39e3af1db3fb02c) C:\Windows\system32\drivers\massfilter.sys
15:48:22.0919 3628	massfilter - ok
15:48:22.0950 3628	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:48:22.0982 3628	Mcx2Svc - ok
15:48:23.0106 3628	MDM             (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
15:48:23.0122 3628	MDM - ok
15:48:23.0153 3628	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:48:23.0169 3628	megasas - ok
15:48:23.0184 3628	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:48:23.0200 3628	MegaSR - ok
15:48:23.0216 3628	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:48:23.0262 3628	MMCSS - ok
15:48:23.0262 3628	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:48:23.0309 3628	Modem - ok
15:48:23.0309 3628	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:48:23.0340 3628	monitor - ok
15:48:23.0372 3628	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:48:23.0387 3628	mouclass - ok
15:48:23.0418 3628	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:48:23.0450 3628	mouhid - ok
15:48:23.0496 3628	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:48:23.0512 3628	mountmgr - ok
15:48:23.0559 3628	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:48:23.0574 3628	mpio - ok
15:48:23.0606 3628	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:48:23.0637 3628	mpsdrv - ok
15:48:23.0730 3628	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:48:23.0808 3628	MpsSvc - ok
15:48:23.0855 3628	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:48:23.0902 3628	MRxDAV - ok
15:48:23.0933 3628	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:48:23.0964 3628	mrxsmb - ok
15:48:23.0996 3628	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:48:24.0058 3628	mrxsmb10 - ok
15:48:24.0074 3628	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:48:24.0089 3628	mrxsmb20 - ok
15:48:24.0152 3628	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:48:24.0167 3628	msahci - ok
15:48:24.0214 3628	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:48:24.0245 3628	msdsm - ok
15:48:24.0261 3628	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:48:24.0292 3628	MSDTC - ok
15:48:24.0308 3628	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:48:24.0354 3628	Msfs - ok
15:48:24.0370 3628	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:48:24.0401 3628	mshidkmdf - ok
15:48:24.0417 3628	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:48:24.0417 3628	msisadrv - ok
15:48:24.0448 3628	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:48:24.0479 3628	MSiSCSI - ok
15:48:24.0479 3628	msiserver - ok
15:48:24.0495 3628	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:48:24.0526 3628	MSKSSRV - ok
15:48:24.0542 3628	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:48:24.0573 3628	MSPCLOCK - ok
15:48:24.0588 3628	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:48:24.0620 3628	MSPQM - ok
15:48:24.0666 3628	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:48:24.0698 3628	MsRPC - ok
15:48:24.0729 3628	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:48:24.0744 3628	mssmbios - ok
15:48:24.0744 3628	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:48:24.0807 3628	MSTEE - ok
15:48:24.0822 3628	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:48:24.0822 3628	MTConfig - ok
15:48:24.0869 3628	MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
15:48:24.0885 3628	MTsensor - ok
15:48:24.0900 3628	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:48:24.0932 3628	Mup - ok
15:48:24.0994 3628	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:48:25.0072 3628	napagent - ok
15:48:25.0119 3628	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:48:25.0181 3628	NativeWifiP - ok
15:48:25.0259 3628	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:48:25.0306 3628	NDIS - ok
15:48:25.0322 3628	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:48:25.0353 3628	NdisCap - ok
15:48:25.0368 3628	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:48:25.0400 3628	NdisTapi - ok
15:48:25.0415 3628	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:48:25.0462 3628	Ndisuio - ok
15:48:25.0509 3628	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:48:25.0556 3628	NdisWan - ok
15:48:25.0587 3628	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:48:25.0634 3628	NDProxy - ok
15:48:25.0665 3628	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:48:25.0696 3628	NetBIOS - ok
15:48:25.0743 3628	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:48:25.0774 3628	NetBT - ok
15:48:25.0790 3628	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:48:25.0805 3628	Netlogon - ok
15:48:25.0852 3628	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:48:25.0946 3628	Netman - ok
15:48:25.0977 3628	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:48:26.0024 3628	netprofm - ok
