Mail Account verschickt automatische Mails und Avira Fund 'HTML\IFrame.aho'

mina88 · 28.06.2012, 20:42

Hallo,

vor drei Wochen etwa wurde vom Yahoo Account meines Mannes automatisch eine E-Mail an sein komplettes Adressbuch geschickt.

Daraufhin meldete AVIRA den Fund von Malware "HTML\IFrame.aho" in C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\9j4oiaop.default\Cache\C\60\5B26Ad01'

Ich hatte das ignoriert weil ein Scan mit Malwarebytes negativ war.

Aber heute wurde wieder eine E-Mail, diesmal von meinem Hotmail Account, an mein Adressbuch geschickt mit einem Link drin.

hier die Ergebnisse aus dem Scan mit OTL:

OTL.txt:

OTL logfile created on: 28.06.2012 18:56:43 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\***\Downloads
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 72,88% Memory free
5,99 Gb Paging File | 4,99 Gb Available in Paging File | 83,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 111,47 Gb Free Space | 77,36% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 40,89 Gb Free Space | 28,40% Space Free | Partition Type: NTFS

Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.28 18:56:08 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.05.08 21:36:47 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 21:36:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:36:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:36:47 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.07.16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.09.12 22:26:50 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.08.23 14:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.05.03 16:05:04 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe

========== Modules (No Company Name) ==========

MOD - [2006.08.12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Siemens\Step7\s7bin\s7hspsvx.exe -- (s7hspsvx)
SRV - [2012.06.16 21:12:48 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 21:36:47 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 21:36:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.05.03 16:05:04 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv)

========== Driver Services (SafeList) ==========

DRV - [2012.05.08 21:36:47 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 21:36:47 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.16 20:10:22 | 000,063,104 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\s7sn2srtx.sys -- (s7sn2srtx)
DRV - [2011.05.31 10:57:46 | 000,343,632 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SNTIE.SYS -- (SNTIE) SIMATIC Industrial Ethernet (ISO)
DRV - [2011.05.06 06:10:04 | 000,249,984 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\s7ousbu32x.sys -- (s7ousbu32x)
DRV - [2011.05.06 06:08:38 | 000,182,784 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\s7otsadx32.sys -- (s7otsadx32)
DRV - [2011.05.06 06:08:10 | 000,521,216 | ---- | M] (SIEMENS AG) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\S7otranx32.sys -- (S7otranx32)
DRV - [2011.05.06 06:03:22 | 000,087,552 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\S7odpx2x32.sys -- (S7odpx2x32)
DRV - [2011.04.19 20:22:04 | 000,288,256 | ---- | M] (SIEMENS AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\dpmconv32.sys -- (dpmconv)
DRV - [2011.04.19 20:20:28 | 000,140,288 | ---- | M] (SIEMENS AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsnl2ada32.sys -- (vsnl2ada)
DRV - [2010.01.13 17:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.10 17:21:00 | 009,824,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.03 12:29:10 | 001,436,560 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C FC 2B 82 35 47 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {b8cbd8e0-e642-11dd-ba2f-0800200c9a66}:1.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: sam@samfind.com:2.2.1
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.02.18
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.02.27 15:45:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 21:12:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.30 12:49:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 21:12:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.30 12:49:43 | 000,000,000 | ---D | M]

[2012.02.17 19:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.06.27 20:04:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sa26bwqj.default\extensions
[2012.05.19 23:02:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sa26bwqj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.05.30 12:40:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sa26bwqj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.06.03 20:17:39 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\sa26bwqj.default\extensions\2020Player_IKEA@2020Technologies.com
[2012.03.27 18:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.27 20:04:03 | 000,525,346 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SA26BWQJ.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.01.06 13:45:51 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SA26BWQJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.03.05 21:28:26 | 000,004,270 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SA26BWQJ.DEFAULT\EXTENSIONS\ADDON@GUTSCHEINE-LIVE.DE.XPI
[2012.06.16 21:12:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.17 23:18:37 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.20 19:36:52 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.02.08 19:36:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.08 19:21:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.08 19:36:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.08 19:36:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.08 19:36:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.08 19:36:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A66B960D-F511-4D2E-8016-C9BD29372BB0}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3d627293-57e9-11e1-8369-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3d627293-57e9-11e1-8369-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe /AUTORUN
O33 - MountPoints2\{3d627293-57e9-11e1-8369-806e6f6e6963}\Shell\configure\command - "" = E:\setup.exe
O33 - MountPoints2\{3d627293-57e9-11e1-8369-806e6f6e6963}\Shell\install\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.12 11:57:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ChemTable Software
[2012.06.10 19:27:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.10 19:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.10 19:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.10 19:26:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.10 19:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.31 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Audacity
[2012.05.31 21:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2012.05.30 17:30:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[2012.05.30 13:11:19 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\kinderlieder
[2012.05.30 13:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MIDI4all
[2012.05.30 13:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\MIDI4all
[2012.05.30 12:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.05.30 12:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.05.30 12:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.05.30 12:48:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.05.30 12:48:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple
[2012.05.30 12:47:58 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.05.30 12:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple

========== Files - Modified Within 30 Days ==========

[2012.06.28 18:54:16 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.28 18:30:32 | 000,054,763 | ---- | M] () -- C:\Users\***\Desktop\WEB.DE - AW***.pdf
[2012.06.28 18:30:17 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 18:30:17 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 18:22:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.28 18:22:00 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.27 20:09:46 | 000,016,191 | ---- | M] () -- C:\Users\***\Desktop\ABB AG.pdf
[2012.06.27 20:08:58 | 000,047,285 | ---- | M] () -- C:\Users\***\Desktop\***StepStone.pdf
[2012.06.15 11:48:03 | 000,313,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.15 00:25:56 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.15 00:25:56 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.15 00:25:56 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.15 00:25:56 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012.06.28 18:54:16 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.28 18:30:32 | 000,054,763 | ---- | C] () -- C:\Users\***\Desktop\WEB.DE - AW***.pdf
[2012.06.27 20:09:47 | 000,016,191 | ---- | C] () -- C:\Users\***\Desktop\ABB AG.pdf
[2012.06.27 20:08:58 | 000,047,285 | ---- | C] () -- C:\Users\***\Desktop\***StepStone.pdf
[2012.05.31 21:22:19 | 000,000,981 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.05.30 12:47:59 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.05.02 09:13:01 | 000,004,782 | ---- | C] () -- C:\Users\***\ESt2011_****_***_und_***_****.elfo
[2012.05.01 12:13:08 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.05.01 12:13:08 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.04.21 14:34:26 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.03.03 21:15:39 | 000,200,468 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012.02.20 16:47:50 | 000,088,592 | ---- | C] () -- C:\Windows\StkUnist.exe
[2012.02.20 16:47:49 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys

========== LOP Check ==========

[2012.06.03 19:38:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012.06.28 18:22:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.05.02 08:49:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.03.08 12:19:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.03.15 22:11:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDF Writer
[2012.04.22 12:05:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.05.17 16:00:19 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Extras.txt:

OTL Extras logfile created on: 28.06.2012 18:56:43 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\***\Downloads
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 72,88% Memory free
5,99 Gb Paging File | 4,99 Gb Available in Paging File | 83,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,09 Gb Total Space | 111,47 Gb Free Space | 77,36% Space Free | Partition Type: NTFS
Drive D: | 144,00 Gb Total Space | 40,89 Gb Free Space | 28,40% Space Free | Partition Type: NTFS

Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12A866C4-C9EB-4925-91EF-E5819AFF77DB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{41DB4338-48CC-410E-90CB-58F1A2337E36}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46EFCED7-D863-4FC6-96E6-0118BFFE741F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5239D962-C49F-4886-969F-A81F5820D7E0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{65201276-E3B8-4ECB-9436-5CE033814268}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67C695A1-1BD5-419A-B032-5817C2A98122}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{707A05CF-8EFE-4D76-8A70-276A46890822}" = rport=445 | protocol=6 | dir=out | app=system |
"{722CD6CD-D876-49E4-80EA-813E5CB65B7B}" = rport=137 | protocol=17 | dir=out | app=system |
"{78256671-66AB-4AA3-BE0F-210CE1942F67}" = lport=10243 | protocol=6 | dir=in | app=system |
"{80C70328-44F3-4664-8B4C-1108D3066A57}" = lport=2869 | protocol=6 | dir=in | app=system |
"{943CD3B7-618D-4EE8-A2D1-59B79A0E55B4}" = lport=138 | protocol=17 | dir=in | app=system |
"{A3A54CE4-0C74-4B24-9CA1-904C6BA61978}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABDA3CFB-D3A7-41D5-A3C9-C66C87410F12}" = lport=445 | protocol=6 | dir=in | app=system |
"{B16BECA8-D678-48C9-BE82-5BC7D7591F3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC00D59E-0D87-4880-BB94-32163721E9F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{C97C2990-E7A3-4C20-9120-178AB01DAF1E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D5FB44E9-12FF-4ECF-9C4B-F1BEFF38AF7A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D8E79BEC-A227-42CE-B0C5-4ADEA8EDF044}" = rport=138 | protocol=17 | dir=out | app=system |
"{E222F7ED-9344-48CD-B0E6-39D15D7CF6E1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2832F2F-84CF-4962-9F85-48231B6E1B80}" = lport=139 | protocol=6 | dir=in | app=system |
"{EE00EB51-DEFE-432B-8D03-4BA0F76E2DB6}" = rport=139 | protocol=6 | dir=out | app=system |
"{FD02791D-49DC-4519-AA45-9C0DC6DD4186}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FF0057A4-06AB-4AF3-B592-6C906A740864}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FC6B34-2FD9-4147-A773-4CBC9B80730C}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{0B0FD5E9-0DD8-48FB-883F-69FAA44CA908}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{0F57ED4E-C2E7-458C-84E1-3CB6500D40DF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{14EEDE75-93ED-45B5-A943-B6E2DAF86BA7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2898E5AF-4E7A-4133-A21B-CECB0C693192}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{30B09126-46DD-4FF6-A1D0-31D98A19BEA4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3251938D-1F51-43B0-ADE2-CBD58DEDEACE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3AA31A4E-F294-438F-A7F8-4A0EDC692DCD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3C5BEF58-1AEB-4623-91FD-490689A3124D}" = dir=in | app=c:\program files\common files\siemens\sws\almsrv\almsrvx.exe |
"{3D7259BE-E0D0-4292-B05F-1FFFE564999A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3EBFE22F-AD93-42A1-B059-9BB096A9B501}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{50DE32E4-F966-4901-93E0-B0E2014853DA}" = protocol=6 | dir=out | app=system |
"{5FA85D54-1381-4EDB-B12B-8AD543F48914}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{66175788-468D-4110-A933-E3A2DACB18AD}" = dir=in | app=c:\program files\common files\siemens\sqlany\dbeng9.exe |
"{68528B9A-36EF-44D3-9D45-2187590A4D69}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{775479C2-430B-4A68-88AA-7FBE01775299}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85509D81-FC22-4C9F-8A79-8B05A4751092}" = dir=in | app=c:\windows\system32\s7otbxsx.exe |
"{8AF50BED-22DA-423C-9987-BC478A31CFA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93D30904-21E9-4312-AD8E-89FB6693F9C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{97F6FB8C-51E5-4969-9A69-FFC2F2B9F1F3}" = dir=in | app=c:\program files\siemens\step7\s7bin\s7tgtopx.exe |
"{9A269A94-F141-4400-AE6F-43805CF0829E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3650F7-5935-4A08-9E8B-86844B3A8D34}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{CAE17545-40A8-4B3C-8159-56E9E8AF91CE}" = dir=in | app=c:\program files\common files\siemens\sqlany\dbsrv9.exe |
"{CC347119-9E3D-4971-AA28-CA42BCC70588}" = dir=in | app=c:\program files\siemens\step7\s7inf\s7usiapx.exe |
"{D4BB66A8-E5C4-4090-9CF0-FCF8C8E99CFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA338A0C-1351-4EF5-8680-9836F4A5A376}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1F172DE-77F0-4E56-B49D-7770BA22994B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F78839CA-9EA1-41C9-9187-FA6AFA569EDB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{92C38591-5DEC-43AD-817C-BCB23F46EE01}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{BBB05BBD-E1A3-4F66-A4B2-43606C6A7DDC}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{134A51EB-1BBB-4249-BAF5-494C3D186A06}" = PKZIP Server for Windows 12.40.0008
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{668B80AF-D98F-42FC-8EE1-36252B03C5C9}_is1" = MIDI4all
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{960C278D-E4F9-41AD-9073-1B663A7E8CAA}" = USB2.0 UVC WebCam
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adolix Split and Merge PDF_is1" = Adolix Split and Merge PDF v2.1
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 8.2.0.1394
"CCleaner" = CCleaner
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB2.0 UVC 1.3M WebCam" = USB2.0 UVC 1.3M WebCam
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 14.03.2012 16:13:13 | Computer Name = *** | Source = Windows Search Service | ID = 7010
Description =

Error - 11.04.2012 13:30:38 | Computer Name = *** | Source = MsiInstaller | ID = 1013
Description =

Error - 11.04.2012 13:30:39 | Computer Name = *** | Source = MsiInstaller | ID = 1013
Description =

Error - 11.04.2012 13:30:55 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7600.16768 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: a38 Startzeit: 01cd1806ecb153ae Endzeit: 78 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: 08a90b70-83fc-11e1-bd63-001fe2f8b142

Error - 11.04.2012 13:34:36 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.1.7600.16768 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 284 Startzeit: 01cd1808d9d394c4 Endzeit: 31 Anwendungspfad:
C:\Windows\explorer.exe Berichts-ID: 908a051b-83fc-11e1-bd63-001fe2f8b142

Error - 20.05.2012 15:15:15 | Computer Name = *** | Source = MsiInstaller | ID = 11316
Description =

Error - 20.05.2012 15:42:16 | Computer Name = *** | Source = MsiInstaller | ID = 11316
Description =

Error - 20.05.2012 15:43:02 | Computer Name = *** | Source = MsiInstaller | ID = 11316
Description =

Error - 20.05.2012 15:43:51 | Computer Name = *** | Source = MsiInstaller | ID = 11316
Description =

Error - 20.06.2012 12:36:55 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm avnotify.exe, Version 12.3.0.15 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: dd4 Startzeit:
01cd4f02bc1150c4 Endzeit: 15 Anwendungspfad: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe

Berichts-ID:
0ce29fbc-baf6-11e1-bbe0-001fe2f8b142

[ System Events ]
Error - 22.06.2012 07:27:26 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "S7 HSP Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 22.06.2012 12:24:04 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "S7 HSP Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 23.06.2012 13:38:13 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "S7 HSP Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 24.06.2012 06:17:03 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "S7 HSP Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 24.06.2012 09:01:25 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "S7 HSP Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 25.06.2012 04:18:58 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "S7 HSP Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 25.06.2012 14:49:47 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?06.?2012 um 11:35:54 unerwartet heruntergefahren.

Error - 25.06.2012 14:49:53 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "S7 HSP Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 27.06.2012 14:02:50 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "S7 HSP Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 28.06.2012 12:22:15 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "S7 HSP Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

< End of report >

Im Anhang die GMER.txt und die defogger_disable.

In der Anleitung stand noch etwas von dds.txt und attach.txt. Woher bekomme ich die Dateien?

Ich würde mich über eure Hilfe freuen. Vielen Dank für die Mühe im Voraus.

markusg · 29.06.2012, 17:50

hi,
kannst du mir den link als private nachicht senden?
ist das der einzige pc den ihr nutzt?

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

mina88 · 29.06.2012, 20:49

nein das ist nicht der einzige PC. Wir haben ein Notebook und Desktop PC, an denen wir beide arbeiten.

Muss ich jetzt die Schritte auch für den anderen PC machen?

hier die Logfile von Combofix:

Code:

ATTFilter

ComboFix 12-06-28.03 - *** 29.06.2012  21:31:38.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.3067.2208 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-28 bis 2012-06-29  ))))))))))))))))))))))))))))))
.
.
2012-06-29 19:38 . 2012-06-29 19:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-29 19:30 . 2012-06-29 19:30	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E36D098-3437-4D3B-AB3F-7B196D1B29D7}\offreg.dll
2012-06-27 17:13 . 2012-05-31 03:41	6762896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E36D098-3437-4D3B-AB3F-7B196D1B29D7}\mpengine.dll
2012-06-19 14:09 . 2011-02-19 05:33	802304	----a-w-	c:\windows\system32\FntCache.dll
2012-06-19 14:06 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-19 14:06 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-19 14:06 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-19 14:06 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-19 14:05 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-19 14:05 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-19 14:05 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-19 14:05 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-19 14:05 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-14 20:00 . 2012-04-28 03:19	177152	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-14 20:00 . 2012-04-07 11:34	2342400	----a-w-	c:\windows\system32\msi.dll
2012-06-14 20:00 . 2012-05-15 01:12	2342400	----a-w-	c:\windows\system32\win32k.sys
2012-06-14 20:00 . 2012-04-26 04:48	57856	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-14 20:00 . 2012-04-26 04:48	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-14 20:00 . 2012-04-26 04:43	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-14 20:00 . 2012-05-02 04:52	163328	----a-w-	c:\windows\system32\profsvc.dll
2012-06-14 20:00 . 2012-04-24 04:47	139264	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-14 20:00 . 2012-04-24 04:47	103936	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-14 20:00 . 2012-04-24 04:47	1156608	----a-w-	c:\windows\system32\crypt32.dll
2012-06-12 09:57 . 2012-06-12 09:57	--------	d-----w-	c:\users\***\AppData\Local\ChemTable Software
2012-06-10 17:27 . 2012-06-10 17:27	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-06-10 17:26 . 2012-06-10 17:26	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-10 17:26 . 2012-06-10 17:26	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-10 17:26 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-10 12:06 . 2012-06-10 12:06	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-10 12:06 . 2012-06-10 12:06	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll
2012-05-31 19:22 . 2012-06-03 17:38	--------	d-----w-	c:\users\***\AppData\Roaming\Audacity
2012-05-31 19:22 . 2012-05-31 19:22	--------	d-----w-	c:\program files\Audacity
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-09 18:34 . 2012-05-09 18:34	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-09 18:34 . 2012-02-17 21:13	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 19:36 . 2012-02-17 16:29	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 19:36 . 2012-02-17 16:29	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\system32\QuickTime.qts
2012-04-02 04:46 . 2012-05-08 21:04	3902320	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-02 04:46 . 2012-05-08 21:04	3958128	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-06-16 19:12 . 2012-02-17 17:12	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32	94208	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-10 13797920]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-12-13 11487848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-01-31 14:14	17147528	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-02-27 13:45	296056	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
R2 s7hspsvx;S7 HSP Service;c:\program files\Siemens\Step7\s7bin\s7hspsvx.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dpmconv;SIMATIC NET DP Driver;c:\windows\system32\DRIVERS\dpmconv32.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vsnl2ada;SIMATIC NET FDL Driver;c:\windows\system32\DRIVERS\vsnl2ada32.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 S7otranx32;SIMATIC Transport;c:\windows\system32\Drivers\S7otranx32.sys [x]
S2 s7ousbu32x;SIMATIC USB Service;c:\windows\system32\DRIVERS\s7ousbu32x.sys [x]
S2 s7sn2srtx;PROFINET IO RT-Protocol V2.0;c:\windows\system32\DRIVERS\s7sn2srtx.sys [x]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 S7odpx2x32;SIMATIC Knotentaufe;c:\windows\system32\Drivers\S7odpx2x32.sys [x]
S3 s7otsadx32;SIMATIC TS Adapter RS232-32;c:\windows\system32\Drivers\s7otsadx32.sys [x]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sa26bwqj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2132)
c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Zeit der Fertigstellung: 2012-06-29  21:41:43
ComboFix-quarantined-files.txt  2012-06-29 19:41
.
Vor Suchlauf: 7 Verzeichnis(se), 121.465.434.112 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 122.971.656.192 Bytes frei
.
- - End Of File - - C5B3EAE7B98C4DBF4E868EB0C16C7794

