Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab

S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab


Plagegeister aller Art und deren Bekämpfung: S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 02.07.2012, 19:47   #16
SumSi27
 
S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab - Standard

S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab


Hallo,

Also alle Daten scheinen wieder da zu sein.
Das einzige was mir aufgefallen ist, ist dass beim herunterfahren nun zwei mal das Herunterfahren erzwungen werden musste? :-(
Weil ein Programm sich nicht schließen wollte, ich hatte allerdings nichts mehr offen?
Grüssle, Sonja

Alt 03.07.2012, 12:28   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab - Standard

S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________
Alt 03.07.2012, 14:22   #18
SumSi27
 
S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab - Standard

S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab


Hier ist die Log von OTL:

Code:
ATTFilter
OTL logfile created on: 03.07.2012 14:23:00 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Sunny\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,44% Memory free
7,99 Gb Paging File | 5,80 Gb Available in Paging File | 72,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,30 Gb Total Space | 192,16 Gb Free Space | 67,35% Space Free | Partition Type: NTFS
 
Computer Name: SUNNY-PC | User Name: Sunny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.03 14:21:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sunny\Desktop\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sunny\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.08 20:49:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 20:49:37 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 20:49:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.23 13:22:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2012.02.20 22:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.14 14:03:50 | 001,378,040 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.03.22 23:29:10 | 000,610,056 | ---- | M] (Intel Corporation) -- C:\Users\Sunny\Desktop\IntelAppStore\bin\ismagent.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.07.21 10:00:00 | 004,546,560 | ---- | M] (TuneClone.COM) -- C:\Users\Sunny\Desktop\TuneClone\TuneClone.exe
PRC - [2010.03.25 21:34:53 | 000,731,072 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.1.0.19\InstStub.exe
PRC - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010.03.09 01:56:08 | 000,258,560 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010.03.04 07:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010.03.04 07:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010.03.04 07:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010.02.12 13:08:02 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009.10.20 08:34:55 | 000,126,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2009.01.29 03:31:00 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.08.09 07:48:26 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.06.07 16:58:00 | 000,792,816 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\plugin\libpserverplugin.dll
MOD - [2011.06.07 16:57:59 | 004,902,640 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\plugin\libbizlplugin.dll
MOD - [2011.03.22 23:29:07 | 000,195,584 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\libgsoap.dll
MOD - [2011.03.22 23:29:06 | 000,463,360 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\DeviceProfile.dll
MOD - [2011.03.22 23:29:06 | 000,015,872 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\featureController.dll
MOD - [2011.03.22 23:29:05 | 000,400,384 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\sqlite3.dll
MOD - [2011.03.22 23:29:05 | 000,322,048 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\log4cplus.dll
MOD - [2011.03.22 23:29:03 | 000,062,464 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\zlib1.dll
MOD - [2010.11.02 00:30:01 | 002,281,984 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\QtCore4.dll
MOD - [2010.09.10 13:11:38 | 000,911,872 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\QtNetwork4.dll
MOD - [2010.09.10 13:10:02 | 000,339,456 | ---- | M] () -- C:\Users\Sunny\Desktop\IntelAppStore\bin\QtXml4.dll
MOD - [2010.07.21 10:00:00 | 000,077,824 | ---- | M] () -- C:\Users\Sunny\Desktop\TuneClone\vtblog.dll
MOD - [2010.07.21 10:00:00 | 000,049,152 | ---- | M] () -- C:\Users\Sunny\Desktop\TuneClone\DL_WMAEncoder.DLL
MOD - [2010.07.21 10:00:00 | 000,036,864 | ---- | M] () -- C:\Users\Sunny\Desktop\TuneClone\EncodeAndTagComm.dll
MOD - [2010.07.21 10:00:00 | 000,020,480 | ---- | M] () -- C:\Users\Sunny\Desktop\TuneClone\URLLink.dll
MOD - [2010.03.09 02:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2009.08.11 22:18:28 | 000,497,664 | ---- | M] () -- C:\Windows\SysWOW64\ac3filter.acm
MOD - [2009.05.21 00:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2009.01.29 03:31:00 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.03.18 08:17:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.05.08 20:49:38 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 20:49:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.14 14:03:50 | 001,378,040 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.09.30 23:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.05.07 04:00:56 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.09 01:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010.03.04 07:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.02.05 20:23:06 | 000,865,824 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.10.20 08:34:55 | 000,126,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe -- (NIS)
SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 20:49:38 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 20:49:38 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.21 16:52:44 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2010.09.08 14:59:42 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.08.12 06:07:46 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.03.18 11:24:24 | 006,405,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.18 07:21:18 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.02.14 02:52:02 | 002,203,136 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.01.28 20:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.12.02 04:21:32 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.10.09 04:54:10 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009.10.09 04:54:10 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1101000.013\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009.09.18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.08.24 03:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2010.11.04 07:51:40 | 000,017,440 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm82&r=27360910s0b6l0450z115f45i1b306
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm82&r=27360910s0b6l0450z115f45i1b306
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm82&r=27360910s0b6l0450z115f45i1b306
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm82&r=27360910s0b6l0450z115f45i1b306
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm82&r=27360910s0b6l0450z115f45i1b306
IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_de
IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Users\Sunny\Desktop\IntelAppStore\bin\npAppUp.dll (Intel)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.21 05:19:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 21:34:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.21 05:19:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.21 05:19:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.21 05:19:19 | 000,000,000 | ---D | M]
 
[2012.06.21 20:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sunny\AppData\Roaming\mozilla\Extensions
[2011.05.12 08:38:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sunny\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.21 21:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.19 21:17:35 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\IPSBHO.DLL (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [TuneClone] C:\Users\Sunny\Desktop\TuneClone\TuneClone.exe (TuneClone.COM)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2612393954-722470898-3304857070-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2612393954-722470898-3304857070-1001..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2612393954-722470898-3304857070-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2612393954-722470898-3304857070-1001..\Run: [Intel AppUp(SM) center] C:\Users\Sunny\Desktop\IntelAppStore\bin\ismagent.lnk ()
O4 - HKU\S-1-5-21-2612393954-722470898-3304857070-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sunny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C757B393-4B92-421F-A8B9-92E21E72EE73}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6F26E766-843C-FCE8-A1DC-1F96AAAF143C} - .NET Framework
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.03 14:20:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sunny\Desktop\OTL.exe
[2012.06.29 21:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012.06.29 21:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOOKcook Bücherverwaltung
[2012.06.29 20:20:50 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Sunny\Desktop\unhide.exe
[2012.06.27 18:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.27 18:54:10 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Sunny\Desktop\esetsmartinstaller_enu.exe
[2012.06.21 21:07:09 | 000,000,000 | ---D | C] -- C:\Users\Sunny\Documents\Simply Super Software
[2012.06.21 21:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.06.21 21:06:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.06.21 21:06:53 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\Simply Super Software
[2012.06.21 21:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.06.18 21:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012.06.18 21:01:55 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012.06.18 21:01:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012.06.18 21:00:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012.06.18 20:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012.06.18 20:59:49 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\TestApp
[2012.06.18 20:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.06.18 19:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.18 19:35:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.18 18:49:10 | 000,000,000 | ---D | C] -- C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012.06.06 14:32:30 | 000,000,000 | ---D | C] -- C:\Users\Sunny\Desktop\Little-Hearts
[2012.06.04 13:06:45 | 000,000,000 | ---D | C] -- C:\Users\Sunny\Desktop\_PHILIPS
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.03 14:46:01 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012.07.03 14:35:05 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.03 14:24:15 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.03 14:24:15 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.03 14:21:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sunny\Desktop\OTL.exe
[2012.07.03 14:13:28 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.03 14:13:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.03 14:13:12 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.29 20:21:00 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Sunny\Desktop\unhide.exe
[2012.06.27 18:54:15 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Sunny\Desktop\esetsmartinstaller_enu.exe
[2012.06.21 22:44:09 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.21 21:34:49 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.21 21:06:55 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.06.21 13:40:10 | 000,000,017 | ---- | M] () -- C:\Users\Sunny\AppData\Local\resmon.resmoncfg
[2012.06.20 20:13:12 | 000,365,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.20 20:05:47 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.20 20:05:47 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.20 20:05:47 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.20 20:05:47 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.20 20:05:47 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.18 20:11:16 | 000,000,160 | ---- | M] () -- C:\ProgramData\-9q4B3N3kNk5fptr
[2012.06.18 20:11:16 | 000,000,000 | ---- | M] () -- C:\ProgramData\-9q4B3N3kNk5fpt
[2012.06.18 20:10:59 | 000,000,480 | ---- | M] () -- C:\ProgramData\9q4B3N3kNk5fpt
[2012.06.18 08:31:57 | 000,814,294 | ---- | M] () -- C:\Users\Sunny\Desktop\Scannen0001.jpg
[2012.06.15 13:38:00 | 000,015,113 | ---- | M] () -- C:\Users\Sunny\Desktop\Mama lebenslauf.odt
[2012.06.15 13:23:10 | 000,015,255 | ---- | M] () -- C:\Users\Sunny\Desktop\bewerbung.odt
[2012.06.12 22:51:32 | 000,012,626 | ---- | M] () -- C:\Users\Sunny\Desktop\insel rezis eingetragen.odt
[2012.06.12 19:35:30 | 000,022,062 | ---- | M] () -- C:\Users\Sunny\Desktop\Autor over germany.jpg
[2012.06.12 19:34:18 | 000,022,375 | ---- | M] () -- C:\Users\Sunny\Desktop\BLOG over germany.jpg
[2012.06.10 22:00:10 | 000,015,680 | ---- | M] () -- C:\Users\Sunny\Desktop\Rahmen.odt
[2012.06.09 23:00:56 | 000,018,959 | ---- | M] () -- C:\Users\Sunny\Desktop\Subtle Rose 3c BACKGROUND.jpg
[2012.06.07 23:15:46 | 000,005,814 | ---- | M] () -- C:\Users\Sunny\Desktop\024.699.142.jpg
[2012.06.06 21:48:21 | 000,110,770 | ---- | M] () -- C:\Users\Sunny\Desktop\headewr.jpg
[2012.06.06 21:31:21 | 000,091,350 | ---- | M] () -- C:\Users\Sunny\Desktop\Love Letter to Spring HEADER 2.jpg
[2012.06.06 14:29:18 | 000,009,266 | ---- | M] () -- C:\Users\Sunny\Desktop\Little-Hearts.zip
[2012.06.05 22:31:13 | 000,030,027 | ---- | M] () -- C:\Users\Sunny\Desktop\Love Letter to Spring HEADER (1).jpg
 