15:48:26.0086 3628	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:48:26.0102 3628	NetTcpPortSharing - ok
15:48:26.0133 3628	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:48:26.0148 3628	nfrd960 - ok
15:48:26.0195 3628	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:48:26.0289 3628	NlaSvc - ok
15:48:26.0414 3628	NMIndexingService (eba1b4bf2e2375abdadedb649f283541) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
15:48:26.0445 3628	NMIndexingService - ok
15:48:26.0476 3628	nmwcdcx64 - ok
15:48:26.0492 3628	nmwcdx64 - ok
15:48:26.0507 3628	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:48:26.0554 3628	Npfs - ok
15:48:26.0570 3628	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:48:26.0601 3628	nsi - ok
15:48:26.0616 3628	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:48:26.0663 3628	nsiproxy - ok
15:48:26.0788 3628	Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
15:48:26.0835 3628	Ntfs - ok
15:48:26.0913 3628	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:48:26.0960 3628	Null - ok
15:48:27.0006 3628	nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
15:48:27.0022 3628	nvraid - ok
15:48:27.0053 3628	nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
15:48:27.0069 3628	nvstor - ok
15:48:27.0116 3628	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:48:27.0147 3628	nv_agp - ok
15:48:27.0162 3628	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:48:27.0194 3628	ohci1394 - ok
15:48:27.0240 3628	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:48:27.0287 3628	p2pimsvc - ok
15:48:27.0334 3628	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:48:27.0365 3628	p2psvc - ok
15:48:27.0396 3628	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:48:27.0412 3628	Parport - ok
15:48:27.0443 3628	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:48:27.0459 3628	partmgr - ok
15:48:27.0521 3628	pbfilter        (55223eefabfdb84a926515febab50d9a) C:\Program Files\PeerBlock\pbfilter.sys
15:48:27.0552 3628	pbfilter - ok
15:48:27.0584 3628	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:48:27.0615 3628	PcaSvc - ok
15:48:27.0662 3628	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:48:27.0677 3628	pccsmcfd - ok
15:48:27.0708 3628	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:48:27.0740 3628	pci - ok
15:48:27.0755 3628	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:48:27.0755 3628	pciide - ok
15:48:27.0786 3628	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:48:27.0802 3628	pcmcia - ok
15:48:27.0818 3628	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:48:27.0833 3628	pcw - ok
15:48:27.0880 3628	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:48:27.0958 3628	PEAUTH - ok
15:48:28.0036 3628	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:48:28.0067 3628	PerfHost - ok
15:48:28.0192 3628	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:48:28.0286 3628	pla - ok
15:48:28.0364 3628	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:48:28.0395 3628	PlugPlay - ok
15:48:28.0410 3628	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:48:28.0442 3628	PNRPAutoReg - ok
15:48:28.0457 3628	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:48:28.0473 3628	PNRPsvc - ok
15:48:28.0520 3628	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:48:28.0613 3628	PolicyAgent - ok
15:48:28.0644 3628	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:48:28.0691 3628	Power - ok
15:48:28.0738 3628	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:48:28.0785 3628	PptpMiniport - ok
15:48:28.0800 3628	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:48:28.0816 3628	Processor - ok
15:48:28.0847 3628	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:48:28.0894 3628	ProfSvc - ok
15:48:28.0925 3628	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:48:28.0925 3628	ProtectedStorage - ok
15:48:28.0972 3628	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:48:29.0019 3628	Psched - ok
15:48:29.0144 3628	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:48:29.0190 3628	ql2300 - ok
15:48:29.0284 3628	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:48:29.0315 3628	ql40xx - ok
15:48:29.0331 3628	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:48:29.0362 3628	QWAVE - ok
15:48:29.0378 3628	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:48:29.0425 3628	QWAVEdrv - ok
15:48:29.0440 3628	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:48:29.0471 3628	RasAcd - ok
15:48:29.0487 3628	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:48:29.0518 3628	RasAgileVpn - ok
15:48:29.0534 3628	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:48:29.0565 3628	RasAuto - ok
15:48:29.0612 3628	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:48:29.0659 3628	Rasl2tp - ok