markusg · 29.06.2012, 20:52

immer mit der ruhe.
hattest du mit Malwarebytes nen quick oder vollständigen scan gemacht?
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

mina88 · 29.06.2012, 22:03

mit Malwarebytes hatte ich sowohl einen quick-scan als auch vollständigen suchlauf gemacht.
die logs vom tdss killer poste ich in der nächsten antwort.

markusg · 29.06.2012, 22:32

sind probleme mit dem pc festzustellen? läuft er langsamer zb?

mina88 · 30.06.2012, 11:37

hier die log von tdss:

Code:

ATTFilter

12:24:31.0309 0992	TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
12:24:31.0459 0992	============================================================
12:24:31.0459 0992	Current date / time: 2012/06/30 12:24:31.0459
12:24:31.0459 0992	SystemInfo:
12:24:31.0459 0992	
12:24:31.0459 0992	OS Version: 6.1.7600 ServicePack: 0.0
12:24:31.0459 0992	Product type: Workstation
12:24:31.0459 0992	ComputerName: ***
12:24:31.0459 0992	UserName: ***
12:24:31.0459 0992	Windows directory: C:\Windows
12:24:31.0459 0992	System windows directory: C:\Windows
12:24:31.0459 0992	Processor architecture: Intel x86
12:24:31.0459 0992	Number of processors: 2
12:24:31.0459 0992	Page size: 0x1000
12:24:31.0459 0992	Boot type: Normal boot
12:24:31.0459 0992	============================================================
12:24:32.0771 0992	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:24:32.0781 0992	============================================================
12:24:32.0781 0992	\Device\Harddisk0\DR0:
12:24:32.0786 0992	MBR partitions:
12:24:32.0786 0992	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1202E000
12:24:32.0786 0992	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1342E800, BlocksNum 0x11FFF800
12:24:32.0786 0992	============================================================
12:24:32.0863 0992	C: <-> \Device\Harddisk0\DR0\Partition0
12:24:32.0950 0992	D: <-> \Device\Harddisk0\DR0\Partition1
12:24:32.0950 0992	============================================================
12:24:32.0950 0992	Initialize success
12:24:32.0950 0992	============================================================
12:25:38.0674 0644	============================================================
12:25:38.0674 0644	Scan started
12:25:38.0674 0644	Mode: Manual; SigCheck; TDLFS; 
12:25:38.0674 0644	============================================================
12:25:39.0501 0644	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
12:25:39.0657 0644	1394ohci - ok
12:25:39.0704 0644	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
12:25:39.0750 0644	ACPI - ok
12:25:39.0766 0644	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
12:25:39.0813 0644	AcpiPmi - ok
12:25:39.0922 0644	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:25:39.0969 0644	AdobeARMservice - ok
12:25:40.0031 0644	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:25:40.0078 0644	adp94xx - ok
12:25:40.0125 0644	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:25:40.0187 0644	adpahci - ok
12:25:40.0218 0644	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:25:40.0265 0644	adpu320 - ok
12:25:40.0296 0644	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:25:40.0374 0644	AeLookupSvc - ok
12:25:40.0452 0644	AFD             (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
12:25:40.0530 0644	AFD - ok
12:25:40.0562 0644	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
12:25:40.0593 0644	agp440 - ok
12:25:40.0640 0644	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:25:40.0686 0644	aic78xx - ok
12:25:40.0702 0644	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:25:40.0749 0644	ALG - ok
12:25:40.0764 0644	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
12:25:40.0811 0644	aliide - ok
12:25:40.0827 0644	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
12:25:40.0858 0644	amdagp - ok
12:25:40.0874 0644	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
12:25:40.0920 0644	amdide - ok
12:25:40.0952 0644	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:25:40.0998 0644	AmdK8 - ok
12:25:41.0014 0644	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:25:41.0061 0644	AmdPPM - ok
12:25:41.0092 0644	amdsata         (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
12:25:41.0139 0644	amdsata - ok
12:25:41.0170 0644	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:25:41.0217 0644	amdsbs - ok
12:25:41.0248 0644	amdxata         (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
12:25:41.0295 0644	amdxata - ok
12:25:41.0404 0644	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:25:41.0435 0644	AntiVirSchedulerService - ok
12:25:41.0466 0644	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:25:41.0482 0644	AntiVirService - ok
12:25:41.0529 0644	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
12:25:41.0576 0644	AppID - ok
12:25:41.0607 0644	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:25:41.0700 0644	AppIDSvc - ok
12:25:41.0716 0644	Appinfo         (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
12:25:41.0763 0644	Appinfo - ok
12:25:41.0825 0644	AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
12:25:41.0872 0644	AppMgmt - ok
12:25:41.0903 0644	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:25:41.0950 0644	arc - ok
12:25:41.0966 0644	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:25:41.0997 0644	arcsas - ok
12:25:42.0028 0644	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:25:42.0106 0644	AsyncMac - ok
12:25:42.0122 0644	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
12:25:42.0153 0644	atapi - ok
12:25:42.0215 0644	AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
12:25:42.0340 0644	AudioEndpointBuilder - ok
12:25:42.0356 0644	Audiosrv        (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
12:25:42.0434 0644	Audiosrv - ok
12:25:42.0496 0644	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
12:25:42.0964 0644	avgntflt - ok
12:25:43.0011 0644	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
12:25:43.0073 0644	avipbb - ok
12:25:43.0089 0644	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
12:25:43.0136 0644	avkmgr - ok
12:25:43.0167 0644	AxInstSV        (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
12:25:43.0260 0644	AxInstSV - ok
12:25:43.0323 0644	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:25:43.0385 0644	b06bdrv - ok
12:25:43.0432 0644	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:25:43.0494 0644	b57nd60x - ok
12:25:43.0526 0644	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:25:43.0588 0644	BDESVC - ok
12:25:43.0619 0644	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:25:43.0697 0644	Beep - ok
12:25:43.0760 0644	BFE             (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
12:25:43.0884 0644	BFE - ok
12:25:43.0962 0644	BITS            (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
12:25:44.0072 0644	BITS - ok
12:25:44.0087 0644	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:25:44.0134 0644	blbdrive - ok
12:25:44.0165 0644	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
12:25:44.0212 0644	bowser - ok
12:25:44.0243 0644	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:25:44.0290 0644	BrFiltLo - ok
12:25:44.0306 0644	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:25:44.0384 0644	BrFiltUp - ok
12:25:44.0430 0644	BridgeMP        (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
12:25:44.0524 0644	BridgeMP - ok
12:25:44.0571 0644	Browser         (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
12:25:44.0664 0644	Browser - ok
12:25:44.0711 0644	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:25:44.0758 0644	Brserid - ok
12:25:44.0805 0644	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:25:44.0867 0644	BrSerWdm - ok
12:25:44.0867 0644	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:25:44.0930 0644	BrUsbMdm - ok
12:25:44.0945 0644	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:25:44.0992 0644	BrUsbSer - ok
12:25:45.0054 0644	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
12:25:45.0101 0644	BthEnum - ok
12:25:45.0132 0644	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:25:45.0210 0644	BTHMODEM - ok
12:25:45.0242 0644	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
12:25:45.0288 0644	BthPan - ok
12:25:45.0366 0644	BTHPORT         (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys
12:25:45.0413 0644	BTHPORT - ok
12:25:45.0460 0644	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:25:45.0554 0644	bthserv - ok
12:25:45.0569 0644	BTHUSB          (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys
12:25:45.0616 0644	BTHUSB - ok
12:25:45.0756 0644	catchme - ok
12:25:45.0803 0644	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:25:45.0881 0644	cdfs - ok
12:25:45.0928 0644	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
12:25:45.0990 0644	cdrom - ok
12:25:46.0006 0644	CertPropSvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
12:25:46.0100 0644	CertPropSvc - ok
12:25:46.0131 0644	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:25:46.0162 0644	circlass - ok
12:25:46.0193 0644	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:25:46.0240 0644	CLFS - ok
12:25:46.0318 0644	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:25:46.0365 0644	clr_optimization_v2.0.50727_32 - ok
12:25:46.0536 0644	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:25:46.0568 0644	clr_optimization_v4.0.30319_32 - ok
12:25:46.0599 0644	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:25:46.0646 0644	CmBatt - ok
12:25:46.0646 0644	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
12:25:46.0692 0644	cmdide - ok
12:25:46.0755 0644	CNG             (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
12:25:46.0817 0644	CNG - ok