========== Files Created - No Company Name ==========
 
[2012.06.21 22:44:09 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.21 21:34:49 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.06.21 21:34:47 | 000,001,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.21 21:06:55 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.06.21 21:06:54 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012.06.21 21:06:54 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012.06.21 13:40:10 | 000,000,017 | ---- | C] () -- C:\Users\Sunny\AppData\Local\resmon.resmoncfg
[2012.06.18 18:50:18 | 000,000,160 | ---- | C] () -- C:\ProgramData\-9q4B3N3kNk5fptr
[2012.06.18 18:50:18 | 000,000,000 | ---- | C] () -- C:\ProgramData\-9q4B3N3kNk5fpt
[2012.06.18 18:48:22 | 000,000,480 | ---- | C] () -- C:\ProgramData\9q4B3N3kNk5fpt
[2012.06.18 08:32:00 | 000,814,294 | ---- | C] () -- C:\Users\Sunny\Desktop\Scannen0001.jpg
[2012.06.15 13:21:32 | 000,015,255 | ---- | C] () -- C:\Users\Sunny\Desktop\bewerbung.odt
[2012.06.15 12:22:34 | 000,015,113 | ---- | C] () -- C:\Users\Sunny\Desktop\Mama lebenslauf.odt
[2012.06.12 19:35:28 | 000,022,062 | ---- | C] () -- C:\Users\Sunny\Desktop\Autor over germany.jpg
[2012.06.12 19:34:12 | 000,022,375 | ---- | C] () -- C:\Users\Sunny\Desktop\BLOG over germany.jpg
[2012.06.09 23:00:55 | 000,018,959 | ---- | C] () -- C:\Users\Sunny\Desktop\Subtle Rose 3c BACKGROUND.jpg
[2012.06.07 23:15:46 | 000,005,814 | ---- | C] () -- C:\Users\Sunny\Desktop\024.699.142.jpg
[2012.06.06 21:31:21 | 000,091,350 | ---- | C] () -- C:\Users\Sunny\Desktop\Love Letter to Spring HEADER 2.jpg
[2012.06.06 15:14:33 | 000,110,770 | ---- | C] () -- C:\Users\Sunny\Desktop\headewr.jpg
[2012.06.06 14:29:15 | 000,009,266 | ---- | C] () -- C:\Users\Sunny\Desktop\Little-Hearts.zip
[2012.06.05 22:31:11 | 000,030,027 | ---- | C] () -- C:\Users\Sunny\Desktop\Love Letter to Spring HEADER (1).jpg
[2011.12.24 11:06:23 | 000,040,023 | ---- | C] () -- C:\Users\Sunny\AppData\Roaming\UserTile.png
[2011.10.13 09:02:32 | 000,000,818 | ---- | C] () -- C:\Windows\wininit.ini
[2011.08.19 17:31:31 | 000,231,510 | ---- | C] () -- C:\Windows\hpoins49.dat
[2011.01.02 11:32:23 | 000,013,824 | ---- | C] () -- C:\Users\Sunny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.24 19:53:11 | 000,000,490 | ---- | C] () -- C:\Users\Sunny\AppData\Roaming\wklnhst.dat
[2010.09.23 13:40:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
 
========== LOP Check ==========
 
[2012.04.23 12:42:17 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.21 05:14:18 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Adobe
[2011.12.12 17:54:29 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Apple Computer
[2010.09.23 13:20:47 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\ATI
[2012.05.04 10:56:22 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Avira
[2012.04.19 21:17:32 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Babylon
[2012.06.21 05:20:28 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\BitTorrent
[2010.09.23 15:44:16 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\DivX
[2012.07.03 14:15:42 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Dropbox
[2010.09.23 13:20:12 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Google
[2011.08.19 17:55:05 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\HP
[2012.06.15 10:03:27 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\HpUpdate
[2012.06.10 21:48:26 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\ICQ
[2010.09.23 13:18:57 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Identities
[2012.01.02 21:49:59 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\InstallShield
[2012.06.21 05:14:20 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Macromedia
[2010.09.30 19:35:45 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Malwarebytes
[2010.03.25 22:20:35 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Media Center Programs
[2012.06.21 05:20:29 | 000,000,000 | --SD | M] -- C:\Users\Sunny\AppData\Roaming\Microsoft
[2012.06.21 05:14:34 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Mozilla
[2012.06.21 05:14:37 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\OpenOffice.org
[2010.12.07 16:55:02 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\REINER SCT
[2012.06.21 21:06:53 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Simply Super Software
[2012.06.27 15:08:50 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Skype
[2012.06.21 05:20:30 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\SNS
[2010.10.05 07:50:26 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Template
[2012.06.18 20:59:49 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\TestApp
[2012.06.21 05:20:30 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Thunderbird
[2012.06.21 05:14:38 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Titanium
[2012.06.21 05:20:30 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\Visan
[2010.09.23 15:06:17 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\WildTangent
[2010.10.28 19:37:30 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\WinRAR
[2012.04.27 22:53:20 | 000,000,000 | ---D | M] -- C:\Users\Sunny\AppData\Roaming\XLMSoft
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sunny\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sunny\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Sunny\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.08.26 18:41:55 | 000,010,134 | R--- | M] () -- C:\Users\Sunny\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2012.04.19 21:17:28 | 000,800,408 | ---- | M] (Solid State Networks) -- C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Templates\install_flashplayer11x64_mssd_aih.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Sunny\AppData\Local\Temp\RarSFX1\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Sunny\AppData\Local\Temp\RarSFX2\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Sunny\AppData\Local\Temp\RarSFX3\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Sunny\AppData\Local\Temp\RarSFX4\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.03.25 22:00:18 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Sunny\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Sunny\AppData\Local\Temp\RarSFX2\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Sunny\AppData\Local\Temp\RarSFX3\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Sunny\AppData\Local\Temp\RarSFX4\winlogon.exe
[2010.03.25 22:00:18 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010.03.25 22:00:18 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0B174FAE

< End of report >
Und die Extras:

Code:
ATTFilter
OTL Extras logfile created on: 03.07.2012 14:23:00 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Sunny\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 52,44% Memory free
7,99 Gb Paging File | 5,80 Gb Available in Paging File | 72,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285,30 Gb Total Space | 192,16 Gb Free Space | 67,35% Space Free | Partition Type: NTFS
 