15:48:29.0705 3628	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:48:29.0783 3628	RasMan - ok
15:48:29.0799 3628	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:48:29.0830 3628	RasPppoe - ok
15:48:29.0830 3628	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:48:29.0861 3628	RasSstp - ok
15:48:29.0877 3628	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:48:29.0908 3628	rdbss - ok
15:48:29.0908 3628	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:48:29.0924 3628	rdpbus - ok
15:48:29.0939 3628	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:48:29.0971 3628	RDPCDD - ok
15:48:29.0971 3628	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:48:30.0002 3628	RDPENCDD - ok
15:48:30.0017 3628	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:48:30.0033 3628	RDPREFMP - ok
15:48:30.0080 3628	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:48:30.0111 3628	RDPWD - ok
15:48:30.0158 3628	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:48:30.0173 3628	rdyboost - ok
15:48:30.0205 3628	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:48:30.0267 3628	RemoteAccess - ok
15:48:30.0298 3628	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:48:30.0329 3628	RemoteRegistry - ok
15:48:30.0345 3628	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:48:30.0407 3628	RpcEptMapper - ok
15:48:30.0423 3628	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:48:30.0454 3628	RpcLocator - ok
15:48:30.0501 3628	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:48:30.0548 3628	RpcSs - ok
15:48:30.0563 3628	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:48:30.0595 3628	rspndr - ok
15:48:30.0641 3628	RT2500          (31db11c9b2ed9abaac8d07fd591820b4) C:\Windows\system32\DRIVERS\RT2500.sys
15:48:30.0657 3628	RT2500 - ok
15:48:30.0688 3628	RTL8167         (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:48:30.0719 3628	RTL8167 - ok
15:48:30.0735 3628	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:48:30.0751 3628	SamSs - ok
15:48:30.0797 3628	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:48:30.0829 3628	sbp2port - ok
15:48:30.0860 3628	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:48:30.0953 3628	SCardSvr - ok
15:48:30.0985 3628	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:48:31.0031 3628	scfilter - ok
15:48:31.0125 3628	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:48:31.0187 3628	Schedule - ok
15:48:31.0219 3628	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:48:31.0250 3628	SCPolicySvc - ok
15:48:31.0281 3628	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:48:31.0312 3628	SDRSVC - ok
15:48:31.0343 3628	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:48:31.0390 3628	secdrv - ok
15:48:31.0406 3628	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:48:31.0468 3628	seclogon - ok
15:48:31.0499 3628	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:48:31.0531 3628	SENS - ok
15:48:31.0546 3628	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:48:31.0546 3628	SensrSvc - ok
15:48:31.0562 3628	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:48:31.0577 3628	Serenum - ok
15:48:31.0609 3628	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:48:31.0640 3628	Serial - ok
15:48:31.0687 3628	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:48:31.0702 3628	sermouse - ok
15:48:31.0827 3628	ServiceLayer    (2d841b7b7f6dec32162edfcc69d61f42) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:48:31.0858 3628	ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
15:48:31.0858 3628	ServiceLayer - detected UnsignedFile.Multi.Generic (1)
15:48:31.0889 3628	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:48:31.0921 3628	SessionEnv - ok
15:48:31.0952 3628	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:48:31.0999 3628	sffdisk - ok
15:48:32.0014 3628	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:48:32.0045 3628	sffp_mmc - ok
15:48:32.0061 3628	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:48:32.0092 3628	sffp_sd - ok
15:48:32.0092 3628	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:48:32.0108 3628	sfloppy - ok
15:48:32.0155 3628	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:48:32.0201 3628	SharedAccess - ok
15:48:32.0248 3628	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:48:32.0326 3628	ShellHWDetection - ok
15:48:32.0326 3628	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:48:32.0342 3628	SiSRaid2 - ok
15:48:32.0357 3628	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:48:32.0373 3628	SiSRaid4 - ok
15:48:32.0389 3628	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:48:32.0420 3628	Smb - ok
15:48:32.0435 3628	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:48:32.0451 3628	SNMPTRAP - ok