12:25:46.0817 0644	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:25:46.0864 0644	Compbatt - ok
12:25:46.0895 0644	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:25:46.0942 0644	CompositeBus - ok
12:25:46.0958 0644	COMSysApp - ok
12:25:46.0973 0644	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:25:47.0020 0644	crcdisk - ok
12:25:47.0082 0644	CryptSvc        (520a108a2657f4bca7fced9ca7d885de) C:\Windows\system32\cryptsvc.dll
12:25:47.0145 0644	CryptSvc - ok
12:25:47.0192 0644	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
12:25:47.0270 0644	CSC - ok
12:25:47.0332 0644	CscService      (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
12:25:47.0410 0644	CscService - ok
12:25:47.0488 0644	DcomLaunch      (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
12:25:47.0582 0644	DcomLaunch - ok
12:25:47.0628 0644	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:25:47.0722 0644	defragsvc - ok
12:25:47.0816 0644	DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
12:25:47.0878 0644	DfsC - ok
12:25:47.0925 0644	Dhcp            (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
12:25:47.0972 0644	Dhcp - ok
12:25:48.0065 0644	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:25:48.0174 0644	discache - ok
12:25:48.0221 0644	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:25:48.0268 0644	Disk - ok
12:25:48.0315 0644	Dnscache        (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
12:25:48.0362 0644	Dnscache - ok
12:25:48.0393 0644	dot3svc         (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
12:25:48.0518 0644	dot3svc - ok
12:25:48.0596 0644	dpmconv         (54b4256d1edf1d104bea2b73c24c89ad) C:\Windows\system32\DRIVERS\dpmconv32.sys
12:25:48.0642 0644	dpmconv - ok
12:25:48.0658 0644	DPS             (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
12:25:48.0736 0644	DPS - ok
12:25:48.0783 0644	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:25:48.0830 0644	drmkaud - ok
12:25:48.0908 0644	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
12:25:49.0017 0644	DXGKrnl - ok
12:25:49.0064 0644	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:25:49.0142 0644	EapHost - ok
12:25:49.0407 0644	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:25:49.0578 0644	ebdrv - ok
12:25:49.0750 0644	EFS             (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
12:25:49.0812 0644	EFS - ok
12:25:49.0922 0644	ehRecvr         (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
12:25:50.0031 0644	ehRecvr - ok
12:25:50.0078 0644	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:25:50.0124 0644	ehSched - ok
12:25:50.0218 0644	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:25:50.0280 0644	elxstor - ok
12:25:50.0296 0644	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
12:25:50.0327 0644	ErrDev - ok
12:25:50.0390 0644	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:25:50.0483 0644	EventSystem - ok
12:25:50.0514 0644	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:25:50.0608 0644	exfat - ok
12:25:50.0639 0644	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:25:50.0733 0644	fastfat - ok
12:25:50.0795 0644	Fax             (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
12:25:50.0858 0644	Fax - ok
12:25:50.0889 0644	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:25:50.0936 0644	fdc - ok
12:25:50.0967 0644	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:25:51.0045 0644	fdPHost - ok
12:25:51.0060 0644	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:25:51.0170 0644	FDResPub - ok
12:25:51.0201 0644	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:25:51.0248 0644	FileInfo - ok
12:25:51.0263 0644	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:25:51.0341 0644	Filetrace - ok
12:25:51.0357 0644	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:25:51.0404 0644	flpydisk - ok
12:25:51.0450 0644	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:25:51.0497 0644	FltMgr - ok
12:25:51.0591 0644	FontCache       (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
12:25:51.0700 0644	FontCache - ok
12:25:51.0825 0644	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:25:51.0856 0644	FontCache3.0.0.0 - ok
12:25:51.0872 0644	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:25:51.0903 0644	FsDepends - ok
12:25:51.0950 0644	Fs_Rec          (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
12:25:51.0981 0644	Fs_Rec - ok
12:25:52.0059 0644	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
12:25:52.0106 0644	fvevol - ok
12:25:52.0137 0644	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:25:52.0184 0644	gagp30kx - ok
12:25:52.0246 0644	gpsvc           (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
12:25:52.0340 0644	gpsvc - ok
12:25:52.0355 0644	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:25:52.0402 0644	hcw85cir - ok
12:25:52.0464 0644	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
12:25:52.0558 0644	HdAudAddService - ok
12:25:52.0605 0644	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:25:52.0652 0644	HDAudBus - ok
12:25:52.0652 0644	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:25:52.0698 0644	HidBatt - ok
12:25:52.0714 0644	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:25:52.0761 0644	HidBth - ok
12:25:52.0792 0644	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:25:52.0839 0644	HidIr - ok
12:25:52.0870 0644	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
12:25:52.0979 0644	hidserv - ok
12:25:52.0995 0644	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
12:25:53.0057 0644	HidUsb - ok
12:25:53.0088 0644	hkmsvc          (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
12:25:53.0166 0644	hkmsvc - ok
12:25:53.0198 0644	HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
12:25:53.0291 0644	HomeGroupListener - ok
12:25:53.0322 0644	HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
12:25:53.0385 0644	HomeGroupProvider - ok
12:25:53.0416 0644	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:25:53.0447 0644	HpSAMD - ok
12:25:53.0510 0644	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
12:25:53.0603 0644	HTTP - ok
12:25:53.0634 0644	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
12:25:53.0666 0644	hwpolicy - ok
12:25:53.0681 0644	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
12:25:53.0744 0644	i8042prt - ok
12:25:53.0822 0644	iaStorV         (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
12:25:53.0853 0644	iaStorV - ok
12:25:54.0040 0644	idsvc           (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:25:54.0165 0644	idsvc - ok
12:25:54.0180 0644	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:25:54.0227 0644	iirsp - ok
12:25:54.0321 0644	IKEEXT          (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
12:25:54.0461 0644	IKEEXT - ok
12:25:54.0836 0644	IntcAzAudAddService (0dbef9cd5a2cd71240dd5afcee56d073) C:\Windows\system32\drivers\RTKVHDA.sys
12:25:55.0085 0644	IntcAzAudAddService - ok
12:25:55.0257 0644	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
12:25:55.0288 0644	intelide - ok
12:25:55.0319 0644	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:25:55.0366 0644	intelppm - ok
12:25:55.0397 0644	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:25:55.0506 0644	IPBusEnum - ok
12:25:55.0538 0644	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:25:55.0616 0644	IpFilterDriver - ok
12:25:55.0678 0644	iphlpsvc        (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
12:25:55.0787 0644	iphlpsvc - ok
12:25:55.0803 0644	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:25:55.0834 0644	IPMIDRV - ok
12:25:55.0850 0644	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:25:55.0928 0644	IPNAT - ok
12:25:55.0959 0644	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:25:55.0990 0644	IRENUM - ok
12:25:56.0037 0644	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
12:25:56.0068 0644	isapnp - ok
12:25:56.0099 0644	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
12:25:56.0146 0644	iScsiPrt - ok
12:25:56.0162 0644	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:25:56.0208 0644	kbdclass - ok
12:25:56.0224 0644	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
12:25:56.0271 0644	kbdhid - ok
12:25:56.0318 0644	KeyIso          (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:25:56.0349 0644	KeyIso - ok
12:25:56.0364 0644	KSecDD          (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
12:25:56.0396 0644	KSecDD - ok
12:25:56.0427 0644	KSecPkg         (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
12:25:56.0458 0644	KSecPkg - ok
12:25:56.0505 0644	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:25:56.0614 0644	KtmRm - ok
12:25:56.0676 0644	LanmanServer    (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
12:25:56.0723 0644	LanmanServer - ok
12:25:56.0754 0644	LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
12:25:56.0832 0644	LanmanWorkstation - ok
12:25:56.0879 0644	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:25:56.0973 0644	lltdio - ok
12:25:57.0020 0644	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:25:57.0098 0644	lltdsvc - ok
12:25:57.0113 0644	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:25:57.0191 0644	lmhosts - ok
12:25:57.0222 0644	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:25:57.0254 0644	LSI_FC - ok
12:25:57.0269 0644	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:25:57.0316 0644	LSI_SAS - ok
12:25:57.0332 0644	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:25:57.0363 0644	LSI_SAS2 - ok
12:25:57.0378 0644	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:25:57.0410 0644	LSI_SCSI - ok
12:25:57.0456 0644	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:25:57.0550 0644	luafv - ok
