Windows Notfall Sicherheits- Update Center // Verschlüsselungstrojaner

Bennsen · 03.06.2012, 21:39

Hallo zusammen,

habe mir leider den Verschlüsselungstrojaner eingefangen.

Den Scan mit Malwarebytes Anti-Malware habe ich bereits durchgeführt. Leider ohne Befund:

Zitat:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.03.06

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Benni :: *** [Administrator]

Schutz: Deaktiviert

03.06.2012 21:40:45
mbam-log-2012-06-03 (21-40-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 363572
Laufzeit: 36 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Wie geht's nun weiter?

Edit: Haben nun noch die OTL.txt sowie die Extra.txt nachgereicht.

cosinus · 05.06.2012, 20:48

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Allgemeine Hinweise bzgl. des Verschlüsselungstrojaners:
Wann genau deine Daten entschlüsselt werden können wird dir niemand genau sagen können außer vllt einer

es kann sein, dass du eine neuere Variante hast, deren Verschlüsselungsalgorithmus noch unbekannt ist. Sowas kann man (noch) nicht entschlüsseln und ohne Schlüssel schon garnicht - ist ja auch logisch, sonst wär es ja keine vernünftige Verschlüsselung
Einfach hier nochmal reinsehen in regelmäßigen Abständen, obige Hinweise beachten. 8 Tools mitsamt hunderten Diskussionsbeiträgen stehen da schon

Entschlüsselungsversuche der verschlüsselten Dateien sind nur auf zusätzliche Kopien der verschlüsselten Dateien anzuwenden, sonst zerhackt man sich die noch weiter ohne die "original" verschlüsselte Datei mehr zu haben. Das willst du sicher nicht!

Und in Zukunft willst du sicher mal an ein besseres Backupkonzept denken. Hier ein Denkanstoß => http://www.trojaner-board.de/115678-...r-backups.html

Bennsen · 06.06.2012, 17:26

Hallo cosinus, danke für dein Feedback.

Mittlerweile habe ich Montag, Dienstag und Mittwoch im abgesicherten Modus neue Scans durchgeführt. Der Scan vom Montag förderte infizierte Daten ans Tageslicht. Die anderen beiden nicht. War wohl bis dato "nur" nicht bekannt.

Habe die Scans unten angehängt.

Den möglichen Verursacher habe ich noch auf dem E-Mail-Server bei web.de. So wie ich lesen konnte, mögt ihr diese auch gerne haben. Wie gehe ich bei web.de vor, wenn ich diesen euch zukommen lassen möchte?

Zitat:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.04.07

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Benni :: *** [Administrator]

Schutz: Deaktiviert

04.06.2012 21:22:27
mbam-log-2012-06-04 (21-22-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 363554
Laufzeit: 32 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ECC6A129 (Trojan.Agent) -> Daten: C:\Users\***\AppData\Roaming\Vvrvggurgv\A7ABADBBECC6A1295BC3.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\***\AppData\Roaming\Vvrvggurgv\A7ABADBBECC6A1295BC3.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Zitat:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.05.05

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Benni :: *** [Administrator]

Schutz: Deaktiviert

05.06.2012 18:54:11
mbam-log-2012-06-05 (18-54-11).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 363798
Laufzeit: 36 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Zitat:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.06.04

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Benni :: *** [Administrator]

Schutz: Deaktiviert

06.06.2012 17:30:58
mbam-log-2012-06-06 (17-30-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 363925
Laufzeit: 37 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 07.06.2012, 11:15

Verdächtige Mails mit Anhang bitte an uns zur Analyse weiterleiten!
markusg - trojaner-board.de

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bennsen · 07.06.2012, 22:27

Mails mit verdächtigen Daten sind raus.

Check mit ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=41ef56b324ca39499c971bdb4635804c
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-07 09:24:20
# local_time=2012-06-07 11:24:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1792 16777215 100 0 20473633 20473633 0 0
# compatibility_mode=5893 16776573 100 94 77750 90731203 0 0
# compatibility_mode=8192 67108863 100 0 136 136 0 0
# scanned=154830
# found=0
# cleaned=0
# scan_time=2907

cosinus · 07.06.2012, 22:29

Ok, danke!

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? (abgesehen von der Verschlüsselung)
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Bennsen · 07.06.2012, 23:32

Zitat:

Zitat von cosinus

Ok, danke!

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? (abgesehen von der Verschlüsselung)

Jap läuft wieder.

Zitat:

2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Im Startmenu auch alles normal, überall was drin und fehlende Daten sind mir bisher nicht aufgefallen.

cosinus · 08.06.2012, 09:18

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Bennsen · 08.06.2012, 12:16

und bitte sehr

Code:

ATTFilter

OTL logfile created on: 6/8/2012 12:52:54 PM - Run 3
OTL by OldTimer - Version 3.2.46.0     Folder = C:\Users\Benni\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.80 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 57.05% Memory free
7.59 Gb Paging File | 5.29 Gb Available in Paging File | 69.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.79 Gb Total Space | 199.75 Gb Free Space | 71.14% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.39 Gb Free Space | 70.00% Space Free | Partition Type: FAT32
 
Computer Name: *** | User Name: Benni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/06/03 22:43:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
PRC - [2012/05/08 19:43:52 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/08 19:43:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 19:43:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/11 20:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/07/06 18:20:10 | 001,698,360 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011/07/01 09:51:49 | 003,520,000 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files (x86)\Hardcopy\hardcopy.exe
PRC - [2011/04/22 14:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/03/18 09:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
PRC - [2011/03/16 12:26:42 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2011/03/16 12:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2010/10/19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
PRC - [2010/07/16 15:54:06 | 000,634,192 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2010/06/14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
PRC - [2010/05/08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010/05/08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/05/06 02:30:26 | 011,268,096 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2010/05/06 02:30:06 | 000,298,496 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2010/03/04 01:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/04 01:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/02/02 02:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2010/02/02 02:05:52 | 000,704,512 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
PRC - [2010/01/08 23:56:26 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2010/01/08 23:55:54 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/12/29 23:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2008/10/02 11:24:58 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\USBKVM Switcher\USBKVM.exe
PRC - [2008/04/25 13:25:42 | 005,147,136 | ---- | M] () -- C:\Program Files (x86)\teXXas\teXXas.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/10/07 16:56:22 | 000,323,584 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2011/07/01 09:49:14 | 002,920,960 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDllS.dll
MOD - [2011/03/18 09:11:51 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe
MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/09/30 10:14:19 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy_03.dll
MOD - [2010/04/21 11:00:35 | 000,058,368 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDLL2_30_Win32.dll
MOD - [2008/10/02 11:24:58 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\USBKVM Switcher\USBKVM.exe
MOD - [2008/04/25 13:25:42 | 005,147,136 | ---- | M] () -- C:\Program Files (x86)\teXXas\teXXas.exe
MOD - [2007/07/17 17:26:18 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\USBKVM Switcher\kEYHOOK.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/11/06 14:02:30 | 000,271,360 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2011/11/06 14:02:29 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/10/24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV:64bit: - [2011/09/12 18:08:46 | 000,142,904 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2011/05/13 14:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/07/21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/07/16 15:54:06 | 000,462,160 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2010/06/14 13:39:06 | 000,090,112 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe -- (HPDayStarterService)
SRV:64bit: - [2010/02/18 23:52:30 | 002,045,232 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2010/02/02 02:09:48 | 000,281,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV:64bit: - [2010/02/02 02:05:52 | 000,704,512 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe -- (DEBridge)
SRV:64bit: - [2010/01/21 19:42:44 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/12/29 23:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/14 03:41:21 | 000,084,480 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/04 01:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2012/05/08 19:43:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 19:43:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/04/25 18:21:59 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/08/11 20:29:24 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/07/06 18:20:10 | 001,698,360 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011/04/22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/03/16 12:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010/10/19 13:26:46 | 000,032,768 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2010/05/08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010/05/06 02:30:06 | 000,298,496 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 01:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/04 01:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/02/18 23:26:46 | 001,664,304 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010/01/08 23:55:54 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009/12/07 20:36:10 | 000,362,040 | ---- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2009/11/23 20:08:10 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/07/14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/05/08 19:43:52 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 19:43:52 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/06 14:02:31 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/10/11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/03 18:04:26 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/13 14:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 14:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/04/18 21:37:44 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2011/04/18 21:37:44 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2011/04/18 21:37:44 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2011/04/18 21:37:44 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2011/04/18 20:52:36 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/09/16 17:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6)
DRV:64bit: - [2010/09/12 22:31:45 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/04/21 21:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/09 15:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010/04/07 17:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/03/25 10:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/03/20 11:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/16 21:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/02/03 16:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/02/02 02:11:36 | 000,015,688 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\SbFsLock.sys -- (SbFsLock)
DRV:64bit: - [2010/02/02 02:11:34 | 000,058,184 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\RsvLock.sys -- (RsvLock)
DRV:64bit: - [2010/02/02 02:11:32 | 000,056,648 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SafeBoot.sys -- (SafeBoot)
DRV:64bit: - [2010/02/01 21:12:14 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/01/30 07:46:04 | 000,089,344 | ---- | M] (Realtek Semiconductor Corp.) [2 MP Fixed] [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2010/01/21 19:42:48 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2010/01/19 06:40:04 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/01/08 23:45:26 | 000,409,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/07 20:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/07 20:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/01/07 20:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/07 20:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/01/07 19:37:40 | 000,295,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009/12/11 23:32:06 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2009/12/01 19:55:31 | 000,359,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/10/29 02:54:00 | 000,079,360 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2009/10/26 23:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009/10/21 22:37:52 | 000,040,760 | ---- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2009/09/17 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 20:32:52 | 000,060,160 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/02/02 02:11:46 | 000,051,800 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SbAlg.sys -- (SbAlg)
DRV - [2010/02/02 02:11:28 | 000,013,256 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\windows\SysWow64\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010/02/02 02:11:24 | 000,040,088 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\windows\SysWow64\drivers\rsvlock.sys -- (RsvLock)
DRV - [2010/02/02 02:11:22 | 000,110,520 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysWow64\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}
IE:64bit: - HKLM\..\SearchScopes\{72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}
IE - HKLM\..\SearchScopes\{72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2950353771-3107622344-1812751157-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-2950353771-3107622344-1812751157-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-2950353771-3107622344-1812751157-1002\..\SearchScopes,DefaultScope = {72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}
IE - HKU\S-1-5-21-2950353771-3107622344-1812751157-1002\..\SearchScopes\{72EFFCD5-7C96-4B9A-A7D2-4C3C08E9FE8D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2950353771-3107622344-1812751157-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2011/12/04 14:43:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 18:21:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/10 20:56:38 | 000,000,000 | ---D | M]
 