Computer Name: SUNNY-PC | User Name: Sunny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2612393954-722470898-3304857070-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004E83C7-5755-4E7F-96D9-E3B918AEA070}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{06309EF0-005A-404A-98BF-B3000D307B43}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{18E99115-FE6D-4412-A6D8-09684BC43BDD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1AEA2AC0-C657-4773-B19C-8AD87546ADD1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2A1292DF-3B56-4F26-83B9-01C6A612EFB0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{30DB7B9B-CB4D-4FCA-ABCD-2A6473A66A7D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{36AB3D8C-3BA5-42D1-94E9-A59CA0631B7F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{38548076-8084-4FFF-8194-9A1EC2A59392}" = rport=138 | protocol=17 | dir=out | app=system | 
"{43FA1E39-1947-4271-9928-12AF26B7CD13}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{48A83B3E-18A7-40E1-8BA6-17EC0F91FE3E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{50A46764-7BD4-4E29-8FB0-364C9F69E5AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{67A4726D-43E1-4A00-8E3F-511E4C768244}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6C3E98D8-EB3C-4DD5-B279-BA645C2FB156}" = lport=445 | protocol=6 | dir=in | app=system | 
"{71C55F04-9E7A-4053-AA9F-0A4F27029C73}" = rport=139 | protocol=6 | dir=out | app=system | 
"{74AB4B48-3427-4258-A664-E7D116086EDE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{74EDEDBB-348A-4BD4-8869-F6C50BADC592}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7D3CE0AF-798F-4AE3-934B-58FD439BEAC5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{87D47979-217B-4A21-B7A7-9856CB939255}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8CB1E1C5-59AF-4282-A008-C3479A721B1C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8EED1D43-A634-43CF-852B-E375016C2C06}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{9DB59715-9358-4721-A5E0-8926EEEA7133}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A24FBC47-27E4-4AE4-A06E-930D15A45AEA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AA2E0182-0A75-4E5B-BA0F-A619E689B932}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CCE6A596-8867-45F3-AB71-1FF5678D5B20}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DA3F0E5C-6C26-4C76-A1C7-FFBF37F174D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F5B26D26-5E0F-44ED-96CE-BBA709FE946D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07381219-957F-440C-B59C-4766C93993C0}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0E16AFC9-4F77-4285-B5F6-C9D7FD767F86}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0E9C1500-76C4-46AF-A019-9D9D283EA508}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0F09BB68-F700-4CB9-AE92-393DED0D13BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{1347D6E2-5345-4B5C-87EE-6C8DE89C59C9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1520371D-82CE-42E5-8662-B0BE3D491D36}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{15AFDA31-74F3-4463-AAD4-2F560FA88896}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{1904C4BA-812B-4F40-A612-7C1071C6B75E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{191524D1-4490-447E-A0F8-B014A558E654}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{260E6582-8C1A-4DFB-B33A-EE5771FB13D0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{279F2380-08C1-44CD-8B14-C5F706FB1D11}" = protocol=6 | dir=in | app=c:\users\sunny\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2C5A764F-9E67-4A76-811E-9285887710C1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{2FFF2802-C121-4287-A037-4BED26A64D8E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{34509CD8-7809-4B50-9F31-E772C26F1A46}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{3C7F624C-FFBA-459A-9533-E3C793562DD0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{420E52D1-6885-4AB1-B9FB-467577891F05}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{46B63796-0EC9-4F57-9A47-0D902CAABEA7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{50405FDD-B181-44CF-8052-7836E8AA12D7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{54F23E3C-82EF-4544-B417-6AB620EC7265}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{57CA7A55-7ABB-4925-8C74-AB583A0F847A}" = dir=in | app=d:\setup\hpznui40.exe | 
"{5FB3EA17-35E1-4299-B4CA-564180097059}" = protocol=6 | dir=out | app=system | 
"{6357A5F8-B3E4-44FE-B5DF-F30729F94178}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{65734536-1B69-4420-98E3-5DC3E98B33EA}" = protocol=17 | dir=in | app=c:\users\sunny\appdata\roaming\dropbox\bin\dropbox.exe | 
"{65FBE0A0-C33C-4090-B590-D0B9BD6BB2BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6AF60DB1-2500-49D0-8A2A-427A6E3F798F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6D2E1970-DF56-441C-BBDE-1DA003F61ADA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{70758C55-4143-4C8F-8BD0-4CD28A5F56BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{70FC2FC7-BC4E-4F13-B543-419F8A541232}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{71DC21C3-FD6B-4549-A9F5-538904874E13}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{77F3CE0E-C911-4D4A-8BE5-717791B1997E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{7C7BFCCD-AE67-472B-B7FD-360C168DDDC2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{8EC67B1A-46B5-47D4-AE0D-A340F7913924}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{8F1F84EC-1AC0-4D44-B0A7-ABD7CCFF0882}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{962AD0F3-81AF-42D5-A222-52329F8CA6E3}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{9E35CE48-A948-4205-A7DD-61703ED7CD15}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A4454ED6-8B61-47BC-AE7A-E82B4B67B60B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{AD5A8ED3-44CE-4477-9518-C080CA731588}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B0D12BAB-D0F5-4286-A600-EB7784589E15}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{BF451EEF-9711-4EAA-858B-27C540C16763}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CAFF80B3-8E36-4A34-9A6F-3BEA7D8C49C4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{CC576F6C-7996-40EF-8646-591D611CDFB5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{CF1461A5-C911-4593-87A2-003D53BC6598}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{D389DBA6-F7C7-4C29-83AF-7FD33A585000}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D6E3FC11-3293-4774-B10E-6BC0B7B6DB60}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{E1211472-974A-4975-AE02-F5E5C030B69A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E5C5AB10-D9FE-42F0-8602-EA402A274E3B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5DFA9F1-750F-4231-B689-43A66B8EBB1F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{EC2AA143-A811-42F1-85CE-9973107E763A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe | 
"{FA2087E8-5811-4395-BE8D-14153AB1E594}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{FA765B7B-8E01-40F5-ABA5-587D75064539}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{1F99F4B5-D9EA-4319-8E1F-F1E322560389}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"TCP Query User{61A2C8DE-5851-4EBA-98D5-F0459389723A}C:\program files (x86)\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"TCP Query User{70064C90-9AE4-4236-AB1E-0E21DF7648D7}C:\users\sunny\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sunny\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{8380DDAF-0FCC-4091-BE69-9C252BB1F023}C:\users\sunny\desktop\intelappstore\bin\ismagent.exe" = protocol=6 | dir=in | app=c:\users\sunny\desktop\intelappstore\bin\ismagent.exe | 
"TCP Query User{A062544C-46CB-4F0B-955C-56E7D084522D}C:\users\sunny\desktop\intelappstore\bin\ismagent.exe" = protocol=6 | dir=in | app=c:\users\sunny\desktop\intelappstore\bin\ismagent.exe | 
"TCP Query User{A5976AF6-E2CB-467A-B0AD-A3A931BBFE02}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{0689ECE4-EA43-49D2-B3EF-C6137B0BD3FC}C:\users\sunny\desktop\intelappstore\bin\ismagent.exe" = protocol=17 | dir=in | app=c:\users\sunny\desktop\intelappstore\bin\ismagent.exe | 
"UDP Query User{29386807-7BEB-44A3-9DCC-17B90F042BA9}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"UDP Query User{80A6E6F9-C97F-44D3-86DD-39C5AFBD019F}C:\program files (x86)\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"UDP Query User{AC7FB499-E55E-46FF-B6D4-E18DA493EC14}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{B58112C9-B331-4CD2-99BE-5B26105D8DC6}C:\users\sunny\desktop\intelappstore\bin\ismagent.exe" = protocol=17 | dir=in | app=c:\users\sunny\desktop\intelappstore\bin\ismagent.exe | 
"UDP Query User{B70395F8-FE41-4779-A4BA-6552B08AD9A3}C:\users\sunny\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sunny\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{42281103-DF49-8A45-C960-977096F29F45}" = ccc-utility64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E484899-4F93-4086-88BA-56BDDF47A776}" = HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6F43CF39-8B2F-546B-57E3-4803E935C465}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15424D99-B708-54FD-94EC-997BE1976918}" = CCC Help Japanese
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1DCEE28F-CEDA-ADBA-DE41-1377ADD42DD3}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2552055A-7121-346E-F287-C0E7CC1BB36E}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{327AD686-FD94-F270-C0C9-D379ACC3CCA3}" = CCC Help Russian
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CABCB73-0ABE-9578-A11C-6888ECF5D6D7}" = CCC Help Portuguese
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3DCF232A-B152-4375-B840-F19D866A316D}" = Catalyst Control Center Graphics Full New
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F34DE3B-887D-72A9-FCFE-2676B2EDBE67}" = CCC Help Thai
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{582BA1F1-FAB4-41AD-A5E3-4A9535343461}" = PS_AIO_07_C310_SW_Min
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5B30D670-AA94-3DAC-965D-CA8FED631DA3}" = Catalyst Control Center Graphics Previews Common
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5F65AB3C-FCF3-E10B-3203-26F3C133F036}" = CCC Help Chinese Standard
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{64CFDAC9-C358-88FE-E0E3-B33ED5C8AB2C}" = CCC Help Norwegian
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{702A9675-C93C-6914-7B90-8056525349A7}" = Catalyst Control Center Graphics Light
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7661AFE4-1F7A-8B5C-D395-3A8B682F106A}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77D3B22B-CB40-19AE-5A7D-9256E9862010}" = Catalyst Control Center Core Implementation
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A555AD4-057E-EB0B-3C2D-82658AA1B190}" = CCC Help English
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{81FC1368-171E-4151-E3E1-D63C8CF1F150}" = CCC Help Polish
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85DD738D-6572-53AA-E570-50D0D0842722}" = Catalyst Control Center Graphics Full Existing
"{86141D3B-58F6-D4E9-809E-05032F1C09BE}" = CCC Help Swedish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97DA45B6-451C-A4B8-897F-106E2B3B6E2F}" = CCC Help Dutch
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A26840C5-95D5-BB10-700A-304AA9F4AF92}" = CCC Help Greek
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A385939C-3DE9-5568-D8B0-3972BA293DC7}" = CCC Help German
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B284EA3C-8391-5648-BFC4-800A44D01ADA}" = ccc-core-static
"{B2F1B278-B685-1112-F051-AD05C5946C0D}" = CCC Help French
"{B3A0945A-1A84-BD5C-D33A-F4DC811FCCCC}" = CCC Help Chinese Traditional
"{B4060669-4633-038A-8A50-E05D1F54929E}" = CCC Help Czech
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC171806-3828-33E5-289C-9609C5BC59DF}" = Catalyst Control Center Localization All
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDE26FB2-E880-BFF9-3A85-18D70FC44D8D}" = Catalyst Control Center InstallProxy
"{C31501D8-8267-A455-D269-85FBDBE2BFC3}" = CCC Help Italian
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C75A193A-D403-5707-7D32-166DF4EA47DD}" = CCC Help Spanish
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4905980-7A59-8CE0-1336-EBC0338DAC1B}" = CCC Help Hungarian
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F98098D2-8822-1B1D-6771-945669046216}" = CCC Help Danish
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"{FE651900-D014-482F-AEBC-2928F57D1FB0}" = C310
"AC3Filter_is1" = AC3Filter 1.63b
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"Identity Card" = Identity Card
"InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}" = Alcor Micro USB Card Reader
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"Intel AppUp(SM) center 24354" = Intel AppUp(SM) center
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Metaboli" = Metaboli
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird (6.0)" = Mozilla Thunderbird (6.0)
"NIS" = Norton Internet Security
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"Trojan Remover_is1" = Trojan Remover 6.8.4
"TuneClone_is1" = TuneClone 1.40
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT078791" = Bejeweled 2 Deluxe
"WT078806" = Insaniquarium Deluxe
"WT078833" = Zuma Deluxe
"WT078960" = Blasterball 3
"WT078964" = Bob the Builder Can-Do-Zoo
"WT079020" = Faerie Solitaire
"WT079024" = FATE - The Traitor Soul
"WT079064" = Jewel Quest
"WT079068" = Jewel Quest Solitaire 3
"WT079108" = Penguins!
"WT079116" = Polar Bowler
"WT079120" = Polar Golfer
"WT079124" = Polar Pool
"WT079177" = Virtual Villagers - A New Home
"WT079184" = Yahtzee
"WT079363" = Build-a-lot 2
"WT079366" = Chicken Invaders 3 - Revenge of the Yolk
"WT079395" = Escape Rosecliff Island
"WT079397" = Mahjongg Artifacts
"WT079421" = Virtual Families
"WTA-d7e9cae7-8f78-4d94-9076-d4f1d6be5392" = BloodTies
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2612393954-722470898-3304857070-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.06.2012 09:09:19 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 15.06.2012 09:09:19 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 15.06.2012 09:09:19 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 15.06.2012 09:09:19 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.06.2012 03:07:24 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 18.06.2012 03:09:18 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 18.06.2012 03:09:59 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.06.2012 03:09:59 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.06.2012 03:10:00 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.06.2012 03:10:00 | Computer Name = Sunny-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 28.06.2012 08:25:56 | Computer Name = Sunny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SRTSP
 
Error - 29.06.2012 14:14:23 | Computer Name = Sunny-PC | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.
 
Error - 29.06.2012 14:14:50 | Computer Name = Sunny-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 29.06.2012 14:15:15 | Computer Name = Sunny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SRTSP
 
Error - 29.06.2012 14:17:04 | Computer Name = Sunny-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 29.06.2012 15:32:00 | Computer Name = Sunny-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 03.07.2012 08:13:08 | Computer Name = Sunny-PC | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.
 
Error - 03.07.2012 08:13:18 | Computer Name = Sunny-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126  
 
Error - 03.07.2012 08:13:52 | Computer Name = Sunny-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SRTSP
 
Error - 03.07.2012 08:14:36 | Computer Name = Sunny-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
Grüßle, Sonja
__________________
Alt 03.07.2012, 14:24   #19
SumSi27
 
S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab - Standard

S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab


Sorry 2 x gepostet
Geändert von SumSi27 (03.07.2012 um 14:28 Uhr) Grund: Sorry 2 x gepostet

Alt 03.07.2012, 15:21   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab - Standard

S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-2612393954-722470898-3304857070-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
[2012.04.19 21:17:35 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
[2012.06.18 20:11:16 | 000,000,160 | ---- | M] () -- C:\ProgramData\-9q4B3N3kNk5fptr
[2012.06.18 20:11:16 | 000,000,000 | ---- | M] () -- C:\ProgramData\-9q4B3N3kNk5fpt
[2012.06.18 20:10:59 | 000,000,480 | ---- | M] () -- C:\ProgramData\9q4B3N3kNk5fpt
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:0B174FAE
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.07.2012, 19:09   #21
SumSi27
 
S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab - Standard

S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab


Ok ich habs eingegeben und musste neu starten. Beim Hochfahren kam dann folgendes:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2612393954-722470898-3304857070-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ deleted successfully.
C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\coIEPlg.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
C:\ProgramData\-9q4B3N3kNk5fptr moved successfully.
C:\ProgramData\-9q4B3N3kNk5fpt moved successfully.
C:\ProgramData\9q4B3N3kNk5fpt moved successfully.
ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
ADS C:\ProgramData\Temp:0B174FAE deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Sunny
->Temp folder emptied: 1030782894 bytes
->Temporary Internet Files folder emptied: 2426220235 bytes
->Java cache emptied: 2745959 bytes
->FireFox cache emptied: 101701271 bytes
->Apple Safari cache emptied: 85175296 bytes
->Flash cache emptied: 1076 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 515672741 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 62529609 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 4.029,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Sunny
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07032012_185045

Files\Folders moved on Reboot...
C:\Users\Sunny\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Sunny\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012.07.03 19:58:13 | 000,000,000 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5

Registry entries deleted on Reboot...
Grüßle, Sonja

Alt 04.07.2012, 16:16   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab - Standard

S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.07.2012, 16:48   #23
SumSi27
 