12:25:57.0581 0644	Mcx2Svc         (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
12:25:57.0644 0644	Mcx2Svc - ok
12:25:57.0644 0644	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:25:57.0690 0644	megasas - ok
12:25:57.0706 0644	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:25:57.0753 0644	MegaSR - ok
12:25:57.0800 0644	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:25:57.0893 0644	MMCSS - ok
12:25:57.0909 0644	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:25:58.0002 0644	Modem - ok
12:25:58.0034 0644	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:25:58.0080 0644	monitor - ok
12:25:58.0096 0644	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:25:58.0158 0644	mouclass - ok
12:25:58.0174 0644	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:25:58.0236 0644	mouhid - ok
12:25:58.0252 0644	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
12:25:58.0283 0644	mountmgr - ok
12:25:58.0424 0644	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:25:58.0470 0644	MozillaMaintenance - ok
12:25:58.0517 0644	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
12:25:58.0548 0644	mpio - ok
12:25:58.0564 0644	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:25:58.0642 0644	mpsdrv - ok
12:25:58.0704 0644	MpsSvc          (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
12:25:58.0829 0644	MpsSvc - ok
12:25:58.0860 0644	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
12:25:58.0907 0644	MRxDAV - ok
12:25:58.0970 0644	mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:25:59.0016 0644	mrxsmb - ok
12:25:59.0048 0644	mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:25:59.0126 0644	mrxsmb10 - ok
12:25:59.0157 0644	mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:25:59.0204 0644	mrxsmb20 - ok
12:25:59.0235 0644	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
12:25:59.0266 0644	msahci - ok
12:25:59.0282 0644	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
12:25:59.0344 0644	msdsm - ok
12:25:59.0516 0644	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:25:59.0562 0644	MSDTC - ok
12:25:59.0594 0644	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:25:59.0672 0644	Msfs - ok
12:25:59.0703 0644	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:25:59.0781 0644	mshidkmdf - ok
12:25:59.0796 0644	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
12:25:59.0828 0644	msisadrv - ok
12:25:59.0921 0644	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:25:59.0984 0644	MSiSCSI - ok
12:25:59.0999 0644	msiserver - ok
12:26:00.0030 0644	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:26:00.0108 0644	MSKSSRV - ok
12:26:00.0124 0644	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:26:00.0218 0644	MSPCLOCK - ok
12:26:00.0233 0644	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:26:00.0311 0644	MSPQM - ok
12:26:00.0358 0644	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:26:00.0420 0644	MsRPC - ok
12:26:00.0436 0644	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
12:26:00.0467 0644	mssmbios - ok
12:26:00.0514 0644	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:26:00.0592 0644	MSTEE - ok
12:26:00.0608 0644	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:26:00.0654 0644	MTConfig - ok
12:26:00.0670 0644	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:26:00.0717 0644	Mup - ok
12:26:00.0764 0644	napagent        (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
12:26:00.0857 0644	napagent - ok
12:26:00.0904 0644	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:26:00.0998 0644	NativeWifiP - ok
12:26:01.0091 0644	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
12:26:01.0169 0644	NDIS - ok
12:26:01.0200 0644	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:26:01.0278 0644	NdisCap - ok
12:26:01.0310 0644	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:26:01.0388 0644	NdisTapi - ok
12:26:01.0388 0644	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
12:26:01.0466 0644	Ndisuio - ok
12:26:01.0481 0644	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
12:26:01.0544 0644	NdisWan - ok
12:26:01.0559 0644	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
12:26:01.0668 0644	NDProxy - ok
12:26:01.0700 0644	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:26:01.0778 0644	NetBIOS - ok
12:26:01.0809 0644	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
12:26:01.0887 0644	NetBT - ok
12:26:01.0918 0644	Netlogon        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:26:01.0965 0644	Netlogon - ok
12:26:02.0012 0644	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:26:02.0105 0644	Netman - ok
12:26:02.0136 0644	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:26:02.0246 0644	netprofm - ok
12:26:02.0355 0644	NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:26:02.0417 0644	NetTcpPortSharing - ok
12:26:02.0948 0644	NETw5s32        (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
12:26:03.0306 0644	NETw5s32 - ok
12:26:03.0759 0644	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
12:26:04.0024 0644	netw5v32 - ok
12:26:04.0118 0644	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:26:04.0149 0644	nfrd960 - ok
12:26:04.0196 0644	NlaSvc          (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
12:26:04.0289 0644	NlaSvc - ok
12:26:04.0289 0644	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:26:04.0367 0644	Npfs - ok
12:26:04.0414 0644	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:26:04.0492 0644	nsi - ok
12:26:04.0492 0644	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:26:04.0570 0644	nsiproxy - ok
12:26:04.0710 0644	Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
12:26:04.0835 0644	Ntfs - ok
12:26:04.0866 0644	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:26:04.0960 0644	Null - ok
12:26:05.0724 0644	nvlddmkm        (519d5e6b7fa9542c42437b2dfdcfafd1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:26:06.0192 0644	nvlddmkm - ok
12:26:06.0411 0644	nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
12:26:06.0458 0644	nvraid - ok
12:26:06.0489 0644	nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
12:26:06.0536 0644	nvstor - ok
12:26:06.0598 0644	nvsvc           (d9295d59e8c69537b87d0dc638f61b76) C:\Windows\system32\nvvsvc.exe
12:26:06.0629 0644	nvsvc - ok
12:26:06.0676 0644	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
12:26:06.0707 0644	nv_agp - ok
12:26:06.0723 0644	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
12:26:06.0770 0644	ohci1394 - ok
12:26:06.0816 0644	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:26:06.0863 0644	p2pimsvc - ok
12:26:06.0926 0644	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:26:06.0988 0644	p2psvc - ok
12:26:07.0019 0644	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:26:07.0050 0644	Parport - ok
12:26:07.0097 0644	partmgr         (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
12:26:07.0144 0644	partmgr - ok
12:26:07.0175 0644	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:26:07.0206 0644	Parvdm - ok
12:26:07.0238 0644	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:26:07.0300 0644	PcaSvc - ok
12:26:07.0316 0644	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
12:26:07.0362 0644	pci - ok
12:26:07.0378 0644	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
12:26:07.0409 0644	pciide - ok
12:26:07.0456 0644	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:26:07.0503 0644	pcmcia - ok
12:26:07.0518 0644	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:26:07.0565 0644	pcw - ok
12:26:07.0643 0644	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:26:07.0784 0644	PEAUTH - ok
12:26:07.0877 0644	PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
12:26:08.0002 0644	PeerDistSvc - ok
12:26:08.0158 0644	pla             (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
12:26:08.0361 0644	pla - ok
12:26:08.0548 0644	PlugPlay        (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
12:26:08.0595 0644	PlugPlay - ok
12:26:08.0610 0644	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:26:08.0673 0644	PNRPAutoReg - ok
12:26:08.0704 0644	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:26:08.0751 0644	PNRPsvc - ok
12:26:08.0798 0644	PolicyAgent     (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
12:26:08.0876 0644	PolicyAgent - ok
12:26:08.0922 0644	Power           (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
12:26:09.0000 0644	Power - ok
12:26:09.0063 0644	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:26:09.0141 0644	PptpMiniport - ok
12:26:09.0172 0644	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:26:09.0219 0644	Processor - ok
12:26:09.0281 0644	ProfSvc         (aea3bdbdba667aa6f678cb38907e4f5e) C:\Windows\system32\profsvc.dll
12:26:09.0344 0644	ProfSvc - ok
12:26:09.0375 0644	ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:26:09.0406 0644	ProtectedStorage - ok
12:26:09.0453 0644	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:26:09.0531 0644	Psched - ok
12:26:09.0640 0644	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:26:09.0734 0644	ql2300 - ok
12:26:09.0890 0644	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:26:09.0936 0644	ql40xx - ok
12:26:09.0968 0644	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:26:10.0030 0644	QWAVE - ok
12:26:10.0046 0644	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:26:10.0092 0644	QWAVEdrv - ok
12:26:10.0108 0644	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:26:10.0202 0644	RasAcd - ok
12:26:10.0248 0644	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:26:10.0326 0644	RasAgileVpn - ok
12:26:10.0373 0644	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:26:10.0467 0644	RasAuto - ok