[2011/12/30 15:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions
[2011/12/30 15:46:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012/05/03 19:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benni\AppData\Roaming\mozilla\Firefox\Profiles\u8az1igw.default\extensions
[2011/07/07 19:47:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/12/04 14:43:05 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAM FILES (X86)\HEWLETT-PACKARD\HP PROTECTTOOLS SECURITY MANAGER\BIN\FIREFOXEXT
[2012/04/25 18:21:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/06/30 20:30:14 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/02/01 21:25:45 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/02/01 21:25:45 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/01 21:25:45 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/01 21:25:45 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/01 21:25:45 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/01 21:25:45 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2950353771-3107622344-1812751157-1002..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-2950353771-3107622344-1812751157-1002..\Run: [teXXas] C:\Program Files (x86)\teXXas\teXXas.exe ()
O4 - HKU\S-1-5-21-2950353771-3107622344-1812751157-1002..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2670FBF0-D659-497C-99CB-9CA7DF5C372E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8C577670-A637-4B32-9E35-4D95C8501F26}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD741717-2B46-4C3E-B31B-C8A9CDDB3115}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D28C39D7-EF2C-4CA6-BB92-B5CD1BAE5CEE}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{26fb0b56-edcd-11e0-ba67-ac811257c045}\Shell - "" = AutoRun
O33 - MountPoints2\{26fb0b56-edcd-11e0-ba67-ac811257c045}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{26fb0b6c-edcd-11e0-ba67-ac811257c045}\Shell - "" = AutoRun
O33 - MountPoints2\{26fb0b6c-edcd-11e0-ba67-ac811257c045}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{717564dd-3fa8-11e1-b313-cc52af05ae12}\Shell - "" = AutoRun
O33 - MountPoints2\{717564dd-3fa8-11e1-b313-cc52af05ae12}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/07 22:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/07 22:32:34 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Benni\Desktop\esetsmartinstaller_enu.exe
[2012/06/06 22:28:58 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\Progs
[2012/06/06 22:26:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/06 22:26:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/06 22:26:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/06 22:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/06 22:20:28 | 000,000,000 | ---D | C] -- C:\Users\Benni\Desktop\Windows Beispielbilder
[2012/06/03 22:43:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2012/06/03 22:25:42 | 000,000,000 | ---D | C] -- C:\HP_RECOVERY_mountHPSF
[2012/06/03 21:38:26 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Malwarebytes
[2012/06/03 21:38:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/06/03 21:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/03 21:38:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/03 21:38:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/03 20:58:00 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Vvrvggurgv
[2012/05/25 19:11:36 | 000,000,000 | ---D | C] -- C:\Users\Benni\AppData\Roaming\Q-Dir
[2012/05/25 19:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Q-Dir
[2012/05/25 19:11:34 | 000,000,000 | ---D | C] -- C:\Users\Benni\Documents\Favorites_Q_Dir
[2012/05/25 19:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Q-Dir
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/08 12:26:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/08 12:11:38 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 12:11:38 | 000,020,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/08 12:08:45 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/08 12:08:45 | 000,656,294 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/06/08 12:08:45 | 000,616,800 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/08 12:08:45 | 000,130,894 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/06/08 12:08:45 | 000,107,180 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/08 12:04:01 | 4076,265,472 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/07 22:32:36 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Benni\Desktop\esetsmartinstaller_enu.exe
[2012/06/03 22:43:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Benni\Desktop\OTL.exe
[2012/06/03 22:43:49 | 000,050,477 | ---- | M] () -- C:\Users\Benni\Desktop\Defogger.exe
[2012/06/03 21:38:21 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/06/03 21:19:43 | 000,000,332 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForBenni.job
[2012/05/25 19:55:19 | 000,015,189 | ---- | M] () -- C:\windows\Q-Dir.ini
[2012/05/11 12:39:39 | 002,799,343 | ---- | M] () -- C:\Users\Benni\Desktop\Studienarbeit_Krutsch_Stand 10.05.2012.pdf
 
========== Files Created - No Company Name ==========
 
[2012/06/03 22:43:49 | 000,050,477 | ---- | C] () -- C:\Users\Benni\Desktop\Defogger.exe
[2012/06/03 21:38:21 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/25 19:11:25 | 000,015,189 | ---- | C] () -- C:\windows\Q-Dir.ini
[2011/10/07 16:56:22 | 000,323,584 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2011/05/19 09:50:58 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2011/05/19 09:50:58 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2010/09/12 22:42:11 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdffdid.sys
[2010/09/12 22:15:46 | 000,000,202 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini
[2010/07/16 15:54:06 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2010/07/16 15:54:06 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2010/07/16 15:54:06 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2010/07/15 17:01:46 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
 
========== LOP Check ==========
 
[2011/07/07 18:15:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DigitalPersona
[2011/07/13 22:14:33 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\EAC
[2012/03/15 00:03:52 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\IrfanView
[2012/05/25 19:55:19 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Q-Dir
[2011/12/30 15:46:15 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TomTom
[2012/06/04 21:56:37 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Vvrvggurgv
[2012/04/25 18:19:57 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/12/13 22:56:05 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\AccurateRip
[2011/09/17 13:59:29 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Adobe
[2011/10/14 23:29:20 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Avira
[2011/07/07 18:15:46 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\DigitalPersona
[2011/07/13 22:14:33 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\EAC
[2011/12/04 15:54:14 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Hewlett-Packard
[2011/12/04 15:54:44 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Hewlett-Packard Company
[2012/06/03 22:25:39 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\hpqLog
[2012/03/18 18:53:28 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\HpUpdate
[2011/07/07 19:43:26 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Identities
[2012/03/15 00:03:52 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\IrfanView
[2011/07/07 19:46:44 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Macromedia
[2012/06/03 21:38:26 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Malwarebytes
[2012/02/16 20:55:23 | 000,000,000 | --SD | M] -- C:\Users\Benni\AppData\Roaming\Microsoft
[2011/07/07 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Mozilla
[2012/05/25 19:55:19 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Q-Dir
[2011/10/28 18:50:43 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Roxio
[2012/05/17 00:59:13 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Skype
[2011/12/30 15:46:15 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\TomTom
[2011/08/19 21:25:54 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\vlc
[2012/06/04 21:56:37 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Vvrvggurgv
[2012/01/23 23:09:18 | 000,000,000 | ---D | M] -- C:\Users\Benni\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2012/01/17 20:48:02 | 000,010,134 | ---- | M] () -- C:\Users\Benni\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1f6d6691df50b157\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010/01/08 23:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2010/01/08 23:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\swsetup\Drivers\32\HDD\IaStor.sys
[2010/01/08 23:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\swsetup\INTELMSM\Winall\Driver\IaStor.sys
[2010/01/08 23:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2010/01/08 23:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\swsetup\Drivers\64\HDD\IaStor.sys
[2010/01/08 23:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\swsetup\INTELMSM\Winall\Driver64\IaStor.sys
[2010/01/08 23:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\windows\SysNative\drivers\iaStor.sys
[2010/01/08 23:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5db459a8209eb08e\iaStor.sys
[2010/01/08 23:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_9ec067702a498bab\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\windows\SysNative\netlogon.dll
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\windows\SysNative\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\windows\SysNative\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/09/12 22:24:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/09/12 22:24:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2010/09/12 22:24:01 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

cosinus · 08.06.2012, 13:14

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: []  File not found
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{26fb0b56-edcd-11e0-ba67-ac811257c045}\Shell - "" = AutoRun
O33 - MountPoints2\{26fb0b56-edcd-11e0-ba67-ac811257c045}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{26fb0b6c-edcd-11e0-ba67-ac811257c045}\Shell - "" = AutoRun
O33 - MountPoints2\{26fb0b6c-edcd-11e0-ba67-ac811257c045}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{717564dd-3fa8-11e1-b313-cc52af05ae12}\Shell - "" = AutoRun
O33 - MountPoints2\{717564dd-3fa8-11e1-b313-cc52af05ae12}\Shell\AutoRun\command - "" = D:\AutoRun.exe
:Files
C:\Users\Benni\AppData\Roaming\Vvrvggurgv
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Bennsen · 08.06.2012, 15:43

Und auch das erledigt

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26fb0b56-edcd-11e0-ba67-ac811257c045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26fb0b56-edcd-11e0-ba67-ac811257c045}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26fb0b56-edcd-11e0-ba67-ac811257c045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26fb0b56-edcd-11e0-ba67-ac811257c045}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26fb0b6c-edcd-11e0-ba67-ac811257c045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26fb0b6c-edcd-11e0-ba67-ac811257c045}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26fb0b6c-edcd-11e0-ba67-ac811257c045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26fb0b6c-edcd-11e0-ba67-ac811257c045}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{717564dd-3fa8-11e1-b313-cc52af05ae12}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{717564dd-3fa8-11e1-b313-cc52af05ae12}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{717564dd-3fa8-11e1-b313-cc52af05ae12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{717564dd-3fa8-11e1-b313-cc52af05ae12}\ not found.
File D:\AutoRun.exe not found.
========== FILES ==========
C:\Users\Benni\AppData\Roaming\Vvrvggurgv folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Benni
->Temp folder emptied: 847052214 bytes
->Temporary Internet Files folder emptied: 55000676 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 592452614 bytes
->Flash cache emptied: 31171 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 358738074 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1,768.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Benni
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.46.0 log created on 06082012_163530

Files\Folders moved on Reboot...
C:\Users\Benni\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 08.06.2012, 17:23

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Bennsen · 09.06.2012, 02:30

Code:

ATTFilter

03:27:14.0141 4244	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
03:27:14.0330 4244	============================================================
03:27:14.0330 4244	Current date / time: 2012/06/09 03:27:14.0330
03:27:14.0330 4244	SystemInfo:
03:27:14.0330 4244	
03:27:14.0331 4244	OS Version: 6.1.7600 ServicePack: 0.0
03:27:14.0331 4244	Product type: Workstation
03:27:14.0331 4244	ComputerName: ***
03:27:14.0331 4244	UserName: Benni
03:27:14.0331 4244	Windows directory: C:\windows
03:27:14.0331 4244	System windows directory: C:\windows
03:27:14.0331 4244	Running under WOW64
03:27:14.0331 4244	Processor architecture: Intel x64
03:27:14.0331 4244	Number of processors: 4
03:27:14.0331 4244	Page size: 0x1000
03:27:14.0331 4244	Boot type: Normal boot
03:27:14.0331 4244	============================================================
03:27:14.0859 4244	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:27:14.0870 4244	============================================================
03:27:14.0870 4244	\Device\Harddisk0\DR0:
03:27:14.0870 4244	MBR partitions:
03:27:14.0870 4244	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
03:27:14.0870 4244	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23197000
03:27:14.0870 4244	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2322D800, BlocksNum 0x1E00000
03:27:14.0870 4244	\Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x2502D800, BlocksNum 0x3FD800
03:27:14.0870 4244	============================================================
03:27:14.0894 4244	C: <-> \Device\Harddisk0\DR0\Partition1
03:27:14.0922 4244	F: <-> \Device\Harddisk0\DR0\Partition3
03:27:14.0923 4244	============================================================
03:27:14.0923 4244	Initialize success
03:27:14.0923 4244	============================================================
03:27:21.0559 2928	============================================================
03:27:21.0559 2928	Scan started
03:27:21.0559 2928	Mode: Manual; SigCheck; TDLFS; 
03:27:21.0559 2928	============================================================
03:27:21.0962 2928	1394ohci        (69aa89a20dee08bfa650aab6ce37bd10) C:\windows\system32\drivers\1394ohci.sys
03:27:22.0065 2928	1394ohci - ok
03:27:22.0145 2928	ac.sharedstore  (5e8efeb338deb1f485420b090fe6c85e) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
03:27:22.0170 2928	ac.sharedstore - ok
03:27:22.0217 2928	Accelerometer   (5c368f4b04ed2a923e6afca2d37baff5) C:\windows\system32\DRIVERS\Accelerometer.sys
03:27:22.0258 2928	Accelerometer - ok
03:27:22.0304 2928	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
03:27:22.0334 2928	ACPI - ok
03:27:22.0372 2928	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
03:27:22.0399 2928	AcpiPmi - ok
03:27:22.0512 2928	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
03:27:22.0527 2928	AdobeARMservice - ok
03:27:22.0581 2928	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
03:27:22.0614 2928	adp94xx - ok
03:27:22.0676 2928	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
03:27:22.0705 2928	adpahci - ok
03:27:22.0729 2928	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
03:27:22.0754 2928	adpu320 - ok
03:27:22.0784 2928	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
03:27:22.0857 2928	AeLookupSvc - ok
03:27:22.0962 2928	AESTFilters     (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
03:27:22.0983 2928	AESTFilters - ok
03:27:23.0047 2928	AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
03:27:23.0079 2928	AFD - ok
03:27:23.0117 2928	AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
03:27:23.0135 2928	AgereModemAudio - ok
03:27:23.0235 2928	AgereSoftModem  (a6ab6f0ace87da76b4c401813d18be95) C:\windows\system32\DRIVERS\agrsm64.sys
03:27:23.0275 2928	AgereSoftModem - ok
03:27:23.0308 2928	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
03:27:23.0329 2928	agp440 - ok
03:27:23.0368 2928	ALG             (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
03:27:23.0392 2928	ALG - ok
03:27:23.0420 2928	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
03:27:23.0440 2928	aliide - ok
03:27:23.0451 2928	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
03:27:23.0471 2928	amdide - ok
03:27:23.0500 2928	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
03:27:23.0522 2928	AmdK8 - ok
03:27:23.0553 2928	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
03:27:23.0575 2928	AmdPPM - ok
03:27:23.0617 2928	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
03:27:23.0639 2928	amdsata - ok
03:27:23.0682 2928	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
03:27:23.0707 2928	amdsbs - ok
03:27:23.0724 2928	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
03:27:23.0744 2928	amdxata - ok
03:27:23.0849 2928	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
03:27:23.0869 2928	AntiVirSchedulerService - ok
03:27:23.0923 2928	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
03:27:23.0940 2928	AntiVirService - ok
03:27:23.0975 2928	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
03:27:24.0008 2928	AppID - ok
03:27:24.0032 2928	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
03:27:24.0106 2928	AppIDSvc - ok
03:27:24.0126 2928	Appinfo         (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
03:27:24.0147 2928	Appinfo - ok
03:27:24.0190 2928	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\windows\System32\appmgmts.dll
03:27:24.0213 2928	AppMgmt - ok
03:27:24.0250 2928	arc             (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
03:27:24.0271 2928	arc - ok
03:27:24.0292 2928	arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
03:27:24.0314 2928	arcsas - ok
03:27:24.0349 2928	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
03:27:24.0421 2928	AsyncMac - ok
03:27:24.0461 2928	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
03:27:24.0481 2928	atapi - ok
03:27:24.0555 2928	AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
03:27:24.0643 2928	AudioEndpointBuilder - ok
03:27:24.0653 2928	AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
03:27:24.0738 2928	AudioSrv - ok
03:27:24.0817 2928	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\windows\system32\DRIVERS\avgntflt.sys
03:27:24.0836 2928	avgntflt - ok
03:27:24.0869 2928	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\windows\system32\DRIVERS\avipbb.sys
03:27:24.0889 2928	avipbb - ok
03:27:24.0905 2928	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\windows\system32\DRIVERS\avkmgr.sys
03:27:24.0922 2928	avkmgr - ok
03:27:24.0962 2928	AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
03:27:24.0994 2928	AxInstSV - ok
03:27:25.0058 2928	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
03:27:25.0086 2928	b06bdrv - ok
03:27:25.0139 2928	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
03:27:25.0165 2928	b57nd60a - ok
03:27:25.0276 2928	BBSvc           (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
03:27:25.0303 2928	BBSvc - ok
03:27:25.0355 2928	BBUpdate        (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
03:27:25.0381 2928	BBUpdate - ok
03:27:25.0588 2928	BCM43XX         (35756e37d5fdee22fbf27090a14fe608) C:\windows\system32\DRIVERS\bcmwl664.sys
03:27:25.0696 2928	BCM43XX - ok
03:27:25.0838 2928	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
03:27:25.0859 2928	BDESVC - ok
03:27:25.0910 2928	Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
03:27:25.0981 2928	Beep - ok
03:27:26.0053 2928	BFE             (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll
03:27:26.0139 2928	BFE - ok
03:27:26.0204 2928	BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\System32\qmgr.dll
03:27:26.0296 2928	BITS - ok
03:27:26.0370 2928	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
03:27:26.0392 2928	blbdrive - ok
03:27:26.0417 2928	bowser          (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
03:27:26.0438 2928	bowser - ok
03:27:26.0471 2928	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
03:27:26.0498 2928	BrFiltLo - ok
03:27:26.0515 2928	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
03:27:26.0542 2928	BrFiltUp - ok
03:27:26.0586 2928	Browser         (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
03:27:26.0661 2928	Browser - ok
03:27:26.0693 2928	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
03:27:26.0720 2928	Brserid - ok
03:27:26.0738 2928	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
03:27:26.0765 2928	BrSerWdm - ok
03:27:26.0780 2928	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
03:27:26.0807 2928	BrUsbMdm - ok
03:27:26.0834 2928	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
03:27:26.0856 2928	BrUsbSer - ok
03:27:26.0894 2928	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
03:27:26.0915 2928	BthEnum - ok
03:27:26.0941 2928	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
03:27:26.0970 2928	BTHMODEM - ok
03:27:27.0003 2928	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
03:27:27.0032 2928	BthPan - ok
03:27:27.0089 2928	BTHPORT         (538392664fee486620dfea146f2500bc) C:\windows\System32\Drivers\BTHport.sys
03:27:27.0120 2928	BTHPORT - ok
03:27:27.0163 2928	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
03:27:27.0237 2928	bthserv - ok
03:27:27.0257 2928	BTHUSB          (6e71522e317b22257d8e37a1584b5829) C:\windows\System32\Drivers\BTHUSB.sys
03:27:27.0279 2928	BTHUSB - ok
03:27:27.0325 2928	btwaudio        (af838d8029ae7c27470862d63fa54d24) C:\windows\system32\drivers\btwaudio.sys
03:27:27.0342 2928	btwaudio - ok
03:27:27.0380 2928	btwavdt         (5c849bd7c78791c5cee9f4651d7fe38d) C:\windows\system32\DRIVERS\btwavdt.sys
03:27:27.0397 2928	btwavdt - ok
03:27:27.0514 2928	btwdins         (10ffb5fa51d5713d872b41a59dfc2213) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
03:27:27.0553 2928	btwdins - ok
03:27:27.0566 2928	btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\windows\system32\DRIVERS\btwl2cap.sys
03:27:27.0580 2928	btwl2cap - ok
03:27:27.0611 2928	btwrchid        (3e1991afa851a36dc978b0a1b0535c8b) C:\windows\system32\DRIVERS\btwrchid.sys
03:27:27.0626 2928	btwrchid - ok
03:27:27.0668 2928	cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
03:27:27.0741 2928	cdfs - ok
03:27:27.0782 2928	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
03:27:27.0806 2928	cdrom - ok
03:27:27.0849 2928	CertPropSvc     (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
03:27:27.0922 2928	CertPropSvc - ok
03:27:27.0936 2928	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
03:27:27.0963 2928	circlass - ok
03:27:27.0997 2928	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
03:27:28.0027 2928	CLFS - ok
03:27:28.0091 2928	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:27:28.0109 2928	clr_optimization_v2.0.50727_32 - ok
03:27:28.0158 2928	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:27:28.0176 2928	clr_optimization_v2.0.50727_64 - ok
03:27:28.0244 2928	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:27:28.0264 2928	clr_optimization_v4.0.30319_32 - ok
03:27:28.0301 2928	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:27:28.0319 2928	clr_optimization_v4.0.30319_64 - ok
03:27:28.0352 2928	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
03:27:28.0373 2928	CmBatt - ok
03:27:28.0396 2928	cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
03:27:28.0416 2928	cmdide - ok
03:27:28.0475 2928	CNG             (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
03:27:28.0518 2928	CNG - ok
03:27:28.0538 2928	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
03:27:28.0558 2928	Compbatt - ok
03:27:28.0583 2928	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
03:27:28.0610 2928	CompositeBus - ok
03:27:28.0620 2928	COMSysApp - ok
03:27:28.0668 2928	CpqDfw - ok
03:27:28.0699 2928	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
03:27:28.0719 2928	crcdisk - ok
03:27:28.0762 2928	CryptSvc        (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll
03:27:28.0838 2928	CryptSvc - ok
03:27:28.0887 2928	CSC             (4a6173c2279b498cd8f57cae504564cb) C:\windows\system32\drivers\csc.sys