S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab - Standard

S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab


Hab ich gemacht, das ging ja richtig flott

Code:
ATTFilter
17:36:21.0568 5616	TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08
17:36:21.0599 5616	============================================================
17:36:21.0599 5616	Current date / time: 2012/07/04 17:36:21.0599
17:36:21.0599 5616	SystemInfo:
17:36:21.0599 5616	
17:36:21.0599 5616	OS Version: 6.1.7600 ServicePack: 0.0
17:36:21.0599 5616	Product type: Workstation
17:36:21.0599 5616	ComputerName: SUNNY-PC
17:36:21.0599 5616	UserName: Sunny
17:36:21.0599 5616	Windows directory: C:\Windows
17:36:21.0599 5616	System windows directory: C:\Windows
17:36:21.0599 5616	Running under WOW64
17:36:21.0599 5616	Processor architecture: Intel x64
17:36:21.0599 5616	Number of processors: 2
17:36:21.0599 5616	Page size: 0x1000
17:36:21.0599 5616	Boot type: Normal boot
17:36:21.0599 5616	============================================================
17:36:22.0707 5616	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:36:22.0707 5616	============================================================
17:36:22.0707 5616	\Device\Harddisk0\DR0:
17:36:22.0707 5616	MBR partitions:
17:36:22.0707 5616	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1964800, BlocksNum 0x32000
17:36:22.0707 5616	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1996800, BlocksNum 0x23A97AB0
17:36:22.0707 5616	============================================================
17:36:22.0738 5616	C: <-> \Device\Harddisk0\DR0\Partition1
17:36:22.0738 5616	============================================================
17:36:22.0738 5616	Initialize success
17:36:22.0738 5616	============================================================
17:36:35.0702 5528	============================================================
17:36:35.0702 5528	Scan started
17:36:35.0702 5528	Mode: Manual; SigCheck; TDLFS; 
17:36:35.0702 5528	============================================================
17:36:36.0685 5528	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:36:36.0778 5528	1394ohci - ok
17:36:36.0825 5528	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:36:36.0841 5528	ACPI - ok
17:36:36.0856 5528	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:36:36.0887 5528	AcpiPmi - ok
17:36:37.0028 5528	AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
17:36:37.0059 5528	AdobeActiveFileMonitor8.0 - ok
17:36:37.0168 5528	AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:36:37.0184 5528	AdobeARMservice - ok
17:36:37.0262 5528	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:36:37.0277 5528	adp94xx - ok
17:36:37.0324 5528	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:36:37.0340 5528	adpahci - ok
17:36:37.0355 5528	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:36:37.0371 5528	adpu320 - ok
17:36:37.0402 5528	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:36:37.0465 5528	AeLookupSvc - ok
17:36:37.0558 5528	AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
17:36:37.0621 5528	AFD - ok
17:36:37.0667 5528	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:36:37.0699 5528	agp440 - ok
17:36:37.0730 5528	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:36:37.0761 5528	ALG - ok
17:36:37.0777 5528	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:36:37.0792 5528	aliide - ok
17:36:37.0855 5528	AMD External Events Utility (53e74b13eef0e3ed256f4b8028f91274) C:\Windows\system32\atiesrxx.exe
17:36:37.0901 5528	AMD External Events Utility - ok
17:36:37.0933 5528	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:36:37.0933 5528	amdide - ok
17:36:37.0948 5528	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:36:37.0995 5528	AmdK8 - ok
17:36:38.0354 5528	amdkmdag        (09a3d41550116e898c4c6f2b941e6d07) C:\Windows\system32\DRIVERS\atipmdag.sys
17:36:38.0603 5528	amdkmdag - ok
17:36:38.0759 5528	amdkmdap        (5e9d3213040458690ebb61c37ec685ba) C:\Windows\system32\DRIVERS\atikmpag.sys
17:36:38.0822 5528	amdkmdap - ok
17:36:38.0869 5528	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:36:38.0915 5528	AmdPPM - ok
17:36:38.0978 5528	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
17:36:39.0009 5528	amdsata - ok
17:36:39.0040 5528	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:36:39.0071 5528	amdsbs - ok
17:36:39.0103 5528	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
17:36:39.0118 5528	amdxata - ok
17:36:39.0149 5528	AmUStor         (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
17:36:39.0196 5528	AmUStor - ok
17:36:39.0305 5528	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:36:39.0337 5528	AntiVirSchedulerService - ok
17:36:39.0368 5528	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:36:39.0383 5528	AntiVirService - ok
17:36:39.0430 5528	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:36:39.0461 5528	AppID - ok
17:36:39.0508 5528	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:36:39.0586 5528	AppIDSvc - ok
17:36:39.0602 5528	Appinfo         (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
17:36:39.0649 5528	Appinfo - ok
17:36:39.0758 5528	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:36:39.0789 5528	Apple Mobile Device - ok
17:36:39.0805 5528	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:36:39.0820 5528	arc - ok
17:36:39.0836 5528	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:36:39.0851 5528	arcsas - ok
17:36:39.0867 5528	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:36:39.0929 5528	AsyncMac - ok
17:36:39.0961 5528	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:36:39.0976 5528	atapi - ok
17:36:40.0163 5528	athr            (08baaa2432e81031a6c3b11ad5a67e2b) C:\Windows\system32\DRIVERS\athrx.sys
17:36:40.0241 5528	athr - ok
17:36:40.0397 5528	AtiHdmiService  (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
17:36:40.0460 5528	AtiHdmiService - ok
17:36:40.0507 5528	AtiPcie         (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
17:36:40.0553 5528	AtiPcie - ok
17:36:40.0631 5528	AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:36:40.0694 5528	AudioEndpointBuilder - ok
17:36:40.0709 5528	AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:36:40.0756 5528	AudioSrv - ok
17:36:40.0834 5528	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
17:36:40.0865 5528	avgntflt - ok
17:36:40.0943 5528	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
17:36:40.0959 5528	avipbb - ok
17:36:40.0975 5528	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
17:36:40.0975 5528	avkmgr - ok
17:36:41.0006 5528	AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
17:36:41.0053 5528	AxInstSV - ok
17:36:41.0131 5528	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:36:41.0177 5528	b06bdrv - ok
17:36:41.0224 5528	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:36:41.0255 5528	b57nd60a - ok
17:36:41.0365 5528	BCM43XX         (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
17:36:41.0427 5528	BCM43XX - ok
17:36:41.0458 5528	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:36:41.0474 5528	BDESVC - ok
17:36:41.0536 5528	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:36:41.0614 5528	Beep - ok
17:36:41.0708 5528	BFE             (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
17:36:41.0770 5528	BFE - ok
17:36:41.0848 5528	BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
17:36:41.0926 5528	BITS - ok
17:36:41.0989 5528	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:36:42.0035 5528	blbdrive - ok
17:36:42.0191 5528	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:36:42.0223 5528	Bonjour Service - ok
17:36:42.0269 5528	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:36:42.0332 5528	bowser - ok
17:36:42.0379 5528	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:36:42.0425 5528	BrFiltLo - ok
17:36:42.0425 5528	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:36:42.0441 5528	BrFiltUp - ok
17:36:42.0488 5528	Browser         (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
17:36:42.0550 5528	Browser - ok
17:36:42.0581 5528	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:36:42.0613 5528	Brserid - ok
17:36:42.0613 5528	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:36:42.0644 5528	BrSerWdm - ok
17:36:42.0675 5528	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:36:42.0706 5528	BrUsbMdm - ok
17:36:42.0722 5528	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:36:42.0737 5528	BrUsbSer - ok
17:36:42.0737 5528	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:36:42.0769 5528	BTHMODEM - ok
17:36:42.0815 5528	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:36:42.0862 5528	bthserv - ok
17:36:42.0925 5528	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:36:42.0971 5528	cdfs - ok
17:36:43.0003 5528	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:36:43.0034 5528	cdrom - ok
17:36:43.0081 5528	CertPropSvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:36:43.0112 5528	CertPropSvc - ok
17:36:43.0127 5528	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:36:43.0159 5528	circlass - ok
17:36:43.0221 5528	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:36:43.0268 5528	CLFS - ok
17:36:43.0330 5528	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:36:43.0346 5528	clr_optimization_v2.0.50727_32 - ok
17:36:43.0393 5528	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:36:43.0408 5528	clr_optimization_v2.0.50727_64 - ok
17:36:43.0533 5528	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:36:43.0595 5528	clr_optimization_v4.0.30319_32 - ok
17:36:43.0627 5528	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:36:43.0642 5528	clr_optimization_v4.0.30319_64 - ok
17:36:43.0658 5528	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:36:43.0689 5528	CmBatt - ok
17:36:43.0720 5528	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:36:43.0736 5528	cmdide - ok
17:36:43.0783 5528	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
17:36:43.0814 5528	CNG - ok
17:36:43.0829 5528	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:36:43.0845 5528	Compbatt - ok
17:36:43.0861 5528	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:36:43.0892 5528	CompositeBus - ok
17:36:43.0923 5528	COMSysApp - ok
17:36:43.0939 5528	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:36:43.0954 5528	crcdisk - ok
17:36:44.0001 5528	CryptSvc        (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
17:36:44.0032 5528	CryptSvc - ok
17:36:44.0095 5528	DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:36:44.0157 5528	DcomLaunch - ok
17:36:44.0219 5528	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:36:44.0282 5528	defragsvc - ok
17:36:44.0329 5528	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:36:44.0360 5528	DfsC - ok
17:36:44.0407 5528	Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
17:36:44.0453 5528	Dhcp - ok
17:36:44.0485 5528	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:36:44.0578 5528	discache - ok
17:36:44.0625 5528	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:36:44.0625 5528	Disk - ok
17:36:44.0687 5528	Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
17:36:44.0734 5528	Dnscache - ok
17:36:44.0781 5528	dot3svc         (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
17:36:44.0859 5528	dot3svc - ok
17:36:44.0890 5528	DPS             (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
17:36:44.0937 5528	DPS - ok
17:36:44.0984 5528	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:36:45.0015 5528	drmkaud - ok
17:36:45.0140 5528	DsiWMIService   (61e894fe1e9cc720c909e6e343351794) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
17:36:45.0171 5528	DsiWMIService - ok
17:36:45.0265 5528	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
17:36:45.0296 5528	DXGKrnl - ok
17:36:45.0327 5528	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:36:45.0389 5528	EapHost - ok
17:36:45.0592 5528	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:36:45.0686 5528	ebdrv - ok
17:36:45.0811 5528	EFS             (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
17:36:45.0842 5528	EFS - ok
17:36:45.0982 5528	ehRecvr         (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
17:36:46.0013 5528	ehRecvr - ok
17:36:46.0060 5528	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:36:46.0091 5528	ehSched - ok
17:36:46.0185 5528	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:36:46.0216 5528	elxstor - ok
17:36:46.0419 5528	ePowerSvc       (49eef52bfb986a2b5d70f4ec12637d7b) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
17:36:46.0466 5528	ePowerSvc - ok
17:36:46.0591 5528	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:36:46.0637 5528	ErrDev - ok
17:36:46.0700 5528	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:36:46.0747 5528	EventSystem - ok
17:36:46.0778 5528	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:36:46.0840 5528	exfat - ok
17:36:46.0856 5528	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:36:46.0918 5528	fastfat - ok
17:36:46.0981 5528	Fax             (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
17:36:47.0027 5528	Fax - ok
17:36:47.0059 5528	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:36:47.0074 5528	fdc - ok
17:36:47.0121 5528	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:36:47.0152 5528	fdPHost - ok
17:36:47.0183 5528	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:36:47.0246 5528	FDResPub - ok
17:36:47.0277 5528	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:36:47.0293 5528	FileInfo - ok
17:36:47.0308 5528	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:36:47.0355 5528	Filetrace - ok
17:36:47.0464 5528	FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:36:47.0495 5528	FLEXnet Licensing Service - ok
17:36:47.0511 5528	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:36:47.0542 5528	flpydisk - ok
17:36:47.0620 5528	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:36:47.0636 5528	FltMgr - ok
17:36:47.0729 5528	FontCache       (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
17:36:47.0761 5528	FontCache - ok
17:36:47.0839 5528	FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:36:47.0870 5528	FontCache3.0.0.0 - ok
17:36:47.0917 5528	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:36:47.0948 5528	FsDepends - ok
17:36:47.0979 5528	Fs_Rec          (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
17:36:47.0995 5528	Fs_Rec - ok
17:36:48.0057 5528	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:36:48.0088 5528	fvevol - ok
17:36:48.0119 5528	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:36:48.0119 5528	gagp30kx - ok
17:36:48.0307 5528	GameConsoleService (551d463e4cceb5240234da6718c93a44) C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
17:36:48.0338 5528	GameConsoleService - ok
17:36:48.0369 5528	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:36:48.0385 5528	GEARAspiWDM - ok
17:36:48.0447 5528	gpsvc           (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
17:36:48.0494 5528	gpsvc - ok
17:36:48.0665 5528	Greg_Service    (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
17:36:48.0681 5528	Greg_Service - ok
17:36:48.0790 5528	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:36:48.0806 5528	gupdate - ok
17:36:48.0837 5528	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:36:48.0853 5528	gupdatem - ok
17:36:48.0993 5528	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:36:49.0040 5528	hcw85cir - ok
17:36:49.0087 5528	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
17:36:49.0133 5528	HdAudAddService - ok
17:36:49.0180 5528	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:36:49.0211 5528	HDAudBus - ok
17:36:49.0243 5528	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:36:49.0274 5528	HidBatt - ok
17:36:49.0274 5528	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:36:49.0305 5528	HidBth - ok
17:36:49.0321 5528	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:36:49.0367 5528	HidIr - ok
17:36:49.0399 5528	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:36:49.0492 5528	hidserv - ok
17:36:49.0539 5528	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:36:49.0586 5528	HidUsb - ok
17:36:49.0633 5528	hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
17:36:49.0679 5528	hkmsvc - ok
17:36:49.0711 5528	HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
17:36:49.0726 5528	HomeGroupListener - ok
17:36:49.0757 5528	HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
17:36:49.0789 5528	HomeGroupProvider - ok
17:36:49.0945 5528	hpqcxs08        (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:36:49.0991 5528	hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