12:26:10.0482 0644	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:26:10.0576 0644	Rasl2tp - ok
12:26:10.0623 0644	RasMan          (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
12:26:10.0701 0644	RasMan - ok
12:26:10.0716 0644	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:26:10.0826 0644	RasPppoe - ok
12:26:10.0841 0644	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:26:10.0919 0644	RasSstp - ok
12:26:10.0966 0644	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
12:26:11.0028 0644	rdbss - ok
12:26:11.0044 0644	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:26:11.0091 0644	rdpbus - ok
12:26:11.0122 0644	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:26:11.0184 0644	RDPCDD - ok
12:26:11.0231 0644	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
12:26:11.0278 0644	RDPDR - ok
12:26:11.0294 0644	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:26:11.0372 0644	RDPENCDD - ok
12:26:11.0403 0644	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:26:11.0465 0644	RDPREFMP - ok
12:26:11.0496 0644	RDPWD           (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys
12:26:11.0590 0644	RDPWD - ok
12:26:11.0637 0644	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
12:26:11.0668 0644	rdyboost - ok
12:26:11.0699 0644	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:26:11.0777 0644	RemoteAccess - ok
12:26:11.0808 0644	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:26:11.0902 0644	RemoteRegistry - ok
12:26:11.0949 0644	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
12:26:11.0996 0644	RFCOMM - ok
12:26:12.0042 0644	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:26:12.0136 0644	RpcEptMapper - ok
12:26:12.0167 0644	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:26:12.0214 0644	RpcLocator - ok
12:26:12.0261 0644	RpcSs           (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
12:26:12.0339 0644	RpcSs - ok
12:26:12.0386 0644	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:26:12.0464 0644	rspndr - ok
12:26:12.0495 0644	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
12:26:12.0526 0644	s3cap - ok
12:26:12.0838 0644	s7hspsvx - ok
12:26:12.0885 0644	S7odpx2x32      (515e9d5a6bf42c493678885e86e2a3e5) C:\Windows\system32\Drivers\S7odpx2x32.sys
12:26:12.0916 0644	S7odpx2x32 - ok
12:26:12.0978 0644	S7otranx32      (079e29c80a51eebca3b0a52c151abaa9) C:\Windows\system32\Drivers\S7otranx32.sys
12:26:13.0025 0644	S7otranx32 - ok
12:26:13.0072 0644	s7otsadx32      (c39b98f379149bdaa5e662445ed4be07) C:\Windows\system32\Drivers\s7otsadx32.sys
12:26:13.0103 0644	s7otsadx32 - ok
12:26:13.0150 0644	s7ousbu32x      (78bdd0562a7c8acb1ed9ab69efdcdee8) C:\Windows\system32\DRIVERS\s7ousbu32x.sys
12:26:13.0181 0644	s7ousbu32x - ok
12:26:13.0228 0644	s7sn2srtx       (f25735ed9017691f2dbca8568882bdba) C:\Windows\system32\DRIVERS\s7sn2srtx.sys
12:26:13.0244 0644	s7sn2srtx ( UnsignedFile.Multi.Generic ) - warning
12:26:13.0244 0644	s7sn2srtx - detected UnsignedFile.Multi.Generic (1)
12:26:13.0322 0644	SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\Windows\system32\Drivers\SABI.sys
12:26:13.0368 0644	SABI - ok
12:26:13.0400 0644	SamSs           (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:26:13.0431 0644	SamSs - ok
12:26:13.0478 0644	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
12:26:13.0524 0644	sbp2port - ok
12:26:13.0571 0644	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:26:13.0665 0644	SCardSvr - ok
12:26:13.0665 0644	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
12:26:13.0743 0644	scfilter - ok
12:26:13.0836 0644	Schedule        (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
12:26:13.0914 0644	Schedule - ok
12:26:13.0946 0644	SCPolicySvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
12:26:14.0024 0644	SCPolicySvc - ok
12:26:14.0055 0644	SDRSVC          (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
12:26:14.0102 0644	SDRSVC - ok
12:26:14.0133 0644	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:26:14.0226 0644	secdrv - ok
12:26:14.0258 0644	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:26:14.0336 0644	seclogon - ok
12:26:14.0367 0644	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
12:26:14.0460 0644	SENS - ok
12:26:14.0492 0644	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:26:14.0554 0644	SensrSvc - ok
12:26:14.0570 0644	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:26:14.0632 0644	Serenum - ok
12:26:14.0632 0644	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:26:14.0694 0644	Serial - ok
12:26:14.0710 0644	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:26:14.0741 0644	sermouse - ok
12:26:14.0788 0644	SessionEnv      (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
12:26:14.0882 0644	SessionEnv - ok
12:26:14.0897 0644	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
12:26:14.0975 0644	sffdisk - ok
12:26:15.0006 0644	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:26:15.0069 0644	sffp_mmc - ok
12:26:15.0069 0644	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:26:15.0131 0644	sffp_sd - ok
12:26:15.0131 0644	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:26:15.0178 0644	sfloppy - ok
12:26:15.0256 0644	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
12:26:15.0365 0644	SharedAccess - ok
12:26:15.0428 0644	ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
12:26:15.0490 0644	ShellHWDetection - ok
12:26:15.0506 0644	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
12:26:15.0537 0644	sisagp - ok
12:26:15.0584 0644	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:26:15.0615 0644	SiSRaid2 - ok
12:26:15.0630 0644	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:26:15.0662 0644	SiSRaid4 - ok
12:26:15.0771 0644	SkypeUpdate     (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files\Skype\Updater\Updater.exe
12:26:15.0911 0644	SkypeUpdate - ok
12:26:15.0974 0644	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:26:16.0036 0644	Smb - ok
12:26:16.0083 0644	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:26:16.0114 0644	SNMPTRAP - ok
12:26:16.0192 0644	SNTIE           (bff9e41394b5046ecb432c2d33bec042) C:\Windows\system32\DRIVERS\sntie.sys
12:26:16.0223 0644	SNTIE - ok
12:26:16.0254 0644	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:26:16.0270 0644	spldr - ok
12:26:16.0332 0644	Spooler         (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
12:26:16.0364 0644	Spooler - ok
12:26:16.0816 0644	sppsvc          (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
12:26:16.0988 0644	sppsvc - ok
12:26:17.0175 0644	sppuinotify     (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
12:26:17.0253 0644	sppuinotify - ok
12:26:17.0331 0644	srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
12:26:17.0409 0644	srv - ok
12:26:17.0456 0644	srv2            (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
12:26:17.0549 0644	srv2 - ok
12:26:17.0580 0644	srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
12:26:17.0627 0644	srvnet - ok
12:26:17.0658 0644	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:26:17.0752 0644	SSDPSRV - ok
12:26:17.0783 0644	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
12:26:17.0814 0644	ssmdrv - ok
12:26:17.0830 0644	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:26:17.0908 0644	SstpSvc - ok
12:26:17.0939 0644	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:26:17.0970 0644	stexstor - ok
12:26:18.0033 0644	StiSvc          (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
12:26:18.0095 0644	StiSvc - ok
12:26:18.0251 0644	StkCMini        (80225bebb0e40d0b9a0ad2b89b948c82) C:\Windows\system32\Drivers\StkCMini.sys
12:26:18.0345 0644	StkCMini - ok
12:26:18.0516 0644	StkSSrv         (a96f636afbde939e8abd601f9801b031) C:\Windows\System32\StkCSrv.exe
12:26:18.0548 0644	StkSSrv - ok
12:26:18.0579 0644	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
12:26:18.0626 0644	storflt - ok
12:26:18.0657 0644	StorSvc         (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
12:26:18.0704 0644	StorSvc - ok
12:26:18.0719 0644	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
12:26:18.0750 0644	storvsc - ok
12:26:18.0782 0644	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
12:26:18.0813 0644	swenum - ok
12:26:18.0875 0644	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:26:18.0969 0644	swprv - ok
12:26:19.0016 0644	SynTP           (7a9025d8f7852b06d6d08ed536135e7e) C:\Windows\system32\DRIVERS\SynTP.sys
12:26:19.0062 0644	SynTP - ok
12:26:19.0172 0644	SysMain         (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
12:26:19.0296 0644	SysMain - ok
12:26:19.0312 0644	TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
12:26:19.0390 0644	TabletInputService - ok
12:26:19.0421 0644	TapiSrv         (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
12:26:19.0499 0644	TapiSrv - ok
12:26:19.0515 0644	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:26:19.0608 0644	TBS - ok
12:26:19.0749 0644	Tcpip           (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
12:26:19.0858 0644	Tcpip - ok
12:26:19.0905 0644	TCPIP6          (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
12:26:19.0983 0644	TCPIP6 - ok
12:26:20.0030 0644	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
12:26:20.0123 0644	tcpipreg - ok
12:26:20.0139 0644	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
12:26:20.0186 0644	TDPIPE - ok
12:26:20.0217 0644	TDTCP           (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
12:26:20.0248 0644	TDTCP - ok
12:26:20.0264 0644	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
12:26:20.0326 0644	tdx - ok
12:26:20.0342 0644	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