03:27:28.0918 2928	CSC - ok
03:27:28.0967 2928	CscService      (873fbf927c06e5cee04dec617502f8fd) C:\windows\System32\cscsvc.dll
03:27:29.0000 2928	CscService - ok
03:27:29.0056 2928	DAMDrv          (a8ba4da23ac20bda23ca15234d42a3fa) C:\windows\system32\DRIVERS\DAMDrv64.sys
03:27:29.0071 2928	DAMDrv - ok
03:27:29.0150 2928	DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
03:27:29.0234 2928	DcomLaunch - ok
03:27:29.0341 2928	DCService.exe   (cc8b5c964b777f4ec3e89f13b4b5ff0f) C:\ProgramData\DatacardService\DCService.exe
03:27:29.0351 2928	DCService.exe ( UnsignedFile.Multi.Generic ) - warning
03:27:29.0351 2928	DCService.exe - detected UnsignedFile.Multi.Generic (1)
03:27:29.0469 2928	DEBridge        (e6e9610d76418357a7ec725989687cb4) c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
03:27:29.0489 2928	DEBridge ( UnsignedFile.Multi.Generic ) - warning
03:27:29.0490 2928	DEBridge - detected UnsignedFile.Multi.Generic (1)
03:27:29.0588 2928	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
03:27:29.0666 2928	defragsvc - ok
03:27:29.0730 2928	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
03:27:29.0751 2928	DfsC - ok
03:27:29.0796 2928	Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
03:27:29.0834 2928	Dhcp - ok
03:27:29.0861 2928	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
03:27:29.0933 2928	discache - ok
03:27:29.0975 2928	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
03:27:29.0996 2928	Disk - ok
03:27:30.0028 2928	Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
03:27:30.0053 2928	Dnscache - ok
03:27:30.0092 2928	dot3svc         (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
03:27:30.0169 2928	dot3svc - ok
03:27:30.0263 2928	DpHost          (e0e65ed0985a28fb18128d6099e985c4) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
03:27:30.0290 2928	DpHost - ok
03:27:30.0309 2928	DPS             (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
03:27:30.0386 2928	DPS - ok
03:27:30.0416 2928	drmkaud         (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
03:27:30.0443 2928	drmkaud - ok
03:27:30.0552 2928	DXGKrnl         (46156d3d372b502cd8c063c8e2b1cdc2) C:\windows\System32\drivers\dxgkrnl.sys
03:27:30.0600 2928	DXGKrnl - ok
03:27:30.0658 2928	e1kexpress      (e6bdb3c7ef35d82ff987576b9cf07a57) C:\windows\system32\DRIVERS\e1k62x64.sys
03:27:30.0681 2928	e1kexpress - ok
03:27:30.0714 2928	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
03:27:30.0788 2928	EapHost - ok
03:27:31.0006 2928	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
03:27:31.0094 2928	ebdrv - ok
03:27:31.0202 2928	EFS             (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
03:27:31.0223 2928	EFS - ok
03:27:31.0325 2928	ehRecvr         (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
03:27:31.0359 2928	ehRecvr - ok
03:27:31.0386 2928	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
03:27:31.0410 2928	ehSched - ok
03:27:31.0485 2928	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
03:27:31.0521 2928	elxstor - ok
03:27:31.0536 2928	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
03:27:31.0557 2928	ErrDev - ok
03:27:31.0623 2928	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
03:27:31.0705 2928	EventSystem - ok
03:27:31.0763 2928	ewusbnet        (23b79b19f49a037eba4a9a3bb03ed91d) C:\windows\system32\DRIVERS\ewusbnet.sys
03:27:31.0785 2928	ewusbnet - ok
03:27:31.0826 2928	ew_hwusbdev     (e2cbb821c7cae0ef8b56de28ed85c740) C:\windows\system32\DRIVERS\ew_hwusbdev.sys
03:27:31.0846 2928	ew_hwusbdev - ok
03:27:31.0896 2928	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
03:27:31.0970 2928	exfat - ok
03:27:32.0001 2928	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
03:27:32.0076 2928	fastfat - ok
03:27:32.0149 2928	Fax             (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
03:27:32.0184 2928	Fax - ok
03:27:32.0217 2928	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
03:27:32.0239 2928	fdc - ok
03:27:32.0257 2928	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
03:27:32.0330 2928	fdPHost - ok
03:27:32.0339 2928	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
03:27:32.0414 2928	FDResPub - ok
03:27:32.0452 2928	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
03:27:32.0473 2928	FileInfo - ok
03:27:32.0489 2928	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
03:27:32.0562 2928	Filetrace - ok
03:27:32.0668 2928	FLCDLOCK        (614b050875190ffe7abbaf0cbb4fbbba) c:\Windows\SysWOW64\flcdlock.exe
03:27:32.0690 2928	FLCDLOCK - ok
03:27:32.0724 2928	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
03:27:32.0744 2928	flpydisk - ok
03:27:32.0777 2928	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
03:27:32.0802 2928	FltMgr - ok
03:27:32.0898 2928	FontCache       (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll
03:27:32.0942 2928	FontCache - ok
03:27:33.0026 2928	FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:27:33.0041 2928	FontCache3.0.0.0 - ok
03:27:33.0083 2928	FsDepends       (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
03:27:33.0105 2928	FsDepends - ok
03:27:33.0123 2928	Fs_Rec          (d3e3f93d67821a2db2b3d9fac2dc2064) C:\windows\system32\drivers\Fs_Rec.sys
03:27:33.0143 2928	Fs_Rec - ok
03:27:33.0176 2928	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
03:27:33.0206 2928	fvevol - ok
03:27:33.0249 2928	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
03:27:33.0270 2928	gagp30kx - ok
03:27:33.0343 2928	gpsvc           (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
03:27:33.0392 2928	gpsvc - ok
03:27:33.0420 2928	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
03:27:33.0441 2928	hcw85cir - ok
03:27:33.0497 2928	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
03:27:33.0531 2928	HdAudAddService - ok
03:27:33.0566 2928	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
03:27:33.0595 2928	HDAudBus - ok
03:27:33.0637 2928	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
03:27:33.0653 2928	HECIx64 - ok
03:27:33.0672 2928	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
03:27:33.0693 2928	HidBatt - ok
03:27:33.0720 2928	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
03:27:33.0748 2928	HidBth - ok
03:27:33.0791 2928	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
03:27:33.0819 2928	HidIr - ok
03:27:33.0853 2928	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
03:27:33.0927 2928	hidserv - ok
03:27:33.0962 2928	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
03:27:33.0982 2928	HidUsb - ok
03:27:34.0004 2928	hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
03:27:34.0080 2928	hkmsvc - ok
03:27:34.0099 2928	HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
03:27:34.0125 2928	HomeGroupListener - ok
03:27:34.0163 2928	HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
03:27:34.0188 2928	HomeGroupProvider - ok
03:27:34.0321 2928	HP Power Assistant Service (fcd7a3d515b7ba9276e7c82a45b4ab02) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
03:27:34.0340 2928	HP Power Assistant Service - ok
03:27:34.0414 2928	HP ProtectTools Service (657e81df0625198c97f91c09ae9611fc) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
03:27:34.0424 2928	HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - warning
03:27:34.0424 2928	HP ProtectTools Service - detected UnsignedFile.Multi.Generic (1)
03:27:34.0470 2928	HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
03:27:34.0486 2928	HP Support Assistant Service - ok
03:27:34.0535 2928	HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
03:27:34.0552 2928	HP Wireless Assistant Service - ok
03:27:34.0636 2928	HPDayStarterService (a4a0e006a1826ea2629e59de2008bb9d) c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
03:27:34.0643 2928	HPDayStarterService ( UnsignedFile.Multi.Generic ) - warning
03:27:34.0643 2928	HPDayStarterService - detected UnsignedFile.Multi.Generic (1)
03:27:34.0714 2928	HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
03:27:34.0734 2928	HPDrvMntSvc.exe - ok
03:27:34.0782 2928	hpdskflt        (4e0bec0f78096ffd6d3314b497fc49d3) C:\windows\system32\DRIVERS\hpdskflt.sys
03:27:34.0796 2928	hpdskflt - ok
03:27:34.0852 2928	HpFkCryptService (5afb3f9b74553bd933555e1c800d2ce1) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
03:27:34.0874 2928	HpFkCryptService - ok
03:27:34.0940 2928	HPFSService     (e123b122d5217f724b1d2641010c9d3c) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
03:27:34.0953 2928	HPFSService ( UnsignedFile.Multi.Generic ) - warning
03:27:34.0953 2928	HPFSService - detected UnsignedFile.Multi.Generic (1)
03:27:35.0110 2928	hpHotkeyMonitor (7d10e0f2f603a3ce65f0b9750f7abdb2) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
03:27:35.0176 2928	hpHotkeyMonitor - ok
03:27:35.0302 2928	HpqKbFiltr      (b98ee5d4535a685634b90f7e04de0df7) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
03:27:35.0317 2928	HpqKbFiltr - ok
03:27:35.0465 2928	hpqwmiex        (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
03:27:35.0509 2928	hpqwmiex - ok
03:27:35.0541 2928	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
03:27:35.0563 2928	HpSAMD - ok
03:27:35.0605 2928	hpsrv           (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\windows\system32\Hpservice.exe
03:27:35.0621 2928	hpsrv - ok
03:27:35.0700 2928	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
03:27:35.0786 2928	HTTP - ok
03:27:35.0826 2928	huawei_enumerator (08b1a06a55f068a17a51ba26618cf50f) C:\windows\system32\DRIVERS\ew_jubusenum.sys
03:27:35.0845 2928	huawei_enumerator - ok
03:27:35.0882 2928	hwdatacard      (6e5cd3984742a922d0c183c7e82c3c94) C:\windows\system32\DRIVERS\ewusbmdm.sys
03:27:35.0905 2928	hwdatacard - ok
03:27:35.0922 2928	hwpolicy        (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
03:27:35.0941 2928	hwpolicy - ok
03:27:35.0982 2928	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
03:27:36.0004 2928	i8042prt - ok
03:27:36.0111 2928	IAANTMON        (d782f0c741ee2d50ac8d38774597fb2b) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
03:27:36.0136 2928	IAANTMON - ok
03:27:36.0167 2928	iaStor          (dc0b4553d089e2bd07aebd9ea30beafb) C:\windows\system32\DRIVERS\iaStor.sys
03:27:36.0193 2928	iaStor - ok
03:27:36.0252 2928	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
03:27:36.0283 2928	iaStorV - ok
03:27:36.0419 2928	idsvc           (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:27:36.0460 2928	idsvc - ok
03:27:37.0095 2928	igfx            (2a22ab054f4630d2ef4bab2853f6d5f6) C:\windows\system32\DRIVERS\igdkmd64.sys
03:27:37.0338 2928	igfx - ok
03:27:37.0483 2928	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
03:27:37.0504 2928	iirsp - ok
03:27:37.0576 2928	IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
03:27:37.0667 2928	IKEEXT - ok
03:27:37.0717 2928	Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
03:27:37.0735 2928	Impcd - ok
03:27:37.0793 2928	IntcDAud        (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
03:27:37.0816 2928	IntcDAud - ok
03:27:37.0860 2928	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
03:27:37.0879 2928	intelide - ok
03:27:37.0905 2928	intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
03:27:37.0927 2928	intelppm - ok
03:27:37.0953 2928	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
03:27:38.0027 2928	IPBusEnum - ok
03:27:38.0053 2928	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
03:27:38.0128 2928	IpFilterDriver - ok
03:27:38.0184 2928	iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
03:27:38.0265 2928	iphlpsvc - ok
03:27:38.0294 2928	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
03:27:38.0314 2928	IPMIDRV - ok
03:27:38.0338 2928	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
03:27:38.0406 2928	IPNAT - ok
03:27:38.0431 2928	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
03:27:38.0461 2928	IRENUM - ok
03:27:38.0479 2928	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
03:27:38.0500 2928	isapnp - ok