15:48:32.0467 3628	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:48:32.0467 3628	spldr - ok
15:48:32.0529 3628	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:48:32.0576 3628	Spooler - ok
15:48:32.0950 3628	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:48:33.0091 3628	sppsvc - ok
15:48:33.0169 3628	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:48:33.0231 3628	sppuinotify - ok
15:48:33.0309 3628	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:48:33.0325 3628	srv - ok
15:48:33.0387 3628	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:48:33.0434 3628	srv2 - ok
15:48:33.0465 3628	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:48:33.0496 3628	srvnet - ok
15:48:33.0527 3628	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:48:33.0574 3628	SSDPSRV - ok
15:48:33.0590 3628	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:48:33.0621 3628	SstpSvc - ok
15:48:33.0637 3628	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:48:33.0652 3628	stexstor - ok
15:48:33.0730 3628	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:48:33.0793 3628	stisvc - ok
15:48:33.0824 3628	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:48:33.0855 3628	swenum - ok
15:48:33.0886 3628	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:48:33.0949 3628	swprv - ok
15:48:34.0089 3628	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:48:34.0151 3628	SysMain - ok
15:48:34.0229 3628	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:48:34.0261 3628	TabletInputService - ok
15:48:34.0323 3628	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:48:34.0401 3628	TapiSrv - ok
15:48:34.0417 3628	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:48:34.0448 3628	TBS - ok
15:48:34.0541 3628	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:48:34.0588 3628	Tcpip - ok
15:48:34.0760 3628	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:48:34.0807 3628	TCPIP6 - ok
15:48:34.0869 3628	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:48:34.0947 3628	tcpipreg - ok
15:48:34.0963 3628	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:48:34.0978 3628	TDPIPE - ok
15:48:35.0009 3628	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:48:35.0025 3628	TDTCP - ok
15:48:35.0056 3628	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:48:35.0103 3628	tdx - ok
15:48:35.0119 3628	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:48:35.0134 3628	TermDD - ok
15:48:35.0181 3628	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:48:35.0243 3628	TermService - ok
15:48:35.0259 3628	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:48:35.0275 3628	Themes - ok
15:48:35.0306 3628	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:48:35.0337 3628	THREADORDER - ok
15:48:35.0353 3628	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:48:35.0399 3628	TrkWks - ok
15:48:35.0446 3628	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:48:35.0509 3628	TrustedInstaller - ok
15:48:35.0540 3628	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:48:35.0571 3628	tssecsrv - ok
15:48:35.0587 3628	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:48:35.0618 3628	TsUsbFlt - ok
15:48:35.0665 3628	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:48:35.0727 3628	tunnel - ok
15:48:35.0727 3628	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:48:35.0743 3628	uagp35 - ok
15:48:35.0789 3628	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:48:35.0867 3628	udfs - ok
15:48:35.0992 3628	UI Assistant Service (0ca9e659b7053d398052776ac936b167) C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe
15:48:36.0008 3628	UI Assistant Service ( UnsignedFile.Multi.Generic ) - warning
15:48:36.0008 3628	UI Assistant Service - detected UnsignedFile.Multi.Generic (1)
15:48:36.0039 3628	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:48:36.0055 3628	UI0Detect - ok
15:48:36.0101 3628	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:48:36.0117 3628	uliagpkx - ok
15:48:36.0164 3628	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:48:36.0179 3628	umbus - ok
15:48:36.0211 3628	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:48:36.0242 3628	UmPass - ok
15:48:36.0320 3628	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:48:36.0382 3628	upnphost - ok
15:48:36.0382 3628	upperdev - ok
15:48:36.0429 3628	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:48:36.0460 3628	usbaudio - ok
15:48:36.0491 3628	usbccgp         (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
15:48:36.0523 3628	usbccgp - ok
15:48:36.0554 3628	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:48:36.0569 3628	usbcir - ok
15:48:36.0601 3628	usbehci         (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
15:48:36.0632 3628	usbehci - ok