12:26:20.0388 0644	TermDD - ok
12:26:20.0466 0644	TermService     (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
12:26:20.0607 0644	TermService - ok
12:26:20.0622 0644	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:26:20.0685 0644	Themes - ok
12:26:20.0716 0644	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:26:20.0794 0644	THREADORDER - ok
12:26:20.0825 0644	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:26:20.0919 0644	TrkWks - ok
12:26:20.0981 0644	TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
12:26:21.0012 0644	TrustedInstaller - ok
12:26:21.0044 0644	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:26:21.0122 0644	tssecsrv - ok
12:26:21.0168 0644	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
12:26:21.0231 0644	tunnel - ok
12:26:21.0246 0644	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:26:21.0278 0644	uagp35 - ok
12:26:21.0309 0644	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
12:26:21.0402 0644	udfs - ok
12:26:21.0465 0644	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:26:21.0512 0644	UI0Detect - ok
12:26:21.0543 0644	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:26:21.0590 0644	uliagpkx - ok
12:26:21.0652 0644	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
12:26:21.0714 0644	umbus - ok
12:26:21.0761 0644	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:26:21.0808 0644	UmPass - ok
12:26:21.0855 0644	UmRdpService    (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
12:26:21.0917 0644	UmRdpService - ok
12:26:21.0980 0644	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:26:22.0089 0644	upnphost - ok
12:26:22.0136 0644	usbccgp         (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
12:26:22.0167 0644	usbccgp - ok
12:26:22.0198 0644	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
12:26:22.0260 0644	usbcir - ok
12:26:22.0276 0644	usbehci         (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
12:26:22.0307 0644	usbehci - ok
12:26:22.0338 0644	usbhub          (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
12:26:22.0385 0644	usbhub - ok
12:26:22.0401 0644	usbohci         (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
12:26:22.0432 0644	usbohci - ok
12:26:22.0463 0644	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:26:22.0510 0644	usbprint - ok
12:26:22.0557 0644	USBSTOR         (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:26:22.0588 0644	USBSTOR - ok
12:26:22.0604 0644	usbuhci         (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
12:26:22.0650 0644	usbuhci - ok
12:26:22.0728 0644	usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
12:26:22.0775 0644	usbvideo - ok
12:26:22.0806 0644	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:26:22.0884 0644	UxSms - ok
12:26:22.0916 0644	VaultSvc        (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
12:26:22.0947 0644	VaultSvc - ok
12:26:22.0994 0644	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:26:23.0025 0644	vdrvroot - ok
12:26:23.0072 0644	vds             (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
12:26:23.0150 0644	vds - ok
12:26:23.0165 0644	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:26:23.0212 0644	vga - ok
12:26:23.0212 0644	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:26:23.0290 0644	VgaSave - ok
12:26:23.0352 0644	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
12:26:23.0384 0644	vhdmp - ok
12:26:23.0415 0644	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
12:26:23.0446 0644	viaagp - ok
12:26:23.0462 0644	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:26:23.0508 0644	ViaC7 - ok
12:26:23.0508 0644	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
12:26:23.0555 0644	viaide - ok
12:26:23.0602 0644	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
12:26:23.0633 0644	vmbus - ok
12:26:23.0649 0644	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
12:26:23.0696 0644	VMBusHID - ok
12:26:23.0696 0644	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
12:26:23.0742 0644	volmgr - ok
12:26:23.0789 0644	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:26:23.0836 0644	volmgrx - ok
12:26:23.0867 0644	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
12:26:23.0914 0644	volsnap - ok
12:26:23.0945 0644	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:26:23.0976 0644	vsmraid - ok
12:26:24.0039 0644	vsnl2ada        (cd9dddcf41f53a64b7a6c7b44ed5f811) C:\Windows\system32\DRIVERS\vsnl2ada32.sys
12:26:24.0070 0644	vsnl2ada - ok
12:26:24.0164 0644	VSS             (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
12:26:24.0257 0644	VSS - ok
12:26:24.0273 0644	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
12:26:24.0320 0644	vwifibus - ok
12:26:24.0351 0644	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
12:26:24.0398 0644	vwififlt - ok
12:26:24.0444 0644	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:26:24.0554 0644	W32Time - ok
12:26:24.0569 0644	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:26:24.0616 0644	WacomPen - ok
12:26:24.0632 0644	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
12:26:24.0710 0644	WANARP - ok
12:26:24.0725 0644	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
12:26:24.0788 0644	Wanarpv6 - ok
12:26:24.0928 0644	wbengine        (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
12:26:25.0068 0644	wbengine - ok
12:26:25.0100 0644	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:26:25.0178 0644	WbioSrvc - ok
12:26:25.0224 0644	wcncsvc         (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
12:26:25.0287 0644	wcncsvc - ok
12:26:25.0318 0644	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:26:25.0380 0644	WcsPlugInService - ok
12:26:25.0427 0644	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:26:25.0458 0644	Wd - ok
12:26:25.0505 0644	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:26:25.0583 0644	Wdf01000 - ok
12:26:25.0614 0644	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:26:25.0677 0644	WdiServiceHost - ok
12:26:25.0692 0644	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:26:25.0739 0644	WdiSystemHost - ok
12:26:25.0786 0644	WebClient       (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
12:26:25.0864 0644	WebClient - ok
12:26:25.0911 0644	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:26:25.0989 0644	Wecsvc - ok
12:26:26.0020 0644	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:26:26.0114 0644	wercplsupport - ok
12:26:26.0145 0644	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:26:26.0223 0644	WerSvc - ok
12:26:26.0254 0644	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:26:26.0332 0644	WfpLwf - ok
12:26:26.0363 0644	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:26:26.0394 0644	WIMMount - ok
12:26:26.0535 0644	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:26:26.0613 0644	WinDefend - ok
12:26:26.0628 0644	WinHttpAutoProxySvc - ok
12:26:26.0691 0644	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:26:26.0784 0644	Winmgmt - ok
12:26:26.0909 0644	WinRM           (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
12:26:27.0050 0644	WinRM - ok
12:26:27.0174 0644	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:26:27.0284 0644	Wlansvc - ok
12:26:27.0518 0644	wlidsvc         (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:26:27.0642 0644	wlidsvc - ok
12:26:27.0814 0644	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:26:27.0845 0644	WmiAcpi - ok
12:26:27.0908 0644	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:26:27.0970 0644	wmiApSrv - ok
12:26:28.0142 0644	WMPNetworkSvc   (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:26:28.0220 0644	WMPNetworkSvc - ok
12:26:28.0251 0644	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:26:28.0313 0644	WPCSvc - ok
12:26:28.0344 0644	WPDBusEnum      (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
12:26:28.0376 0644	WPDBusEnum - ok
12:26:28.0438 0644	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:26:28.0516 0644	ws2ifsl - ok
12:26:28.0563 0644	wscsvc          (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
12:26:28.0641 0644	wscsvc - ok
12:26:28.0641 0644	WSearch - ok
12:26:28.0844 0644	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
12:26:29.0000 0644	wuauserv - ok
12:26:29.0171 0644	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
12:26:29.0265 0644	WudfPf - ok
12:26:29.0296 0644	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:26:29.0374 0644	WUDFRd - ok
12:26:29.0405 0644	wudfsvc         (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
12:26:29.0499 0644	wudfsvc - ok
12:26:29.0530 0644	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:26:29.0592 0644	WwanSvc - ok
12:26:29.0655 0644	yukonw7         (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
12:26:29.0717 0644	yukonw7 - ok
12:26:29.0748 0644	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:26:30.0154 0644	\Device\Harddisk0\DR0 - ok
12:26:30.0170 0644	Boot (0x1200)   (02a29938025ab84e3e364fcf89028d05) \Device\Harddisk0\DR0\Partition0
12:26:30.0170 0644	\Device\Harddisk0\DR0\Partition0 - ok
12:26:30.0201 0644	Boot (0x1200)   (be5529189b53e179a93db798942e06cc) \Device\Harddisk0\DR0\Partition1
12:26:30.0201 0644	\Device\Harddisk0\DR0\Partition1 - ok
12:26:30.0201 0644	============================================================
12:26:30.0201 0644	Scan finished
12:26:30.0201 0644	============================================================
12:26:30.0216 2064	Detected object count: 1
12:26:30.0216 2064	Actual detected object count: 1
12:26:38.0375 2064	s7sn2srtx ( UnsignedFile.Multi.Generic ) - skipped by user
12:26:38.0375 2064	s7sn2srtx ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:27:18.0046 3988	Deinitialize success