17:36:49.0991 5528	hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
17:36:50.0023 5528	hpqddsvc        (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:36:50.0069 5528	hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
17:36:50.0069 5528	hpqddsvc - detected UnsignedFile.Multi.Generic (1)
17:36:50.0116 5528	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:36:50.0132 5528	HpSAMD - ok
17:36:50.0257 5528	HPSLPSVC        (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:36:50.0303 5528	HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
17:36:50.0303 5528	HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
17:36:50.0366 5528	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:36:50.0428 5528	HTTP - ok
17:36:50.0459 5528	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:36:50.0459 5528	hwpolicy - ok
17:36:50.0491 5528	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:36:50.0506 5528	i8042prt - ok
17:36:50.0584 5528	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
17:36:50.0615 5528	iaStorV - ok
17:36:50.0725 5528	idsvc           (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:36:50.0756 5528	idsvc - ok
17:36:51.0130 5528	igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:36:51.0317 5528	igfx - ok
17:36:51.0458 5528	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:36:51.0489 5528	iirsp - ok
17:36:51.0583 5528	IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
17:36:51.0645 5528	IKEEXT - ok
17:36:51.0848 5528	IntcAzAudAddService (3edd3ce185da3e6aaec22adcfd7b1d54) C:\Windows\system32\drivers\RTKVHD64.sys
17:36:51.0910 5528	IntcAzAudAddService - ok
17:36:52.0051 5528	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:36:52.0082 5528	intelide - ok
17:36:52.0097 5528	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:36:52.0129 5528	intelppm - ok
17:36:52.0191 5528	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:36:52.0238 5528	IPBusEnum - ok
17:36:52.0253 5528	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:36:52.0285 5528	IpFilterDriver - ok
17:36:52.0331 5528	iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
17:36:52.0378 5528	iphlpsvc - ok
17:36:52.0394 5528	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:36:52.0409 5528	IPMIDRV - ok
17:36:52.0441 5528	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:36:52.0503 5528	IPNAT - ok
17:36:52.0706 5528	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
17:36:52.0737 5528	iPod Service - ok
17:36:52.0753 5528	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:36:52.0768 5528	IRENUM - ok
17:36:52.0799 5528	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:36:52.0815 5528	isapnp - ok
17:36:52.0846 5528	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:36:52.0862 5528	iScsiPrt - ok
17:36:52.0862 5528	k57nd60a - ok
17:36:52.0893 5528	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:36:52.0893 5528	kbdclass - ok
17:36:52.0909 5528	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:36:52.0955 5528	kbdhid - ok
17:36:52.0987 5528	KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:36:53.0002 5528	KeyIso - ok
17:36:53.0018 5528	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
17:36:53.0033 5528	KSecDD - ok
17:36:53.0049 5528	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
17:36:53.0065 5528	KSecPkg - ok
17:36:53.0080 5528	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:36:53.0127 5528	ksthunk - ok
17:36:53.0174 5528	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:36:53.0236 5528	KtmRm - ok
17:36:53.0267 5528	L1E             (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
17:36:53.0283 5528	L1E - ok
17:36:53.0314 5528	LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
17:36:53.0345 5528	LanmanServer - ok
17:36:53.0377 5528	LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
17:36:53.0439 5528	LanmanWorkstation - ok
17:36:53.0642 5528	Lavasoft Ad-Aware Service (bd1e59ffeb8d84dc592a92497d823322) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
17:36:53.0673 5528	Lavasoft Ad-Aware Service - ok
17:36:53.0720 5528	Lavasoft Kernexplorer (ad134c8802355be1b24606fca8a4a50d) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
17:36:53.0751 5528	Lavasoft Kernexplorer - ok
17:36:53.0876 5528	Lbd             (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
17:36:53.0907 5528	Lbd - ok
17:36:53.0954 5528	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:36:54.0016 5528	lltdio - ok
17:36:54.0079 5528	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:36:54.0141 5528	lltdsvc - ok
17:36:54.0172 5528	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:36:54.0203 5528	lmhosts - ok
17:36:54.0235 5528	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:36:54.0250 5528	LSI_FC - ok
17:36:54.0266 5528	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:36:54.0281 5528	LSI_SAS - ok
17:36:54.0281 5528	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:36:54.0297 5528	LSI_SAS2 - ok
17:36:54.0297 5528	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:36:54.0313 5528	LSI_SCSI - ok
17:36:54.0344 5528	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:36:54.0406 5528	luafv - ok
17:36:54.0453 5528	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
17:36:54.0484 5528	MBAMProtector - ok
17:36:54.0578 5528	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:36:54.0593 5528	MBAMService - ok
17:36:54.0640 5528	Mcx2Svc         (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
17:36:54.0671 5528	Mcx2Svc - ok
17:36:54.0703 5528	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:36:54.0718 5528	megasas - ok
17:36:54.0734 5528	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:36:54.0765 5528	MegaSR - ok
17:36:54.0796 5528	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:36:54.0859 5528	MMCSS - ok
17:36:54.0859 5528	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:36:54.0905 5528	Modem - ok
17:36:54.0937 5528	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:36:54.0968 5528	monitor - ok
17:36:55.0015 5528	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:36:55.0030 5528	mouclass - ok
17:36:55.0061 5528	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:36:55.0108 5528	mouhid - ok
17:36:55.0139 5528	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:36:55.0171 5528	mountmgr - ok
17:36:55.0186 5528	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:36:55.0202 5528	mpio - ok
17:36:55.0217 5528	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:36:55.0249 5528	mpsdrv - ok
17:36:55.0311 5528	MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
17:36:55.0373 5528	MpsSvc - ok
17:36:55.0405 5528	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:36:55.0420 5528	MRxDAV - ok
17:36:55.0467 5528	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:36:55.0498 5528	mrxsmb - ok
17:36:55.0561 5528	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:36:55.0592 5528	mrxsmb10 - ok
17:36:55.0623 5528	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:36:55.0639 5528	mrxsmb20 - ok
17:36:55.0685 5528	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
17:36:55.0717 5528	msahci - ok
17:36:55.0732 5528	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:36:55.0748 5528	msdsm - ok
17:36:55.0779 5528	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:36:55.0826 5528	MSDTC - ok
17:36:55.0857 5528	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:36:55.0888 5528	Msfs - ok
17:36:55.0904 5528	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:36:55.0935 5528	mshidkmdf - ok
17:36:55.0951 5528	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:36:55.0951 5528	msisadrv - ok
17:36:55.0982 5528	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:36:56.0044 5528	MSiSCSI - ok
17:36:56.0044 5528	msiserver - ok
17:36:56.0091 5528	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:36:56.0122 5528	MSKSSRV - ok
17:36:56.0122 5528	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:36:56.0185 5528	MSPCLOCK - ok
17:36:56.0200 5528	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:36:56.0247 5528	MSPQM - ok
17:36:56.0309 5528	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:36:56.0325 5528	MsRPC - ok
17:36:56.0341 5528	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:36:56.0356 5528	mssmbios - ok
17:36:56.0387 5528	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:36:56.0434 5528	MSTEE - ok
17:36:56.0434 5528	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:36:56.0465 5528	MTConfig - ok
17:36:56.0497 5528	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:36:56.0512 5528	Mup - ok
17:36:56.0559 5528	napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
17:36:56.0668 5528	napagent - ok
17:36:56.0746 5528	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:36:56.0777 5528	NativeWifiP - ok
17:36:56.0809 5528	NAVENG - ok
17:36:56.0809 5528	NAVEX15 - ok
17:36:56.0871 5528	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:36:56.0902 5528	NDIS - ok
17:36:56.0918 5528	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:36:56.0949 5528	NdisCap - ok
17:36:56.0980 5528	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:36:57.0027 5528	NdisTapi - ok
17:36:57.0074 5528	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:36:57.0121 5528	Ndisuio - ok
17:36:57.0167 5528	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:36:57.0199 5528	NdisWan - ok
17:36:57.0214 5528	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:36:57.0277 5528	NDProxy - ok
17:36:57.0370 5528	Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
17:36:57.0401 5528	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:36:57.0401 5528	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:36:57.0433 5528	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:36:57.0511 5528	NetBIOS - ok
17:36:57.0542 5528	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:36:57.0573 5528	NetBT - ok
17:36:57.0604 5528	Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:36:57.0620 5528	Netlogon - ok
17:36:57.0682 5528	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:36:57.0760 5528	Netman - ok
17:36:57.0807 5528	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:36:57.0869 5528	netprofm - ok
17:36:57.0916 5528	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:36:57.0932 5528	NetTcpPortSharing - ok
17:36:57.0963 5528	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:36:57.0979 5528	nfrd960 - ok
17:36:58.0072 5528	NIS             (ea212858f303cf715775c6b86a7cbbc4) C:\Program Files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
17:36:58.0103 5528	NIS - ok
17:36:58.0150 5528	NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
17:36:58.0213 5528	NlaSvc - ok
17:36:58.0259 5528	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:36:58.0337 5528	Npfs - ok
17:36:58.0353 5528	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:36:58.0431 5528	nsi - ok
17:36:58.0462 5528	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:36:58.0525 5528	nsiproxy - ok
17:36:58.0649 5528	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
17:36:58.0696 5528	Ntfs - ok
17:36:58.0790 5528	NTI IScheduleSvc (5b3ce960c62dbe864be9a0bd043a3e30) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
17:36:58.0837 5528	NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - warning
17:36:58.0837 5528	NTI IScheduleSvc - detected UnsignedFile.Multi.Generic (1)
17:36:58.0977 5528	NTIDrvr         (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
17:36:59.0008 5528	NTIDrvr - ok
17:36:59.0024 5528	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:36:59.0071 5528	Null - ok
17:36:59.0102 5528	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
17:36:59.0117 5528	nvraid - ok
17:36:59.0164 5528	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
17:36:59.0180 5528	nvstor - ok
17:36:59.0195 5528	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:36:59.0211 5528	nv_agp - ok
17:36:59.0336 5528	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:36:59.0367 5528	odserv - ok
17:36:59.0398 5528	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:36:59.0430 5528	ohci1394 - ok
17:36:59.0492 5528	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:36:59.0523 5528	ose - ok
17:36:59.0570 5528	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:36:59.0601 5528	p2pimsvc - ok
17:36:59.0648 5528	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:36:59.0664 5528	p2psvc - ok
17:36:59.0695 5528	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:36:59.0710 5528	Parport - ok
17:36:59.0757 5528	partmgr         (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
17:36:59.0788 5528	partmgr - ok
17:36:59.0804 5528	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:36:59.0835 5528	PcaSvc - ok
17:36:59.0882 5528	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:36:59.0882 5528	pci - ok
17:36:59.0898 5528	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:36:59.0913 5528	pciide - ok
17:36:59.0944 5528	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:36:59.0960 5528	pcmcia - ok
17:36:59.0976 5528	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:36:59.0991 5528	pcw - ok
17:37:00.0038 5528	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:37:00.0100 5528	PEAUTH - ok
17:37:00.0194 5528	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:37:00.0241 5528	PerfHost - ok
17:37:00.0366 5528	pla             (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
17:37:00.0444 5528	pla - ok
17:37:00.0490 5528	PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
17:37:00.0537 5528	PlugPlay - ok
17:37:00.0600 5528	Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
17:37:00.0631 5528	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:37:00.0631 5528	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:37:00.0662 5528	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:37:00.0693 5528	PNRPAutoReg - ok
17:37:00.0740 5528	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:37:00.0756 5528	PNRPsvc - ok
17:37:00.0802 5528	PolicyAgent     (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
17:37:00.0865 5528	PolicyAgent - ok
17:37:00.0912 5528	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:37:00.0958 5528	Power - ok
17:37:01.0036 5528	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:37:01.0130 5528	PptpMiniport - ok
17:37:01.0146 5528	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:37:01.0208 5528	Processor - ok
17:37:01.0239 5528	ProfSvc         (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
17:37:01.0270 5528	ProfSvc - ok
17:37:01.0302 5528	ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:37:01.0317 5528	ProtectedStorage - ok
17:37:01.0348 5528	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:37:01.0395 5528	Psched - ok
17:37:01.0426 5528	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:37:01.0442 5528	PxHlpa64 - ok
17:37:01.0536 5528	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:37:01.0582 5528	ql2300 - ok
17:37:01.0723 5528	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:37:01.0754 5528	ql40xx - ok
17:37:01.0785 5528	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:37:01.0816 5528	QWAVE - ok
17:37:01.0848 5528	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:37:01.0863 5528	QWAVEdrv - ok
17:37:01.0879 5528	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:37:01.0926 5528	RasAcd - ok
17:37:01.0972 5528	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:37:02.0019 5528	RasAgileVpn - ok
17:37:02.0035 5528	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:37:02.0066 5528	RasAuto - ok
17:37:02.0082 5528	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:37:02.0144 5528	Rasl2tp - ok
17:37:02.0191 5528	RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
17:37:02.0253 5528	RasMan - ok
17:37:02.0284 5528	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:37:02.0331 5528	RasPppoe - ok
17:37:02.0362 5528	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:37:02.0425 5528	RasSstp - ok
17:37:02.0456 5528	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:37:02.0487 5528	rdbss - ok
17:37:02.0518 5528	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:37:02.0550 5528	rdpbus - ok
17:37:02.0565 5528	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:37:02.0612 5528	RDPCDD - ok
17:37:02.0628 5528	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:37:02.0674 5528	RDPENCDD - ok
17:37:02.0690 5528	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:37:02.0737 5528	RDPREFMP - ok
17:37:02.0768 5528	RDPWD           (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
17:37:02.0815 5528	RDPWD - ok
17:37:02.0877 5528	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
17:37:02.0908 5528	rdyboost - ok