03:27:38.0526 2928	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
03:27:38.0552 2928	iScsiPrt - ok
03:27:38.0572 2928	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
03:27:38.0592 2928	kbdclass - ok
03:27:38.0619 2928	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
03:27:38.0640 2928	kbdhid - ok
03:27:38.0677 2928	KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
03:27:38.0698 2928	KeyIso - ok
03:27:38.0716 2928	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
03:27:38.0738 2928	KSecDD - ok
03:27:38.0757 2928	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
03:27:38.0781 2928	KSecPkg - ok
03:27:38.0807 2928	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
03:27:38.0881 2928	ksthunk - ok
03:27:38.0931 2928	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
03:27:39.0012 2928	KtmRm - ok
03:27:39.0070 2928	LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\windows\system32\srvsvc.dll
03:27:39.0093 2928	LanmanServer - ok
03:27:39.0124 2928	LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
03:27:39.0193 2928	LanmanWorkstation - ok
03:27:39.0281 2928	LightScribeService (c34411a244029f1c08687f7c752c4563) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
03:27:39.0288 2928	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
03:27:39.0288 2928	LightScribeService - detected UnsignedFile.Multi.Generic (1)
03:27:39.0333 2928	lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
03:27:39.0407 2928	lltdio - ok
03:27:39.0445 2928	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
03:27:39.0525 2928	lltdsvc - ok
03:27:39.0552 2928	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
03:27:39.0626 2928	lmhosts - ok
03:27:39.0724 2928	LMS             (271f79326cd571bd271d45c47148ed78) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
03:27:39.0746 2928	LMS - ok
03:27:39.0793 2928	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
03:27:39.0816 2928	LSI_FC - ok
03:27:39.0834 2928	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
03:27:39.0856 2928	LSI_SAS - ok
03:27:39.0871 2928	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
03:27:39.0891 2928	LSI_SAS2 - ok
03:27:39.0923 2928	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
03:27:39.0946 2928	LSI_SCSI - ok
03:27:39.0979 2928	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
03:27:40.0052 2928	luafv - ok
03:27:40.0098 2928	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
03:27:40.0116 2928	MBAMProtector - ok
03:27:40.0186 2928	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
03:27:40.0221 2928	MBAMService - ok
03:27:40.0268 2928	Mcx2Svc         (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
03:27:40.0292 2928	Mcx2Svc - ok
03:27:40.0323 2928	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
03:27:40.0343 2928	megasas - ok
03:27:40.0377 2928	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
03:27:40.0404 2928	MegaSR - ok
03:27:40.0448 2928	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
03:27:40.0521 2928	MMCSS - ok
03:27:40.0546 2928	Modem           (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
03:27:40.0619 2928	Modem - ok
03:27:40.0647 2928	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
03:27:40.0674 2928	monitor - ok
03:27:40.0712 2928	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
03:27:40.0732 2928	mouclass - ok
03:27:40.0775 2928	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
03:27:40.0796 2928	mouhid - ok
03:27:40.0827 2928	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
03:27:40.0848 2928	mountmgr - ok
03:27:40.0940 2928	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:27:40.0959 2928	MozillaMaintenance - ok
03:27:40.0989 2928	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
03:27:41.0012 2928	mpio - ok
03:27:41.0033 2928	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
03:27:41.0108 2928	mpsdrv - ok
03:27:41.0176 2928	MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\windows\system32\mpssvc.dll
03:27:41.0263 2928	MpsSvc - ok
03:27:41.0321 2928	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
03:27:41.0351 2928	MRxDAV - ok
03:27:41.0386 2928	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
03:27:41.0407 2928	mrxsmb - ok
03:27:41.0447 2928	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
03:27:41.0472 2928	mrxsmb10 - ok
03:27:41.0488 2928	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
03:27:41.0510 2928	mrxsmb20 - ok
03:27:41.0551 2928	msahci          (2ba4ff3d5eb68587dd662a896f649c7d) C:\windows\system32\drivers\msahci.sys
03:27:41.0572 2928	msahci - ok
03:27:41.0608 2928	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
03:27:41.0632 2928	msdsm - ok
03:27:41.0667 2928	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
03:27:41.0694 2928	MSDTC - ok
03:27:41.0737 2928	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
03:27:41.0809 2928	Msfs - ok
03:27:41.0833 2928	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
03:27:41.0906 2928	mshidkmdf - ok
03:27:41.0923 2928	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
03:27:41.0943 2928	msisadrv - ok
03:27:41.0976 2928	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
03:27:42.0050 2928	MSiSCSI - ok
03:27:42.0054 2928	msiserver - ok
03:27:42.0081 2928	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
03:27:42.0149 2928	MSKSSRV - ok
03:27:42.0153 2928	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
03:27:42.0219 2928	MSPCLOCK - ok
03:27:42.0224 2928	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
03:27:42.0291 2928	MSPQM - ok
03:27:42.0328 2928	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
03:27:42.0356 2928	MsRPC - ok
03:27:42.0389 2928	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
03:27:42.0408 2928	mssmbios - ok
03:27:42.0420 2928	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
03:27:42.0487 2928	MSTEE - ok
03:27:42.0502 2928	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
03:27:42.0522 2928	MTConfig - ok
03:27:42.0540 2928	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
03:27:42.0560 2928	Mup - ok
03:27:42.0614 2928	napagent        (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
03:27:42.0696 2928	napagent - ok
03:27:42.0738 2928	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
03:27:42.0774 2928	NativeWifiP - ok
03:27:42.0853 2928	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
03:27:42.0902 2928	NDIS - ok
03:27:42.0924 2928	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
03:27:42.0998 2928	NdisCap - ok
03:27:43.0020 2928	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
03:27:43.0093 2928	NdisTapi - ok
03:27:43.0130 2928	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
03:27:43.0203 2928	Ndisuio - ok
03:27:43.0227 2928	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
03:27:43.0294 2928	NdisWan - ok
03:27:43.0308 2928	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
03:27:43.0375 2928	NDProxy - ok
03:27:43.0403 2928	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
03:27:43.0469 2928	NetBIOS - ok
03:27:43.0501 2928	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
03:27:43.0570 2928	NetBT - ok
03:27:43.0610 2928	Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
03:27:43.0632 2928	Netlogon - ok
03:27:43.0685 2928	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
03:27:43.0769 2928	Netman - ok
03:27:43.0806 2928	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
03:27:43.0891 2928	netprofm - ok
03:27:43.0975 2928	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:27:43.0993 2928	NetTcpPortSharing - ok
03:27:44.0499 2928	NETw5s64        (39ede676d17f37af4573c2b33ec28aca) C:\windows\system32\DRIVERS\NETw5s64.sys
03:27:44.0677 2928	NETw5s64 - ok
03:27:44.0926 2928	Netzmanager Service (70b5b4e69a07895df30291cab6abda54) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
03:27:44.0991 2928	Netzmanager Service ( UnsignedFile.Multi.Generic ) - warning
03:27:44.0991 2928	Netzmanager Service - detected UnsignedFile.Multi.Generic (1)
03:27:45.0114 2928	nfrd960         (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
03:27:45.0134 2928	nfrd960 - ok
03:27:45.0187 2928	NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
03:27:45.0267 2928	NlaSvc - ok
03:27:45.0292 2928	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
03:27:45.0364 2928	Npfs - ok
03:27:45.0376 2928	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
03:27:45.0448 2928	nsi - ok
03:27:45.0470 2928	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
03:27:45.0534 2928	nsiproxy - ok
03:27:45.0667 2928	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
03:27:45.0738 2928	Ntfs - ok
03:27:45.0838 2928	Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
03:27:45.0909 2928	Null - ok
03:27:45.0959 2928	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
03:27:45.0982 2928	nvraid - ok
03:27:46.0020 2928	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
03:27:46.0044 2928	nvstor - ok
03:27:46.0086 2928	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
03:27:46.0109 2928	nv_agp - ok
03:27:46.0138 2928	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
03:27:46.0159 2928	ohci1394 - ok
03:27:46.0252 2928	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:27:46.0271 2928	ose - ok
03:27:46.0651 2928	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
03:27:46.0825 2928	osppsvc - ok
03:27:46.0964 2928	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
03:27:46.0990 2928	p2pimsvc - ok
03:27:47.0029 2928	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
03:27:47.0059 2928	p2psvc - ok
03:27:47.0101 2928	Parport         (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
03:27:47.0124 2928	Parport - ok
03:27:47.0155 2928	partmgr         (90061b1acfe8ccaa5345750ffe08d8b8) C:\windows\system32\drivers\partmgr.sys
03:27:47.0177 2928	partmgr - ok
03:27:47.0200 2928	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
03:27:47.0235 2928	PcaSvc - ok
03:27:47.0262 2928	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
03:27:47.0286 2928	pci - ok
03:27:47.0320 2928	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
03:27:47.0340 2928	pciide - ok
03:27:47.0382 2928	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
03:27:47.0407 2928	pcmcia - ok
03:27:47.0435 2928	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
03:27:47.0456 2928	pcw - ok
03:27:47.0509 2928	pdfcDispatcher - ok
03:27:47.0568 2928	PdiService      (4a8cc4d25525f456069887d5e8c53225) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
03:27:47.0585 2928	PdiService - ok
03:27:47.0635 2928	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
03:27:47.0721 2928	PEAUTH - ok
03:27:47.0824 2928	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\windows\system32\peerdistsvc.dll
03:27:47.0875 2928	PeerDistSvc - ok
03:27:47.0942 2928	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
03:27:47.0966 2928	PerfHost - ok
03:27:48.0137 2928	pla             (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
03:27:48.0240 2928	pla - ok
03:27:48.0310 2928	PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
03:27:48.0339 2928	PlugPlay - ok
03:27:48.0354 2928	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
03:27:48.0377 2928	PNRPAutoReg - ok
03:27:48.0414 2928	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
03:27:48.0443 2928	PNRPsvc - ok
03:27:48.0502 2928	PolicyAgent     (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
03:27:48.0586 2928	PolicyAgent - ok
03:27:48.0624 2928	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
03:27:48.0702 2928	Power - ok
03:27:48.0754 2928	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
03:27:48.0828 2928	PptpMiniport - ok
03:27:48.0858 2928	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
03:27:48.0880 2928	Processor - ok
03:27:48.0909 2928	ProfSvc         (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll
03:27:48.0987 2928	ProfSvc - ok
03:27:49.0011 2928	ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
03:27:49.0031 2928	ProtectedStorage - ok