15:48:36.0663 3628	usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
15:48:36.0710 3628	usbhub - ok
15:48:36.0725 3628	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
15:48:36.0757 3628	usbohci - ok
15:48:36.0772 3628	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:48:36.0803 3628	usbprint - ok
15:48:36.0819 3628	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:48:36.0850 3628	usbscan - ok
15:48:36.0881 3628	usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
15:48:36.0897 3628	usbser - ok
15:48:36.0897 3628	UsbserFilt - ok
15:48:36.0913 3628	USBSTOR         (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:48:36.0928 3628	USBSTOR - ok
15:48:36.0944 3628	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:48:36.0959 3628	usbuhci - ok
15:48:36.0991 3628	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:48:37.0022 3628	UxSms - ok
15:48:37.0037 3628	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:48:37.0053 3628	VaultSvc - ok
15:48:37.0069 3628	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:48:37.0084 3628	vdrvroot - ok
15:48:37.0147 3628	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:48:37.0209 3628	vds - ok
15:48:37.0225 3628	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:48:37.0240 3628	vga - ok
15:48:37.0256 3628	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:48:37.0287 3628	VgaSave - ok
15:48:37.0318 3628	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:48:37.0334 3628	vhdmp - ok
15:48:37.0443 3628	VIAHdAudAddService (574b29f436c4c63d37020c6e570a7528) C:\Windows\system32\drivers\viahduaa.sys
15:48:37.0505 3628	VIAHdAudAddService - ok
15:48:37.0521 3628	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:48:37.0537 3628	viaide - ok
15:48:37.0552 3628	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:48:37.0568 3628	volmgr - ok
15:48:37.0615 3628	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:48:37.0646 3628	volmgrx - ok
15:48:37.0677 3628	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:48:37.0693 3628	volsnap - ok
15:48:37.0724 3628	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:48:37.0755 3628	vsmraid - ok
15:48:37.0911 3628	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:48:37.0989 3628	VSS - ok
15:48:38.0083 3628	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:48:38.0114 3628	vwifibus - ok
15:48:38.0145 3628	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:48:38.0192 3628	W32Time - ok
15:48:38.0207 3628	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:48:38.0239 3628	WacomPen - ok
15:48:38.0270 3628	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:48:38.0332 3628	WANARP - ok
15:48:38.0348 3628	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:48:38.0363 3628	Wanarpv6 - ok
15:48:38.0488 3628	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:48:38.0551 3628	wbengine - ok
15:48:38.0613 3628	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:48:38.0629 3628	WbioSrvc - ok
15:48:38.0691 3628	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:48:38.0722 3628	wcncsvc - ok
15:48:38.0738 3628	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:48:38.0753 3628	WcsPlugInService - ok
15:48:38.0769 3628	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:48:38.0785 3628	Wd - ok
15:48:38.0831 3628	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:48:38.0863 3628	Wdf01000 - ok
15:48:38.0878 3628	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:48:38.0909 3628	WdiServiceHost - ok
15:48:38.0909 3628	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:48:38.0941 3628	WdiSystemHost - ok
15:48:38.0987 3628	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:48:39.0034 3628	WebClient - ok
15:48:39.0065 3628	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:48:39.0112 3628	Wecsvc - ok
15:48:39.0128 3628	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:48:39.0175 3628	wercplsupport - ok
15:48:39.0206 3628	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:48:39.0237 3628	WerSvc - ok
15:48:39.0253 3628	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:48:39.0284 3628	WfpLwf - ok
15:48:39.0284 3628	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:48:39.0299 3628	WIMMount - ok
15:48:39.0315 3628	WinDefend - ok
15:48:39.0315 3628	WinHttpAutoProxySvc - ok
15:48:39.0377 3628	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:48:39.0409 3628	Winmgmt - ok
15:48:39.0565 3628	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:48:39.0643 3628	WinRM - ok
15:48:39.0721 3628	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:48:39.0767 3628	WinUsb - ok
15:48:39.0830 3628	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:48:39.0892 3628	Wlansvc - ok
15:48:39.0923 3628	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:48:39.0939 3628	WmiAcpi - ok