17:37:02.0940 5528	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:37:02.0986 5528	RemoteAccess - ok
17:37:03.0033 5528	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:37:03.0127 5528	RemoteRegistry - ok
17:37:03.0142 5528	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:37:03.0174 5528	RpcEptMapper - ok
17:37:03.0189 5528	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:37:03.0220 5528	RpcLocator - ok
17:37:03.0283 5528	RpcSs           (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:37:03.0314 5528	RpcSs - ok
17:37:03.0361 5528	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:37:03.0408 5528	rspndr - ok
17:37:03.0454 5528	SamSs           (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:37:03.0470 5528	SamSs - ok
17:37:03.0501 5528	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:37:03.0517 5528	sbp2port - ok
17:37:03.0548 5528	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:37:03.0610 5528	SCardSvr - ok
17:37:03.0642 5528	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:37:03.0688 5528	scfilter - ok
17:37:03.0798 5528	Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
17:37:03.0813 5528	Schedule - ok
17:37:03.0860 5528	SCPolicySvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:37:03.0891 5528	SCPolicySvc - ok
17:37:03.0922 5528	SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
17:37:03.0954 5528	SDRSVC - ok
17:37:04.0016 5528	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:37:04.0094 5528	secdrv - ok
17:37:04.0110 5528	seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
17:37:04.0203 5528	seclogon - ok
17:37:04.0234 5528	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:37:04.0297 5528	SENS - ok
17:37:04.0328 5528	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:37:04.0359 5528	SensrSvc - ok
17:37:04.0390 5528	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:37:04.0406 5528	Serenum - ok
17:37:04.0422 5528	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:37:04.0453 5528	Serial - ok
17:37:04.0453 5528	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:37:04.0484 5528	sermouse - ok
17:37:04.0515 5528	SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
17:37:04.0562 5528	SessionEnv - ok
17:37:04.0562 5528	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:37:04.0593 5528	sffdisk - ok
17:37:04.0593 5528	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:37:04.0624 5528	sffp_mmc - ok
17:37:04.0624 5528	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:37:04.0640 5528	sffp_sd - ok
17:37:04.0687 5528	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:37:04.0734 5528	sfloppy - ok
17:37:04.0796 5528	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:37:04.0874 5528	SharedAccess - ok
17:37:04.0921 5528	ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
17:37:04.0936 5528	ShellHWDetection - ok
17:37:04.0936 5528	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:37:04.0952 5528	SiSRaid2 - ok
17:37:04.0968 5528	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:37:04.0968 5528	SiSRaid4 - ok
17:37:04.0983 5528	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:37:05.0046 5528	Smb - ok
17:37:05.0077 5528	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:37:05.0124 5528	SNMPTRAP - ok
17:37:05.0155 5528	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:37:05.0170 5528	spldr - ok
17:37:05.0248 5528	Spooler         (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
17:37:05.0295 5528	Spooler - ok
17:37:05.0560 5528	sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
17:37:05.0638 5528	sppsvc - ok
17:37:05.0763 5528	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:37:05.0857 5528	sppuinotify - ok
17:37:05.0982 5528	SRTSP           (56979a80f6f9df788a8bfcc1603da40d) C:\Windows\system32\drivers\NISx64\1101000.013\SRTSP64.SYS
17:37:05.0997 5528	SRTSP - ok
17:37:06.0013 5528	SRTSPX          (3c3d82bb245ad1cb00ed48cb2f4ab385) C:\Windows\system32\drivers\NISx64\1101000.013\SRTSPX64.SYS
17:37:06.0028 5528	SRTSPX - ok
17:37:06.0091 5528	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:37:06.0106 5528	srv - ok
17:37:06.0138 5528	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:37:06.0153 5528	srv2 - ok
17:37:06.0200 5528	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:37:06.0231 5528	srvnet - ok
17:37:06.0278 5528	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:37:06.0340 5528	SSDPSRV - ok
17:37:06.0356 5528	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:37:06.0418 5528	SstpSvc - ok
17:37:06.0450 5528	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:37:06.0465 5528	stexstor - ok
17:37:06.0496 5528	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
17:37:06.0528 5528	StillCam - ok
17:37:06.0606 5528	stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
17:37:06.0637 5528	stisvc - ok
17:37:06.0652 5528	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:37:06.0668 5528	swenum - ok
17:37:06.0715 5528	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:37:06.0762 5528	swprv - ok
17:37:06.0824 5528	SynTP           (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
17:37:06.0840 5528	SynTP - ok
17:37:06.0949 5528	SysMain         (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
17:37:07.0011 5528	SysMain - ok
17:37:07.0136 5528	TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
17:37:07.0198 5528	TabletInputService - ok
17:37:07.0245 5528	TapiSrv         (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
17:37:07.0308 5528	TapiSrv - ok
17:37:07.0417 5528	tbhsd           (93f0f5ef8a4ca261372df98b31b2bd05) C:\Windows\system32\drivers\tbhsd.sys
17:37:07.0448 5528	tbhsd - ok
17:37:07.0479 5528	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:37:07.0557 5528	TBS - ok
17:37:07.0682 5528	Tcpip           (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
17:37:07.0729 5528	Tcpip - ok
17:37:07.0994 5528	TCPIP6          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
17:37:08.0072 5528	TCPIP6 - ok
17:37:08.0212 5528	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:37:08.0275 5528	tcpipreg - ok
17:37:08.0290 5528	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:37:08.0290 5528	TDPIPE - ok
17:37:08.0337 5528	TDTCP           (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
17:37:08.0368 5528	TDTCP - ok
17:37:08.0400 5528	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:37:08.0446 5528	tdx - ok
17:37:08.0478 5528	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:37:08.0493 5528	TermDD - ok
17:37:08.0540 5528	TermService     (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
17:37:08.0602 5528	TermService - ok
17:37:08.0634 5528	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:37:08.0665 5528	Themes - ok
17:37:08.0712 5528	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:37:08.0743 5528	THREADORDER - ok
17:37:08.0774 5528	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:37:08.0836 5528	TrkWks - ok
17:37:08.0899 5528	TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
17:37:08.0930 5528	TrustedInstaller - ok
17:37:08.0961 5528	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:37:09.0055 5528	tssecsrv - ok
17:37:09.0117 5528	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:37:09.0195 5528	tunnel - ok
17:37:09.0211 5528	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:37:09.0226 5528	uagp35 - ok
17:37:09.0258 5528	UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
17:37:09.0273 5528	UBHelper - ok
17:37:09.0304 5528	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
17:37:09.0367 5528	udfs - ok
17:37:09.0398 5528	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:37:09.0414 5528	UI0Detect - ok
17:37:09.0429 5528	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:37:09.0445 5528	uliagpkx - ok
17:37:09.0476 5528	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:37:09.0523 5528	umbus - ok
17:37:09.0538 5528	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:37:09.0554 5528	UmPass - ok
17:37:09.0694 5528	Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
17:37:09.0726 5528	Updater Service - ok
17:37:09.0757 5528	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:37:09.0819 5528	upnphost - ok
17:37:09.0882 5528	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
17:37:09.0928 5528	USBAAPL64 - ok
17:37:09.0975 5528	usbccgp         (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
17:37:10.0022 5528	usbccgp - ok
17:37:10.0069 5528	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:37:10.0100 5528	usbcir - ok
17:37:10.0131 5528	usbehci         (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
17:37:10.0162 5528	usbehci - ok
17:37:10.0209 5528	usbfilter       (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
17:37:10.0225 5528	usbfilter - ok
17:37:10.0287 5528	usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
17:37:10.0318 5528	usbhub - ok
17:37:10.0350 5528	usbohci         (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\DRIVERS\usbohci.sys
17:37:10.0396 5528	usbohci - ok
17:37:10.0443 5528	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:37:10.0474 5528	usbprint - ok
17:37:10.0506 5528	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:37:10.0521 5528	usbscan - ok
17:37:10.0568 5528	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:37:10.0599 5528	USBSTOR - ok
17:37:10.0630 5528	usbuhci         (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
17:37:10.0662 5528	usbuhci - ok
17:37:10.0708 5528	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
17:37:10.0755 5528	usbvideo - ok
17:37:10.0786 5528	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:37:10.0818 5528	UxSms - ok
17:37:10.0864 5528	VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:37:10.0896 5528	VaultSvc - ok
17:37:10.0896 5528	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:37:10.0911 5528	vdrvroot - ok
17:37:10.0958 5528	vds             (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
17:37:10.0989 5528	vds - ok
17:37:11.0036 5528	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:37:11.0067 5528	vga - ok
17:37:11.0083 5528	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:37:11.0161 5528	VgaSave - ok
17:37:11.0192 5528	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:37:11.0208 5528	vhdmp - ok
17:37:11.0208 5528	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:37:11.0223 5528	viaide - ok
17:37:11.0239 5528	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:37:11.0254 5528	volmgr - ok
17:37:11.0286 5528	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:37:11.0301 5528	volmgrx - ok
17:37:11.0332 5528	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:37:11.0348 5528	volsnap - ok
17:37:11.0364 5528	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:37:11.0379 5528	vsmraid - ok
17:37:11.0488 5528	VSS             (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
17:37:11.0535 5528	VSS - ok
17:37:11.0676 5528	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:37:11.0707 5528	vwifibus - ok
17:37:11.0722 5528	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:37:11.0754 5528	vwififlt - ok
17:37:11.0769 5528	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:37:11.0785 5528	vwifimp - ok
17:37:11.0816 5528	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:37:11.0863 5528	W32Time - ok
17:37:11.0878 5528	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:37:11.0925 5528	WacomPen - ok
17:37:11.0956 5528	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:37:12.0050 5528	WANARP - ok
17:37:12.0050 5528	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:37:12.0081 5528	Wanarpv6 - ok
17:37:12.0190 5528	wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
17:37:12.0237 5528	wbengine - ok
17:37:12.0378 5528	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:37:12.0409 5528	WbioSrvc - ok
17:37:12.0471 5528	wcncsvc         (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
17:37:12.0502 5528	wcncsvc - ok
17:37:12.0534 5528	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:37:12.0549 5528	WcsPlugInService - ok
17:37:12.0580 5528	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:37:12.0596 5528	Wd - ok
17:37:12.0643 5528	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:37:12.0658 5528	Wdf01000 - ok
17:37:12.0674 5528	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:37:12.0721 5528	WdiServiceHost - ok
17:37:12.0721 5528	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:37:12.0736 5528	WdiSystemHost - ok
17:37:12.0783 5528	WebClient       (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
17:37:12.0799 5528	WebClient - ok
17:37:12.0830 5528	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:37:12.0892 5528	Wecsvc - ok
17:37:12.0908 5528	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:37:12.0955 5528	wercplsupport - ok
17:37:12.0970 5528	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:37:13.0033 5528	WerSvc - ok
17:37:13.0095 5528	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:37:13.0158 5528	WfpLwf - ok
17:37:13.0173 5528	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:37:13.0173 5528	WIMMount - ok
17:37:13.0204 5528	WinDefend - ok
17:37:13.0220 5528	WinHttpAutoProxySvc - ok
17:37:13.0282 5528	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:37:13.0360 5528	Winmgmt - ok
17:37:13.0501 5528	WinRM           (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
17:37:13.0579 5528	WinRM - ok
17:37:13.0750 5528	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
17:37:13.0797 5528	WinUsb - ok
17:37:13.0906 5528	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:37:13.0969 5528	Wlansvc - ok
17:37:14.0218 5528	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:37:14.0296 5528	wlidsvc - ok
17:37:14.0406 5528	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:37:14.0452 5528	WmiAcpi - ok
17:37:14.0530 5528	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:37:14.0593 5528	wmiApSrv - ok
17:37:14.0655 5528	WMPNetworkSvc - ok
17:37:14.0702 5528	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:37:14.0733 5528	WPCSvc - ok
17:37:14.0749 5528	WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
17:37:14.0764 5528	WPDBusEnum - ok
17:37:14.0796 5528	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:37:14.0874 5528	ws2ifsl - ok
17:37:14.0905 5528	wscsvc          (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
17:37:14.0920 5528	wscsvc - ok
17:37:14.0967 5528	WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
17:37:15.0030 5528	WSDPrintDevice - ok
17:37:15.0030 5528	WSearch - ok
17:37:15.0201 5528	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:37:15.0264 5528	wuauserv - ok
17:37:15.0373 5528	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:37:15.0435 5528	WudfPf - ok
17:37:15.0466 5528	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:37:15.0498 5528	WUDFRd - ok
17:37:15.0529 5528	wudfsvc         (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
17:37:15.0591 5528	wudfsvc - ok
17:37:15.0622 5528	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:37:15.0654 5528	WwanSvc - ok
17:37:15.0700 5528	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:37:16.0044 5528	\Device\Harddisk0\DR0 - ok
17:37:16.0044 5528	Boot (0x1200)   (2ebc792c3b4b064864f6f57f6d8eae7c) \Device\Harddisk0\DR0\Partition0
17:37:16.0044 5528	\Device\Harddisk0\DR0\Partition0 - ok
17:37:16.0090 5528	Boot (0x1200)   (52b01421a2250f970de68f817c3754c0) \Device\Harddisk0\DR0\Partition1
17:37:16.0090 5528	\Device\Harddisk0\DR0\Partition1 - ok
17:37:16.0090 5528	============================================================
17:37:16.0090 5528	Scan finished
17:37:16.0090 5528	============================================================
17:37:16.0106 5560	Detected object count: 6
17:37:16.0106 5560	Actual detected object count: 6
17:39:26.0538 5560	hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:26.0538 5560	hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:39:26.0553 5560	hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:26.0553 5560	hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:39:26.0553 5560	HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:26.0553 5560	HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:39:26.0553 5560	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:26.0553 5560	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:39:26.0553 5560	NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:26.0553 5560	NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:39:26.0553 5560	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:39:26.0553 5560	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 05.07.2012, 09:16   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab - Standard