03:27:49.0057 2928	Psched          (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
03:27:49.0125 2928	Psched - ok
03:27:49.0156 2928	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
03:27:49.0171 2928	PxHlpa64 - ok
03:27:49.0285 2928	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
03:27:49.0357 2928	ql2300 - ok
03:27:49.0453 2928	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
03:27:49.0476 2928	ql40xx - ok
03:27:49.0512 2928	QWAVE           (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
03:27:49.0548 2928	QWAVE - ok
03:27:49.0572 2928	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
03:27:49.0603 2928	QWAVEdrv - ok
03:27:49.0616 2928	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
03:27:49.0690 2928	RasAcd - ok
03:27:49.0723 2928	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
03:27:49.0797 2928	RasAgileVpn - ok
03:27:49.0809 2928	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
03:27:49.0880 2928	RasAuto - ok
03:27:49.0897 2928	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
03:27:49.0964 2928	Rasl2tp - ok
03:27:50.0008 2928	RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
03:27:50.0080 2928	RasMan - ok
03:27:50.0095 2928	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
03:27:50.0164 2928	RasPppoe - ok
03:27:50.0183 2928	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
03:27:50.0251 2928	RasSstp - ok
03:27:50.0282 2928	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
03:27:50.0353 2928	rdbss - ok
03:27:50.0378 2928	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
03:27:50.0404 2928	rdpbus - ok
03:27:50.0429 2928	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
03:27:50.0489 2928	RDPCDD - ok
03:27:50.0530 2928	RDPDR           (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\windows\system32\drivers\rdpdr.sys
03:27:50.0549 2928	RDPDR - ok
03:27:50.0571 2928	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
03:27:50.0637 2928	RDPENCDD - ok
03:27:50.0663 2928	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
03:27:50.0735 2928	RDPREFMP - ok
03:27:50.0777 2928	RDPWD           (074ac702d8b8b660b0e1371555995386) C:\windows\system32\drivers\RDPWD.sys
03:27:50.0800 2928	RDPWD - ok
03:27:50.0855 2928	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
03:27:50.0880 2928	rdyboost - ok
03:27:50.0908 2928	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
03:27:50.0981 2928	RemoteAccess - ok
03:27:51.0010 2928	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
03:27:51.0086 2928	RemoteRegistry - ok
03:27:51.0133 2928	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
03:27:51.0163 2928	RFCOMM - ok
03:27:51.0199 2928	rimspci         (3dca561aaf776aa2e356fb5b142aa5f8) C:\windows\system32\DRIVERS\rimspe64.sys
03:27:51.0214 2928	rimspci - ok
03:27:51.0231 2928	risdpcie        (c4581f04aa130892555b821f1fbaa151) C:\windows\system32\DRIVERS\risdpe64.sys
03:27:51.0247 2928	risdpcie - ok
03:27:51.0263 2928	rixdpcie        (a4579105a3c5b6290701ead0c153e07a) C:\windows\system32\DRIVERS\rixdpe64.sys
03:27:51.0279 2928	rixdpcie - ok
03:27:51.0487 2928	RoxMediaDB10    (c48ae8b3067261a48fcc31979a3a1eb9) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
03:27:51.0535 2928	RoxMediaDB10 - ok
03:27:51.0565 2928	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
03:27:51.0642 2928	RpcEptMapper - ok
03:27:51.0671 2928	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
03:27:51.0695 2928	RpcLocator - ok
03:27:51.0743 2928	RpcSs           (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
03:27:51.0829 2928	RpcSs - ok
03:27:51.0895 2928	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
03:27:51.0968 2928	rspndr - ok
03:27:51.0992 2928	RsvLock         (26e0d15fb1835f7ed638f157ccd2e04d) C:\windows\system32\drivers\RsvLock.sys
03:27:52.0007 2928	RsvLock - ok
03:27:52.0037 2928	rtsuvc          (39a1cf40aa29a16fe176b825195a3e0b) C:\windows\system32\DRIVERS\rtsuvc.sys
03:27:52.0057 2928	rtsuvc - ok
03:27:52.0079 2928	s3cap           (88af6e02ab19df7fd07ecdf9c91e9af6) C:\windows\system32\DRIVERS\vms3cap.sys
03:27:52.0100 2928	s3cap - ok
03:27:52.0115 2928	SafeBoot        (6ef8e5e3a079c97c70915cf740e89977) C:\windows\system32\drivers\SafeBoot.sys
03:27:52.0116 2928	Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 6ef8e5e3a079c97c70915cf740e89977
03:27:52.0116 2928	SafeBoot ( LockedFile.Multi.Generic ) - warning
03:27:52.0116 2928	SafeBoot - detected LockedFile.Multi.Generic (1)
03:27:52.0144 2928	SamSs           (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
03:27:52.0166 2928	SamSs - ok
03:27:52.0173 2928	SbAlg           (fd8714a36c4646de22ddc7e36f6d09ef) C:\windows\system32\drivers\SbAlg.sys
03:27:52.0189 2928	SbAlg - ok
03:27:52.0204 2928	SbFsLock        (43027f1996f3ac6bd54b8a871996b7b3) C:\windows\system32\drivers\SbFsLock.sys
03:27:52.0218 2928	SbFsLock - ok
03:27:52.0245 2928	sbp2port        (9f0439389fbd5b5f900966c5c66bcfab) C:\windows\system32\drivers\sbp2port.sys
03:27:52.0267 2928	sbp2port - ok
03:27:52.0307 2928	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
03:27:52.0383 2928	SCardSvr - ok
03:27:52.0408 2928	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
03:27:52.0481 2928	scfilter - ok
03:27:52.0567 2928	Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
03:27:52.0612 2928	Schedule - ok
03:27:52.0643 2928	SCPolicySvc     (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
03:27:52.0717 2928	SCPolicySvc - ok
03:27:52.0758 2928	sdbus           (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\DRIVERS\sdbus.sys
03:27:52.0780 2928	sdbus - ok
03:27:52.0808 2928	SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
03:27:52.0832 2928	SDRSVC - ok
03:27:52.0863 2928	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
03:27:52.0936 2928	secdrv - ok
03:27:52.0943 2928	seclogon        (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
03:27:53.0016 2928	seclogon - ok
03:27:53.0046 2928	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
03:27:53.0120 2928	SENS - ok
03:27:53.0147 2928	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
03:27:53.0169 2928	SensrSvc - ok
03:27:53.0195 2928	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
03:27:53.0217 2928	Serenum - ok
03:27:53.0248 2928	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
03:27:53.0269 2928	Serial - ok
03:27:53.0301 2928	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
03:27:53.0321 2928	sermouse - ok
03:27:53.0359 2928	SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
03:27:53.0434 2928	SessionEnv - ok
03:27:53.0452 2928	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
03:27:53.0471 2928	sffdisk - ok
03:27:53.0492 2928	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
03:27:53.0512 2928	sffp_mmc - ok
03:27:53.0523 2928	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
03:27:53.0544 2928	sffp_sd - ok
03:27:53.0562 2928	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
03:27:53.0583 2928	sfloppy - ok
03:27:53.0652 2928	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
03:27:53.0731 2928	SharedAccess - ok
03:27:53.0772 2928	ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
03:27:53.0817 2928	ShellHWDetection - ok
03:27:53.0845 2928	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
03:27:53.0865 2928	SiSRaid2 - ok
03:27:53.0884 2928	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
03:27:53.0905 2928	SiSRaid4 - ok
03:27:53.0981 2928	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
03:27:54.0000 2928	SkypeUpdate - ok
03:27:54.0037 2928	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
03:27:54.0112 2928	Smb - ok
03:27:54.0153 2928	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
03:27:54.0178 2928	SNMPTRAP - ok
03:27:54.0190 2928	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
03:27:54.0210 2928	spldr - ok
03:27:54.0261 2928	Spooler         (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
03:27:54.0291 2928	Spooler - ok
03:27:54.0511 2928	sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
03:27:54.0613 2928	sppsvc - ok
03:27:54.0721 2928	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
03:27:54.0795 2928	sppuinotify - ok
03:27:54.0868 2928	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
03:27:54.0896 2928	srv - ok
03:27:54.0936 2928	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
03:27:54.0962 2928	srv2 - ok
03:27:54.0980 2928	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
03:27:55.0002 2928	srvnet - ok
03:27:55.0044 2928	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
03:27:55.0121 2928	SSDPSRV - ok
03:27:55.0154 2928	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
03:27:55.0228 2928	SstpSvc - ok
03:27:55.0329 2928	STacSV          (f8807aaf697e1d20c9d7716a4941e574) C:\Program Files\IDT\WDM\STacSV64.exe
03:27:55.0352 2928	STacSV - ok
03:27:55.0381 2928	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
03:27:55.0402 2928	stexstor - ok
03:27:55.0455 2928	STHDA           (96df19a03d37f8568141612d31f0d035) C:\windows\system32\DRIVERS\stwrt64.sys
03:27:55.0482 2928	STHDA - ok
03:27:55.0534 2928	StillCam        (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
03:27:55.0562 2928	StillCam - ok
03:27:55.0627 2928	stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
03:27:55.0672 2928	stisvc - ok
03:27:55.0739 2928	stllssvr        (ad989072596ab313d7fa13bcf69573f7) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
03:27:55.0754 2928	stllssvr - ok
03:27:55.0795 2928	storflt         (ffd7a6f15b14234b5b0e5d49e7961895) C:\windows\system32\DRIVERS\vmstorfl.sys
03:27:55.0818 2928	storflt - ok
03:27:55.0850 2928	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\windows\system32\storsvc.dll
03:27:55.0872 2928	StorSvc - ok
03:27:55.0904 2928	storvsc         (8fccbefc5c440b3c23454656e551b09a) C:\windows\system32\DRIVERS\storvsc.sys
03:27:55.0924 2928	storvsc - ok
03:27:55.0942 2928	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
03:27:55.0961 2928	swenum - ok
03:27:56.0018 2928	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
03:27:56.0103 2928	swprv - ok
03:27:56.0234 2928	SynTP           (d268d2a0db2a2bbe963e688d0b039267) C:\windows\system32\DRIVERS\SynTP.sys
03:27:56.0291 2928	SynTP - ok
03:27:56.0510 2928	SysMain         (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
03:27:56.0581 2928	SysMain - ok
03:27:56.0655 2928	TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
03:27:56.0689 2928	TabletInputService - ok
03:27:56.0724 2928	TapiSrv         (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
03:27:56.0805 2928	TapiSrv - ok
03:27:56.0828 2928	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
03:27:56.0898 2928	TBS - ok
03:27:57.0079 2928	Tcpip           (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\drivers\tcpip.sys
03:27:57.0156 2928	Tcpip - ok
03:27:57.0368 2928	TCPIP6          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\DRIVERS\tcpip.sys
03:27:57.0445 2928	TCPIP6 - ok
03:27:57.0521 2928	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
03:27:57.0594 2928	tcpipreg - ok
03:27:57.0617 2928	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
03:27:57.0638 2928	TDPIPE - ok
03:27:57.0661 2928	TDTCP           (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys
03:27:57.0682 2928	TDTCP - ok
03:27:57.0716 2928	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
03:27:57.0790 2928	tdx - ok
03:27:57.0873 2928	TelekomNM6      (4283d7125ba4bd0cb50bb0f78b54257a) C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys
03:27:57.0889 2928	TelekomNM6 - ok
03:27:57.0929 2928	TermDD          (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
03:27:57.0950 2928	TermDD - ok
03:27:58.0015 2928	TermService     (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
03:27:58.0104 2928	TermService - ok
03:27:58.0119 2928	Themes          (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
03:27:58.0151 2928	Themes - ok
03:27:58.0182 2928	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
03:27:58.0253 2928	THREADORDER - ok