15:48:39.0970 3628	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:48:40.0001 3628	wmiApSrv - ok
15:48:40.0017 3628	WMPNetworkSvc - ok
15:48:40.0017 3628	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:48:40.0033 3628	WPCSvc - ok
15:48:40.0048 3628	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:48:40.0095 3628	WPDBusEnum - ok
15:48:40.0095 3628	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:48:40.0142 3628	ws2ifsl - ok
15:48:40.0157 3628	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:48:40.0189 3628	wscsvc - ok
15:48:40.0189 3628	WSearch - ok
15:48:40.0360 3628	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:48:40.0485 3628	wuauserv - ok
15:48:40.0563 3628	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:48:40.0610 3628	WudfPf - ok
15:48:40.0657 3628	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:48:40.0719 3628	WUDFRd - ok
15:48:40.0750 3628	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:48:40.0781 3628	wudfsvc - ok
15:48:40.0797 3628	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:48:40.0828 3628	WwanSvc - ok
15:48:40.0891 3628	ZTEusbmdm6k     (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
15:48:40.0906 3628	ZTEusbmdm6k - ok
15:48:40.0937 3628	ZTEusbnmea      (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
15:48:40.0953 3628	ZTEusbnmea - ok
15:48:40.0984 3628	ZTEusbser6k     (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
15:48:40.0984 3628	ZTEusbser6k - ok
15:48:41.0015 3628	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:48:41.0156 3628	\Device\Harddisk0\DR0 - ok
15:48:41.0156 3628	Boot (0x1200)   (ee8831cc6c9ba5094819f5c78139fc01) \Device\Harddisk0\DR0\Partition0
15:48:41.0156 3628	\Device\Harddisk0\DR0\Partition0 - ok
15:48:41.0187 3628	Boot (0x1200)   (11bac79c93f4ab3d64a16e7d0a03f4e4) \Device\Harddisk0\DR0\Partition1
15:48:41.0187 3628	\Device\Harddisk0\DR0\Partition1 - ok
15:48:41.0187 3628	============================================================
15:48:41.0187 3628	Scan finished
15:48:41.0187 3628	============================================================
15:48:41.0203 3220	Detected object count: 3
15:48:41.0203 3220	Actual detected object count: 3
15:49:51.0357 3220	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:51.0357 3220	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:49:51.0357 3220	ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:51.0357 3220	ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:49:51.0372 3220	UI Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:49:51.0372 3220	UI Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 27.04.2012, 18:29

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

M.D. · 29.04.2012, 07:05

Guten Morgen

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

Genau die Meldung kam auch, aber jetzt nach einem Neustart funktioniert es wieder.

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-04-28.01 - xxxxxx29.04.2012   7:39.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4087.2491 [GMT 2:00]
ausgeführt von:: c:\users\xxxxx\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\weave\toFetch
c:\users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\weave\toFetch\bookmarks.json
c:\users\xxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\weave\toFetch\clients.json
c:\users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\weave\toFetch\forms.json
c:\users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\weave\toFetch\history.json
c:\users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\weave\toFetch\passwords.json
c:\users\xxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\weave\toFetch\prefs.json
c:\users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\weave\toFetch\tabs.json
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\bdaplgin.ax
c:\windows\SysWow64\cero.rs
c:\windows\SysWow64\csrr.rs
c:\windows\SysWow64\esrb.rs
c:\windows\SysWow64\g711codc.ax
c:\windows\SysWow64\grb.rs
c:\windows\SysWow64\iac25_32.ax
c:\windows\SysWow64\ir41_32.ax
c:\windows\SysWow64\ivfsrc.ax
c:\windows\SysWow64\ksproxy.ax
c:\windows\SysWow64\kstvtune.ax
c:\windows\SysWow64\Kswdmcap.ax
c:\windows\SysWow64\ksxbar.ax
c:\windows\SysWow64\Mpeg2Data.ax
c:\windows\SysWow64\mpg2splt.ax
c:\windows\SysWow64\MSDvbNP.ax
c:\windows\SysWow64\MSNP.ax
c:\windows\SysWow64\oflc.rs
c:\windows\SysWow64\pegi-fi.rs
c:\windows\SysWow64\pegi-pt.rs
c:\windows\SysWow64\pegi.rs
c:\windows\SysWow64\pegibbfc.rs
c:\windows\SysWow64\psisrndr.ax
c:\windows\SysWow64\usk.rs
c:\windows\SysWow64\VBICodec.ax
c:\windows\SysWow64\vbisurf.ax
c:\windows\SysWow64\vidcap.ax
c:\windows\SysWow64\WEB.rs
c:\windows\SysWow64\WSTPager.ax
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-28 bis 2012-04-29  ))))))))))))))))))))))))))))))
.