S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.07.2012, 19:18   #25
SumSi27
 
S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab - Standard

S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab


Ist erledigt
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-05.03 - Sunny 05.07.2012  19:55:30.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4094.2586 [GMT 2:00]
ausgeführt von:: c:\users\Sunny\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
c:\users\Sunny\AppData\Roaming\Microsoft\Windows\Templates\install_flashplayer11x64_mssd_aih.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-05 bis 2012-07-05  ))))))))))))))))))))))))))))))
.
.
2012-07-05 18:04 . 2012-07-05 18:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-03 16:48 . 2012-07-03 16:48	--------	d-----w-	C:\_OTL
2012-06-27 16:54 . 2012-06-27 16:54	--------	d-----w-	c:\program files (x86)\ESET
2012-06-21 19:06 . 2003-02-02 17:06	153088	----a-w-	c:\windows\SysWow64\UNRAR3.dll
2012-06-21 19:06 . 2002-03-05 22:00	75264	----a-w-	c:\windows\SysWow64\unacev2.dll
2012-06-21 19:06 . 2012-06-21 19:07	--------	d-----w-	c:\program files (x86)\Trojan Remover
2012-06-21 19:06 . 2012-06-21 19:06	--------	d-----w-	c:\users\Sunny\AppData\Roaming\Simply Super Software
2012-06-21 19:06 . 2012-06-21 19:06	--------	d-----w-	c:\programdata\Simply Super Software
2012-06-21 13:17 . 2012-05-02 05:32	208896	----a-w-	c:\windows\system32\profsvc.dll
2012-06-21 13:17 . 2012-04-07 12:18	3213824	----a-w-	c:\windows\system32\msi.dll
2012-06-21 13:17 . 2012-04-07 11:34	2342400	----a-w-	c:\windows\SysWow64\msi.dll
2012-06-21 13:16 . 2012-04-24 05:59	1460224	----a-w-	c:\windows\system32\crypt32.dll
2012-06-21 13:16 . 2012-04-24 05:59	182272	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-21 13:16 . 2012-04-24 05:59	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-21 13:16 . 2012-04-24 04:47	139264	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-06-21 13:16 . 2012-04-24 04:47	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-06-21 13:16 . 2012-04-24 04:47	1156608	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-06-21 13:07 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 13:07 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 13:07 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 13:07 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 13:06 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 13:06 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 13:06 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 13:06 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 13:06 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-20 17:46 . 2012-04-26 05:34	76288	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-20 17:46 . 2012-04-26 05:34	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-20 17:46 . 2012-04-26 05:28	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-20 17:45 . 2012-05-04 10:52	5505392	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-06-20 17:45 . 2012-05-04 10:08	3958128	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-06-20 17:45 . 2012-05-04 10:08	3902320	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-06-20 17:45 . 2012-05-15 01:32	3144192	----a-w-	c:\windows\system32\win32k.sys
2012-06-20 17:45 . 2012-04-28 03:50	204800	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-18 19:01 . 2012-05-11 09:14	92896	----a-w-	c:\windows\system32\drivers\pctplsg64.sys
2012-06-18 19:01 . 2012-06-18 19:01	--------	d-----w-	c:\program files (x86)\PC Tools
2012-06-18 19:00 . 2012-06-21 02:38	--------	d-----w-	c:\program files (x86)\Common Files\PC Tools
2012-06-18 18:59 . 2012-06-18 19:01	--------	d-----w-	c:\programdata\PC Tools
2012-06-18 18:59 . 2012-06-18 18:59	--------	d-----w-	c:\users\Sunny\AppData\Roaming\TestApp
2012-06-18 18:22 . 2012-07-05 17:47	--------	d-----w-	c:\programdata\boost_interprocess
2012-06-18 17:35 . 2012-06-21 20:44	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 04:04 . 2012-07-03 12:26	9013136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FC26551-06A2-4055-982E-C6271C8E629C}\mpengine.dll
2012-05-11 19:00 . 2012-05-11 19:00	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 19:00 . 2011-12-08 13:25	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 18:49 . 2012-05-04 08:50	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 18:49 . 2012-05-04 08:50	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Sunny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Sunny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Sunny\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Intel AppUp(SM) center"="c:\users\Sunny\Desktop\IntelAppStore\bin\ismagent.lnk" [2011-06-25 968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-03-08 258560]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-17 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-04 1300560]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-02-12 600688]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"TuneClone"="c:\users\Sunny\Desktop\TuneClone\TuneClone.exe" [2010-07-21 4546560]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-06-21 1240848]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sunny\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\users\Sunny\Desktop\Audible\Bin\AudibleDownloadHelper.exe [N/A]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 136176]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-12-02 40448]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 136176]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-09-08 69152]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-08-12 55856]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-18 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-04 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-02-05 865824]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-04-14 1378040]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [2009-10-20 126392]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-03-08 250368]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-18 6405120]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-18 188928]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2010-11-04 17440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-08 12:03]
.
2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 08:54]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-18 08:54]
.
2012-07-05 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-09-08 09:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\Sunny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\Sunny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\Sunny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	97792	----a-w-	c:\users\Sunny\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-01-29 206208]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-02-05 860192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lm82&r=27360910s0b6l0450z115f45i1b306
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Sunny\AppData\Roaming\Mozilla\Firefox\Profiles\mdztwswr.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-iCloudServices - c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Wow6432Node-HKCU-Run-ApplePhotoStreams - c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKLM-Run-APSDaemon - c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-AudibleDownloadManager - c:\users\Sunny\Desktop\Audible\Bin\AudibleDM_iTunesSetup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.1.0.19\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.1.0.19\InstStub.exe
c:\users\Sunny\Desktop\IntelAppStore\bin\ismagent.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-05  20:14:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-05 18:14
.
Vor Suchlauf: 13 Verzeichnis(se), 210.241.527.808 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 210.130.395.136 Bytes frei
.
- - End Of File - - 5AB4F12F69DBA6AC54784047E4FFC7FA
--- --- ---