03:27:58.0323 2928	TomTomHOMEService (efef22b9577e5051057fde1ae381b50c) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
03:27:58.0338 2928	TomTomHOMEService - ok
03:27:58.0371 2928	TPM             (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys
03:27:58.0391 2928	TPM - ok
03:27:58.0436 2928	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
03:27:58.0512 2928	TrkWks - ok
03:27:58.0573 2928	TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
03:27:58.0598 2928	TrustedInstaller - ok
03:27:58.0621 2928	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
03:27:58.0692 2928	tssecsrv - ok
03:27:58.0719 2928	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
03:27:58.0794 2928	tunnel - ok
03:27:58.0841 2928	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
03:27:58.0862 2928	uagp35 - ok
03:27:58.0910 2928	udfs            (0e5e962b5649d544be54e8c90761ea2b) C:\windows\system32\DRIVERS\udfs.sys
03:27:58.0937 2928	udfs - ok
03:27:58.0974 2928	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
03:27:58.0999 2928	UI0Detect - ok
03:27:59.0041 2928	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
03:27:59.0062 2928	uliagpkx - ok
03:27:59.0089 2928	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
03:27:59.0110 2928	umbus - ok
03:27:59.0144 2928	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
03:27:59.0165 2928	UmPass - ok
03:27:59.0199 2928	UmRdpService    (af0ac98ee5077eb844413eb54287fde3) C:\windows\System32\umrdp.dll
03:27:59.0225 2928	UmRdpService - ok
03:27:59.0477 2928	UNS             (5713e039c0622f40347735cba460b8fc) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
03:27:59.0565 2928	UNS - ok
03:27:59.0668 2928	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
03:27:59.0742 2928	upnphost - ok
03:27:59.0800 2928	usbccgp         (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
03:27:59.0822 2928	usbccgp - ok
03:27:59.0859 2928	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
03:27:59.0887 2928	usbcir - ok
03:27:59.0905 2928	usbehci         (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
03:27:59.0925 2928	usbehci - ok
03:27:59.0967 2928	usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
03:27:59.0992 2928	usbhub - ok
03:28:00.0013 2928	usbohci         (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
03:28:00.0034 2928	usbohci - ok
03:28:00.0064 2928	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
03:28:00.0091 2928	usbprint - ok
03:28:00.0116 2928	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
03:28:00.0138 2928	USBSTOR - ok
03:28:00.0180 2928	usbuhci         (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
03:28:00.0199 2928	usbuhci - ok
03:28:00.0237 2928	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
03:28:00.0260 2928	usbvideo - ok
03:28:00.0294 2928	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
03:28:00.0370 2928	UxSms - ok
03:28:00.0403 2928	VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
03:28:00.0424 2928	VaultSvc - ok
03:28:00.0625 2928	vcsFPService    (bbe2b5036d2ff45458c747fb2513591d) C:\windows\system32\vcsFPService.exe
03:28:00.0705 2928	vcsFPService - ok
03:28:00.0819 2928	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
03:28:00.0841 2928	vdrvroot - ok
03:28:00.0890 2928	vds             (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
03:28:00.0926 2928	vds - ok
03:28:00.0962 2928	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
03:28:00.0990 2928	vga - ok
03:28:01.0011 2928	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
03:28:01.0084 2928	VgaSave - ok
03:28:01.0122 2928	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
03:28:01.0147 2928	vhdmp - ok
03:28:01.0173 2928	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
03:28:01.0193 2928	viaide - ok
03:28:01.0224 2928	vmbus           (1501699d7eda984abc4155a7da5738d1) C:\windows\system32\DRIVERS\vmbus.sys
03:28:01.0249 2928	vmbus - ok
03:28:01.0283 2928	VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\windows\system32\DRIVERS\VMBusHID.sys
03:28:01.0303 2928	VMBusHID - ok
03:28:01.0320 2928	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
03:28:01.0342 2928	volmgr - ok
03:28:01.0385 2928	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
03:28:01.0415 2928	volmgrx - ok
03:28:01.0459 2928	volsnap         (c9d0eaf58d6ba71e128e715ea43ad87d) C:\windows\system32\drivers\volsnap.sys
03:28:01.0488 2928	volsnap - ok
03:28:01.0520 2928	vpcbus          (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\windows\system32\DRIVERS\vpchbus.sys
03:28:01.0543 2928	vpcbus - ok
03:28:01.0571 2928	vpcnfltr        (8acda395841538ce9713a67fe8b2a3eb) C:\windows\system32\DRIVERS\vpcnfltr.sys
03:28:01.0592 2928	vpcnfltr - ok
03:28:01.0624 2928	vpcusb          (31924e31bc315773e6d149b157db46d5) C:\windows\system32\DRIVERS\vpcusb.sys
03:28:01.0645 2928	vpcusb - ok
03:28:01.0672 2928	vpcuxd          (14578ff302b4c985c9740a0f327ae3c0) C:\windows\system32\DRIVERS\vpcuxd.sys
03:28:01.0691 2928	vpcuxd - ok
03:28:01.0745 2928	vpcvmm          (a5d16559d80cfa1dcb98f46410be5551) C:\windows\system32\drivers\vpcvmm.sys
03:28:01.0776 2928	vpcvmm - ok
03:28:01.0816 2928	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
03:28:01.0840 2928	vsmraid - ok
03:28:01.0962 2928	VSS             (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
03:28:02.0019 2928	VSS - ok
03:28:02.0144 2928	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
03:28:02.0171 2928	vwifibus - ok
03:28:02.0198 2928	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
03:28:02.0229 2928	vwififlt - ok
03:28:02.0259 2928	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
03:28:02.0290 2928	vwifimp - ok
03:28:02.0337 2928	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
03:28:02.0418 2928	W32Time - ok
03:28:02.0450 2928	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
03:28:02.0472 2928	WacomPen - ok
03:28:02.0510 2928	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
03:28:02.0585 2928	WANARP - ok
03:28:02.0589 2928	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
03:28:02.0659 2928	Wanarpv6 - ok
03:28:02.0776 2928	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
03:28:02.0832 2928	WatAdminSvc - ok
03:28:02.0947 2928	wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
03:28:03.0000 2928	wbengine - ok
03:28:03.0114 2928	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
03:28:03.0149 2928	WbioSrvc - ok
03:28:03.0196 2928	wcncsvc         (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
03:28:03.0225 2928	wcncsvc - ok
03:28:03.0248 2928	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
03:28:03.0270 2928	WcsPlugInService - ok
03:28:03.0318 2928	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
03:28:03.0338 2928	Wd - ok
03:28:03.0406 2928	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
03:28:03.0447 2928	Wdf01000 - ok
03:28:03.0466 2928	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
03:28:03.0501 2928	WdiServiceHost - ok
03:28:03.0506 2928	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
03:28:03.0543 2928	WdiSystemHost - ok
03:28:03.0573 2928	WebClient       (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
03:28:03.0599 2928	WebClient - ok
03:28:03.0644 2928	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
03:28:03.0724 2928	Wecsvc - ok
03:28:03.0743 2928	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
03:28:03.0821 2928	wercplsupport - ok
03:28:03.0857 2928	WerSvc          (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
03:28:03.0934 2928	WerSvc - ok
03:28:03.0995 2928	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
03:28:04.0067 2928	WfpLwf - ok
03:28:04.0086 2928	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
03:28:04.0105 2928	WIMMount - ok
03:28:04.0148 2928	WinDefend - ok
03:28:04.0157 2928	WinHttpAutoProxySvc - ok
03:28:04.0220 2928	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
03:28:04.0297 2928	Winmgmt - ok
03:28:04.0447 2928	WinRM           (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
03:28:04.0565 2928	WinRM - ok
03:28:04.0676 2928	WinUSB          (4d52c872018af7e18d078978dcc3f6f2) C:\windows\system32\DRIVERS\WinUSB.sys
03:28:04.0695 2928	WinUSB - ok
03:28:04.0767 2928	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
03:28:04.0813 2928	Wlansvc - ok
03:28:05.0005 2928	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:28:05.0093 2928	wlidsvc - ok
03:28:05.0211 2928	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
03:28:05.0233 2928	WmiAcpi - ok
03:28:05.0299 2928	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
03:28:05.0325 2928	wmiApSrv - ok
03:28:05.0360 2928	WMPNetworkSvc - ok
03:28:05.0387 2928	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
03:28:05.0409 2928	WPCSvc - ok
03:28:05.0431 2928	WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
03:28:05.0458 2928	WPDBusEnum - ok
03:28:05.0483 2928	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
03:28:05.0554 2928	ws2ifsl - ok
03:28:05.0589 2928	wscsvc          (8f9f3969933c02da96eb0f84576db43e) C:\windows\System32\wscsvc.dll
03:28:05.0612 2928	wscsvc - ok
03:28:05.0618 2928	WSearch - ok
03:28:05.0801 2928	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
03:28:05.0900 2928	wuauserv - ok
03:28:06.0026 2928	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
03:28:06.0100 2928	WudfPf - ok
03:28:06.0141 2928	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
03:28:06.0215 2928	WUDFRd - ok
03:28:06.0249 2928	wudfsvc         (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
03:28:06.0327 2928	wudfsvc - ok
03:28:06.0367 2928	WwanSvc         (bddc282b619424088752bddb2501572f) C:\windows\System32\wwansvc.dll
03:28:06.0394 2928	WwanSvc - ok
03:28:06.0454 2928	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
03:28:07.0338 2928	\Device\Harddisk0\DR0 - ok
03:28:07.0345 2928	Boot (0x1200)   (aff3909263e923176cacaf5aaca3414e) \Device\Harddisk0\DR0\Partition0
03:28:07.0347 2928	\Device\Harddisk0\DR0\Partition0 - ok
03:28:07.0367 2928	Boot (0x1200)   (fd025b9932901aafa6ba86e92a064f82) \Device\Harddisk0\DR0\Partition1
03:28:07.0369 2928	\Device\Harddisk0\DR0\Partition1 - ok
03:28:07.0395 2928	Boot (0x1200)   (7c1526f42e5b511dfedf7030ce403473) \Device\Harddisk0\DR0\Partition2
03:28:07.0397 2928	\Device\Harddisk0\DR0\Partition2 - ok
03:28:07.0418 2928	Boot (0x1200)   (d22fabfeb93ed4d1724e390e82ff7b40) \Device\Harddisk0\DR0\Partition3
03:28:07.0419 2928	\Device\Harddisk0\DR0\Partition3 - ok
03:28:07.0420 2928	============================================================
03:28:07.0420 2928	Scan finished
03:28:07.0420 2928	============================================================
03:28:07.0433 3160	Detected object count: 8
03:28:07.0434 3160	Actual detected object count: 8
03:28:22.0414 3160	DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
03:28:22.0414 3160	DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip 
03:28:22.0415 3160	DEBridge ( UnsignedFile.Multi.Generic ) - skipped by user
03:28:22.0415 3160	DEBridge ( UnsignedFile.Multi.Generic ) - User select action: Skip 
03:28:22.0418 3160	HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - skipped by user
03:28:22.0418 3160	HP ProtectTools Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
03:28:22.0422 3160	HPDayStarterService ( UnsignedFile.Multi.Generic ) - skipped by user
03:28:22.0422 3160	HPDayStarterService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
03:28:22.0425 3160	HPFSService ( UnsignedFile.Multi.Generic ) - skipped by user
03:28:22.0425 3160	HPFSService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
03:28:22.0428 3160	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
03:28:22.0428 3160	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
03:28:22.0431 3160	Netzmanager Service ( UnsignedFile.Multi.Generic ) - skipped by user
03:28:22.0432 3160	Netzmanager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
03:28:22.0435 3160	SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
03:28:22.0435 3160	SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip

cosinus · 09.06.2012, 23:00

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Bennsen · 10.06.2012, 14:11

An dieser Stelle mal herzlichen Dank für deine Hilfe und deine Zeit die du dir nimmst mich hier durchzuleiten

.

Anbei der Log des Combo Fix:

Code:

ATTFilter

ComboFix 12-06-09.02 - Benni 10.06.2012  14:52:14.1.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.3887.2278 [GMT 2:00]
ausgeführt von:: c:\users\Benni\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-10 bis 2012-06-10  ))))))))))))))))))))))))))))))
.
.
2012-06-10 12:59 . 2012-06-10 12:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-09 00:55 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8711081E-F0C5-4092-B31F-697C78B5B55B}\mpengine.dll
2012-06-09 00:53 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-09 00:53 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-09 00:53 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-09 00:53 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-09 00:53 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-09 00:53 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-09 00:53 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-09 00:53 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-09 00:53 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-08 14:35 . 2012-06-08 14:35	--------	d-----w-	C:\_OTL
2012-06-07 20:33 . 2012-06-07 20:33	--------	d-----w-	c:\program files (x86)\ESET
2012-06-06 20:26 . 2012-06-06 20:26	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-06-06 20:26 . 2012-06-06 20:26	--------	d-----w-	c:\program files (x86)\Oracle
2012-06-06 20:25 . 2012-04-04 16:47	772504	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-06-06 20:25 . 2012-04-04 16:47	687504	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-06-06 20:25 . 2012-06-06 20:25	--------	d-----w-	c:\program files (x86)\Java
2012-06-03 20:25 . 2012-06-03 20:25	--------	d-----w-	C:\HP_RECOVERY_mountHPSF
2012-06-03 19:38 . 2012-06-03 19:38	--------	d-----w-	c:\users\Benni\AppData\Roaming\Malwarebytes
2012-06-03 19:38 . 2012-06-03 19:38	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-03 19:38 . 2012-06-03 19:38	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-03 19:38 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-25 17:11 . 2012-05-25 17:55	--------	d-----w-	c:\users\Benni\AppData\Roaming\Q-Dir
2012-05-25 17:11 . 2012-05-25 17:11	--------	d-----w-	c:\program files (x86)\Q-Dir
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 22:54 . 2012-04-04 15:32	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-10 22:54 . 2011-07-07 17:54	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:43 . 2011-10-14 21:28	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 17:43 . 2011-10-14 21:28	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-02 05:34 . 2012-05-08 17:11	5504880	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-02 04:46 . 2012-05-08 17:11	3902320	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-04-02 04:46 . 2012-05-08 17:11	3958128	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-04-02 03:01 . 2012-05-08 17:11	3143680	----a-w-	c:\windows\system32\win32k.sys
2012-03-30 11:09 . 2012-05-08 17:10	1895280	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:55 . 2012-05-08 17:10	75632	----a-w-	c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2736128]
"teXXas"="c:\program files (x86)\teXXas\teXXas.exe" [2008-04-25 5147136]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-05-06 11268096]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-03-03 111640]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-07-06 323128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-11 658424]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Benni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2011-7-8 3520000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
USBKVM Switcher.lnk - c:\program files (x86)\USBKVM Switcher\USBKVM.exe [2012-2-5 188416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36	75320	----a-w-	c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	DPPassFilter scecli
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]
R3 TelekomNM6;Telekom Netzmanager Packet Filter Driver;c:\program files\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys [2010-09-16 45664]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-11-06 89600]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-09-12 142904]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-10-19 32768]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-06-14 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-05-06 298496]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-07-06 1698360]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-11 1128952]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-03-16 113264]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-03 c:\windows\Tasks\HPCeeScheduleForBenni.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 413208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-06 489472]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-09-12 14904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8C577670-A637-4B32-9E35-4D95C8501F26}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{CD741717-2B46-4C3E-B31B-C8A9CDDB3115}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Benni\AppData\Roaming\Mozilla\Firefox\Profiles\u8az1igw.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-10  15:03:49
ComboFix-quarantined-files.txt  2012-06-10 13:03
.
Vor Suchlauf: 15 Verzeichnis(se), 214.756.265.984 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 214.377.959.424 Bytes frei
.
- - End Of File - - 451BE3302F3516F3A6BBE6796DCFBEFA

Während dem Scan kam übrigens auch noch eine Fehlermeldung, dass die PEV.exe einen Fehler verursacht hat und nicht weiter ausgeführt werden kann. Hierzu hieß es, dass eine Meldung kommt, wenn man eine Lösung hierfür hat.