.
2012-04-28 05:11 . 2012-04-13 08:46	8917360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{918292AB-723C-45E7-ADDD-A701D26B376B}\mpengine.dll
2012-04-28 05:10 . 2012-04-28 05:10	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-04-28 05:10 . 2012-04-28 05:10	157352	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-28 05:10 . 2012-04-28 05:10	129976	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-27 12:24 . 2012-04-27 12:24	--------	d-----w-	C:\_OTL
2012-04-22 08:52 . 2012-04-22 08:52	--------	d-----w-	c:\program files (x86)\ESET
2012-04-11 04:24 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-11 04:24 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-11 04:24 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-04-11 04:24 . 2012-03-01 06:38	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-04-11 04:24 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-11 04:24 . 2012-03-01 05:37	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-04-11 04:24 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-04-07 09:46 . 2012-04-07 09:49	--------	d-----w-	c:\users\xxxxxx\AppData\Local\Ubisoft Game Launcher
2012-04-07 09:46 . 2012-04-07 09:46	--------	d-----w-	c:\programdata\Solidshield
2012-04-07 08:49 . 2012-04-07 08:49	--------	d-----w-	c:\users\xxxxx\AppData\Roaming\Ubisoft
2012-04-07 08:48 . 2012-04-07 08:48	--------	d-----w-	c:\program files (x86)\Ubisoft
2012-04-04 05:53 . 2012-04-04 05:53	182160	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53	182160	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-03 18:08 . 2012-04-18 03:58	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 03:58 . 2011-05-28 04:52	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 13:56 . 2010-07-14 10:32	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15 . 2012-02-25 06:00	41184	----a-w-	c:\windows\avastSS.scr
2012-03-06 23:15 . 2012-02-25 06:00	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-03-06 23:15 . 2011-03-05 11:40	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-03-06 23:04 . 2012-02-25 06:00	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:04 . 2012-02-25 06:00	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-02-25 06:00	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2012-02-25 06:00	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2012-02-25 06:00	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2012-02-25 06:00	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-03-02 14:17 . 2012-03-02 14:17	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2012-03-02 14:17 . 2012-03-02 14:17	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-03-02 14:17 . 2012-03-02 14:17	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2012-03-02 14:17 . 2012-03-02 14:17	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-02-23 08:18 . 2010-03-17 07:28	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 05:16	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 05:16	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 05:16	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 05:16	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 05:18	1544192	----a-w-	c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 05:18	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 05:18	3145728	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2009-09-28 2101848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-08-28 2252800]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-08-11 380416]
"UIExec"="c:\program files (x86)\Mobile Partner Manager\UIExec.exe" [2010-01-13 133120]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 253088]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\spiele\Dragonage\Origins\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-28 129976]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Mobile Partner Manager\AssistantServices.exe [2010-01-13 247296]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 03:58]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 05:06]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-29 05:06]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 83.169.185.161 83.169.185.225
FF - ProfilePath - c:\users\xxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\ecy3sklo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-SearchSettings - c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
AddRemove-SU_DE_EN_4.10 - c:\windows\ISUN0407.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2504710067-1709549152-2115112438-1000\Software\SecuROM\License information*]
"datasecu"=hex:c7,d7,b4,d8,dc,db,8d,0e,f1,94,f5,36,f1,10,0c,d7,24,60,dc,41,ce,
   37,3d,3e,24,c8,14,44,68,bb,c8,4c,c2,b4,fc,4e,15,f2,46,55,ec,7d,d3,60,2a,ff,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-29  07:49:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-04-29 05:49
.
Vor Suchlauf: 14 Verzeichnis(se), 828.955.648.000 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 828.796.772.352 Bytes frei
.
- - End Of File - - 658AD14100E519BD10DDCC313090FD4C

--- --- ---

Edit: Der Ton funktioniert nicht mehr.

23.04.2012, 21:16	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virenprogramm konnte einige Datein nicht öffnen Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ --> Virenprogramm konnte einige Datein nicht öffnen

Virenprogramm konnte einige Datein nicht öffnen

Log-Analyse und Auswertung: Virenprogramm konnte einige Datein nicht öffnen