Grüssle, Sonja

Alt 05.07.2012, 20:30   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab - Standard

S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab


Code:
ATTFilter
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
Hast du tatsächlich diesen ganzen Kram noch installiert?
Wenn ja würde ich umgehend Ad-Aware und Norton IS deinstallieren
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.07.2012, 20:47   #27
SumSi27
 
S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab - Standard

S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab


Ich muss zu meiner Schande gestehen doch :-(
Aber ich habe Norton und Ad-Aware gerade deinstalliert. Das wäre nämlich meine Frage zum Schluss gewesen, was davon benötige ich wirklich und was ist am Besten.
Jetzt ist nur noch Avira drauf. =)

Grüssle, Sonja

Alt 05.07.2012, 21:06   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab - Standard

S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab


Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.07.2012, 13:47   #29
SumSi27
 
S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab - Standard

S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab


Huhu
neuer Tag, neue Logs:

OSAM:
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 14:12:07 on 06.07.2012

OS: Windows 7 Home Premium Edition (Build 7600), 64-bit
Default Browser: Mozilla Corporation Firefox 13.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Ad-Aware Update (Weekly).job" - ? - C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe  (File not found)
"HP Photo Creations Communicator.job" - ? - C:\ProgramData\HP Photo Creations\MessageCheck.exe  (File found, but it contains no detailed information)
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0" (k57nd60a) - ? - C:\Windows\system32\drivers\k57nd60a.sys  (File not found)
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"NTIDrvr" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\system32\drivers\NTIDrvr.sys
"PxHlpa64" (PxHlpa64) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHlpa64.sys
"Tunebite High-Speed Dubbing" (tbhsd) - "RapidSolution Software AG" - C:\Windows\System32\drivers\tbhsd.sys
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - ? - C:\Users\Sunny\Desktop\Audible\Bin\AudibleExt.dll  (File not found)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{16148659-720A-457d-850B-2DBD87BB129D} "AudibleShlExt Class" - ? - C:\Users\Sunny\Desktop\Audible\Bin\AudibleExt.dll  (File not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\Users\Sunny\Desktop\FREEM4~1\m4a_menu.dll  (File not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_2_202_235.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
"ICQ7.5" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.5\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
{48E73304-E1D6-4330-914C-F5F514E3486C} "Send to OneNote" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Sunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Sunny\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"Audible Download Manager.lnk" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk  (Shortcut exists | File not found)
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Intel AppUp(SM) center" - ? - "C:\Users\Sunny\Desktop\IntelAppStore\bin\ismagent.lnk"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"BackupManagerTray" - "NewTech Infosystems, Inc." - "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
"Camera Assistant Software" - "Chicony" - "C:\Program Files (x86)\Video Web Camera\traybar.exe"
"HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"LManager" - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\LManager.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"TuneClone" - "TuneClone.COM" - C:\Users\Sunny\Desktop\TuneClone\TuneClone.exe /silence

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Acer ePower Service" (ePowerSvc) - "Acer Incorporated" - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Active File Monitor V8" (AdobeActiveFileMonitor8.0) - "Adobe Systems Incorporated" - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Dritek WMI Service" (DsiWMIService) - "Dritek System Inc." - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GRegService" (Greg_Service) - "Acer Incorporated" - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NTI IScheduleSvc" (NTI IScheduleSvc) - "NewTech Infosystems, Inc." - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Updater Service" (Updater Service) - "Acer Group" - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-06 14:17:08
-----------------------------
14:17:08.330 OS Version: Windows x64 6.1.7600
14:17:08.330 Number of processors: 2 586 0x603
14:17:08.330 ComputerName: SUNNY-PC UserName: Sunny
14:17:09.968 Initialize success
14:17:39.423 AVAST engine defs: 12070600
14:17:45.772 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:17:45.787 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OC60F Size: 305245MB BusType: 11
14:17:45.803 Disk 0 MBR read successfully
14:17:45.803 Disk 0 MBR scan
14:17:45.819 Disk 0 Windows VISTA default MBR code
14:17:45.819 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13000 MB offset 2048
14:17:45.850 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 26626048
14:17:45.865 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 292143 MB offset 26830848
14:17:45.881 Disk 0 scanning C:\Windows\system32\drivers
14:17:56.208 Service scanning
14:18:29.093 Modules scanning
14:18:29.109 Disk 0 trace - called modules:
14:18:29.140 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:18:29.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bd5410]
14:18:29.155 3 CLASSPNP.SYS[fffff8800190c43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049b1060]
14:18:30.341 AVAST engine scan C:\Windows
14:18:35.005 AVAST engine scan C:\Windows\system32
14:21:49.866 AVAST engine scan C:\Windows\system32\drivers
14:22:02.315 AVAST engine scan C:\Users\Sunny
14:38:20.456 AVAST engine scan C:\ProgramData
14:42:50.134 Scan finished successfully
14:43:54.547 Disk 0 MBR has been saved successfully to "C:\Users\Sunny\Desktop\MBR.dat"
14:43:54.547 The log file has been saved successfully to "C:\Users\Sunny\Desktop\aswMBR.txt"


GMER brachte mir nur die Meldung dass nichts gefunden wurde? Ich finde allerdings den Log Text dazu nicht?

Grüssle, Sonja

Alt 08.07.2012, 18:22   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab - Standard

S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab


Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 3 1 2 3

Themen zu S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab
100%, absolut, alureon, antivir, besser, bricht, frage, hallo zusammen, laptop, liebe, lieben, maleware, neuaufsetzen, neustart, packard bell, schaltet, stunde, stunden, stürzt, troja, trojaner, windows, windows 7, würde, würdet, zusammen


« Auf merkwürdige Seite weitergeleitet worden - Malwarebytes hat was gefunden | 100 euro virus »


Ähnliche Themen: S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab


  1. Ornder wird nach Löschen von Datei seit Stunden recyled
    Alles rund um Windows - 28.08.2015 (11)
  2. PC hängt sich nach ein bis zwei Stunden auf und es funktioniert Nichts mehr
    Plagegeister aller Art und deren Bekämpfung - 16.07.2015 (5)
  3. Windows 8 Proxyserver werden nach 4-5 Stunden automatisch auf LAN gesetzt
    Plagegeister aller Art und deren Bekämpfung - 05.06.2015 (14)
  4. PC friert nach ca. 1,5 Stunden ein
    Alles rund um Windows - 02.01.2014 (1)
  5. Windos XP: Nach spätestens 2 Stunden Internet schaltet sich der Computer aus.
    Plagegeister aller Art und deren Bekämpfung - 26.11.2013 (3)
  6. HDD Repair - nach Anleitung entfernt - weiterhin Probleme
    Log-Analyse und Auswertung - 18.11.2012 (28)
  7. PC nach ca. 1,5 Stunden zu langsam und Maus hängt auch ab und zu
    Alles rund um Windows - 03.06.2012 (5)
  8. Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastet
    Log-Analyse und Auswertung - 18.02.2012 (32)
  9. Systembereinigung nach Befall durch Trojaner Windows Vista Repair
    Log-Analyse und Auswertung - 25.07.2011 (26)
  10. Hijacking nach Windows XP Repair Entfernung
    Plagegeister aller Art und deren Bekämpfung - 07.07.2011 (13)
  11. Boo/TDss.A nach Entfernen(?) von Alureon.A gefunden
    Log-Analyse und Auswertung - 20.06.2011 (15)
  12. Maßnahmen nach XP-Recovery und Trojan:Win32/Alureon Microsoft
    Log-Analyse und Auswertung - 11.06.2011 (25)
  13. Nach 5 Stunden immernoch nicht clean...
    Log-Analyse und Auswertung - 21.05.2011 (1)
  14. Nach 2-3 Stunden Stunden reagieren keine Programme mehr und Windows Explorer zeigt Dateien nicht an
    Alles rund um Windows - 21.11.2010 (3)
  15. Nach Trojaner Alureon HijackThis
    Log-Analyse und Auswertung - 08.01.2010 (1)
  16. Frozen Screen (PC hängt sich immer ca nach 3 stunden auf)
    Alles rund um Windows - 29.02.2008 (5)
  17. Verbindung bricht immer nach ca. 2 Stunden ab!
    Plagegeister aller Art und deren Bekämpfung - 24.05.2006 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab - Hallo, Also alle Daten scheinen wieder da zu sein. Das einzige was mir aufgefallen ist, ist dass beim herunterfahren nun zwei mal das Herunterfahren erzwungen werden musste? :-( Weil ein - S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab...
Archiv
Du betrachtest: S.m.a.r.t. Repair und Alureon - Malewarebits bricht nach 2 Stunden ab auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131