ja der PC läuft langsamer, er hängt oft. Vor allem wenn ich mit Firefox surfe. Auch wenn ich ihn hochfahre dauert es ewig bis ich irgendein Programm starten kann.

Das ist auch beim anderen PC so. Ich dachte das liegt am neuen Firefox Update und am Avira update.

Ich hatte erst vor paar Monaten formatiert, aber ich weiß nicht mehr, ob der PC direkt nach dem Formatieren auch so langsam war :S

markusg · 30.06.2012, 14:42

na wer solls sonst wissen, ist ja deiner :-)
lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

mina88 · 01.07.2012, 08:17

das ist die liste

bei den ganzen microsoft sachen bin ich mir unsicher

Code:

ATTFilter

Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	28.02.2012	6,00MB	11.1.102.62    notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	09.05.2012	6,00MB	11.2.202.235	notwendig
Adobe Reader X (10.1.2) - Deutsch	Adobe Systems Incorporated	17.02.2012	120MB	10.1.2  notwendig
Adolix Split and Merge PDF v2.1	Adolix Software	21.04.2012	7,89MB	notwendig
Apple Application Support	Apple Inc.	30.05.2012	61,0MB	2.1.7 unbekannt
Apple Software Update	Apple Inc.	30.05.2012	2,38MB	2.1.3.127   unbekannt
Audacity 2.0	Audacity Team	31.05.2012	42,1MB	unnötig
Avira Free Antivirus	Avira	08.05.2012	109MB	12.0.0.1125 notwendig
Bullzip PDF Printer 8.2.0.1394	Bullzip	15.03.2012	6,81MB	8.2.0.1394 notwendig
CCleaner	Piriform	22.06.2012		3.20  notwendig
Dropbox	Dropbox, Inc.	26.05.2012		1.4.7  notwendig
Easy Display Manager	Samsung Electronics Co., Ltd.	20.02.2012		3.0  notwendig
Easy SpeedUp Manager	Samsung Electronics Co.,Ltd.	20.02.2012		3.0.0.4 notwendig
EasyBatteryManager	Samsung	20.02.2012		4.0.0.2  notwendig
ElsterFormular	Landesfinanzdirektion Thüringen	02.05.2012	160MB	13.2.0.8623p
Java(TM) 6 Update 22	Oracle	08.03.2012	97,0MB	6.0.220
Java(TM) 6 Update 31	Oracle	17.02.2012	95,1MB	6.0.310
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	10.06.2012	18,0MB	1.61.0.1400
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	22.02.2012	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	22.02.2012	2,93MB	4.0.30319
Microsoft Office XP Professional mit FrontPage	Microsoft Corporation	21.04.2012	270MB	10.0.2701.0
Microsoft Silverlight	Microsoft Corporation	09.05.2012	60,3MB	4.1.10329.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	20.02.2012	1,69MB	3.1.0000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	07.04.2012	300KB	8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	06.04.2012	238KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	08.03.2012	592KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	08.03.2012	600KB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	21.02.2012	16,5MB	10.0.40219
MIDI4all	Webdesign-Forum.de	30.05.2012		MIDI4all 1.5
Mozilla Firefox 13.0.1 (x86 de)	Mozilla	16.06.2012	37,6MB	13.0.1
Mozilla Maintenance Service	Mozilla	16.06.2012	309KB	13.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	07.04.2012	35,0KB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	07.04.2012	1,33MB	4.20.9876.0
NVIDIA Drivers	NVIDIA Corporation	20.02.2012		1.8
OpenOffice.org 3.3	OpenOffice.org	08.03.2012	412MB	3.3.9567
PDFCreator	Frank Heindörfer, Philip Chinery	22.04.2012		1.3.2
PKZIP Server for Windows 12.40.0008	PKWARE, Inc	06.04.2012	9,96MB	12.40.0008
QuickTime	Apple Inc.	30.05.2012	73,2MB	7.72.80.56
RealPlayer	RealNetworks	27.02.2012		
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	03.03.2012		6.0.1.6526
Skype™ 5.8	Skype Technologies S.A.	18.02.2012	19,0MB	5.8.154
Synaptics Pointing Device Driver	Synaptics Incorporated	20.02.2012		13.2.4.12
USB2.0 UVC 1.3M WebCam		22.02.2012		
USB2.0 UVC WebCam	D-MAX	20.02.2012		7.11.706.001
Windows Live Essentials	Microsoft Corporation	20.02.2012		15.4.3538.0513

markusg · 02.07.2012, 19:54

wieso ist nur die hälfte beschriftet, ab j hörts auf

mina88 · 03.07.2012, 12:19

oh hab wohl vergessen vor dem schließen der datei noch mal abzuspeichern

Code:

ATTFilter

Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	28.02.2012	6,00MB	11.1.102.62    notwendig
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	09.05.2012	6,00MB	11.2.202.235	notwendig
Adobe Reader X (10.1.2) - Deutsch	Adobe Systems Incorporated	17.02.2012	120MB	10.1.2  notwendig
Adolix Split and Merge PDF v2.1	Adolix Software	21.04.2012	7,89MB	notwendig
Apple Application Support	Apple Inc.	30.05.2012	61,0MB	2.1.7 unbekannt
Apple Software Update	Apple Inc.	30.05.2012	2,38MB	2.1.3.127   unbekannt
Audacity 2.0	Audacity Team	31.05.2012	42,1MB	unnötig
Avira Free Antivirus	Avira	08.05.2012	109MB	12.0.0.1125 notwendig
Bullzip PDF Printer 8.2.0.1394	Bullzip	15.03.2012	6,81MB	8.2.0.1394 notwendig
CCleaner	Piriform	22.06.2012		3.20  notwendig
Dropbox	Dropbox, Inc.	26.05.2012		1.4.7  notwendig
Easy Display Manager	Samsung Electronics Co., Ltd.	20.02.2012		3.0  notwendig
Easy SpeedUp Manager	Samsung Electronics Co.,Ltd.	20.02.2012		3.0.0.4 notwendig
EasyBatteryManager	Samsung	20.02.2012		4.0.0.2  notwendig
ElsterFormular	Landesfinanzdirektion Thüringen	02.05.2012	160MB	13.2.0.8623p notwendig
Java(TM) 6 Update 22	Oracle	08.03.2012	97,0MB	6.0.220 unnötig
Java(TM) 6 Update 31	Oracle	17.02.2012	95,1MB	6.0.310 notwendig
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	10.06.2012	18,0MB	1.61.0.1400 unnötig
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	22.02.2012	38,8MB	4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	22.02.2012	2,93MB	4.0.30319 unbekannt
Microsoft Office XP Professional mit FrontPage	Microsoft Corporation	21.04.2012	270MB	10.0.2701.0 notwendig
Microsoft Silverlight	Microsoft Corporation	09.05.2012	60,3MB	4.1.10329.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	20.02.2012	1,69MB	3.1.0000 unbekannt
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	07.04.2012	300KB	8.0.61001 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	06.04.2012	238KB	9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	08.03.2012	592KB	9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	08.03.2012	600KB	9.0.30729.6161 unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	21.02.2012	16,5MB	10.0.40219 unbekannt
MIDI4all	Webdesign-Forum.de	30.05.2012		MIDI4all 1.5 unnötig
Mozilla Firefox 13.0.1 (x86 de)	Mozilla	16.06.2012	37,6MB	13.0.1 notwendig
Mozilla Maintenance Service	Mozilla	16.06.2012	309KB	13.0.1 unbekannt
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	07.04.2012	35,0KB	4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	07.04.2012	1,33MB	4.20.9876.0 unbekannt
NVIDIA Drivers	NVIDIA Corporation	20.02.2012		1.8 notwendig
OpenOffice.org 3.3	OpenOffice.org	08.03.2012	412MB	3.3.9567 notwendig
PDFCreator	Frank Heindörfer, Philip Chinery	22.04.2012		1.3.2 unnötig
PKZIP Server for Windows 12.40.0008	PKWARE, Inc	06.04.2012	9,96MB	12.40.0008 unbekannt
QuickTime	Apple Inc.	30.05.2012	73,2MB	7.72.80.56 notwendig
RealPlayer	RealNetworks	27.02.2012		notwendig
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	03.03.2012		6.0.1.6526 notwendig
Skype™ 5.8	Skype Technologies S.A.	18.02.2012	19,0MB	5.8.154 notwendig
Synaptics Pointing Device Driver	Synaptics Incorporated	20.02.2012		13.2.4.12 notwendig
USB2.0 UVC 1.3M WebCam		22.02.2012		(weiß nicht ob das meine integrierte notebook cam ist?)
USB2.0 UVC WebCam	D-MAX	20.02.2012		7.11.706.001 unbekannt
Windows Live Essentials	Microsoft Corporation	20.02.2012	15.4.3538.0513 notwendig

markusg · 03.07.2012, 16:14

deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Audacity
Java: beide
Download der kostenlosen Java-Software
downloade java jre, instalieren.

deinstaliere
MIDI4all
PDFCreator

öffne ccleaner, analysieren CCleaner starten, pc neustarten
öffne CCleaner extras autostart liste, inhalt posten bitte

mina88 · 04.07.2012, 09:05

heute wurden wieder emails von meinem hotmail account geschickt, was mir aufgefallen ist, dass auch an leute die nicht in meinem adressbuch stehen emails verschickt worden sind

die programme werde ich noch de- bzw. installieren und die liste posten

hab alle deine anweisungen ausgeführt, hier die autostart liste

Nein HKCU:Run Skype Skype Technologies S.A. "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
Ja HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Nein HKLM:Run APSDaemon Apple Inc. "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Ja HKLM:Run avgnt Avira Operations GmbH & Co. KG "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Ja HKLM:Run NvCplDaemon Microsoft Corporation RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Nein HKLM:Run QuickTime Task Apple Inc. "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Ja HKLM:Run RTHDVCPL Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
Ja HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
Ja HKLM:Run SynTPEnh %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Nein HKLM:Run TkBellExe RealNetworks, Inc. "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
Nein Startup Common Microsoft Office.lnk Microsoft Corporation C:\PROGRA~1\MICROS~4\Office10\OSA.EXE -b -l
Ja Startup User Dropbox.lnk Dropbox, Inc. C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe

kann ich zusätzlich zu java jre auch die sdk installieren oder muss das an Stelle von jre erfolgen?

kann man aus dem erweiterten header der email informationen herbekommen, ob die email von meinem account kommt oder jemand nur meine email adresse benutzt?

dort sind nämlich zwei ip adressen angegeben eine aus usa und die andere aus mazeonien

markusg · 04.07.2012, 15:56

instaliere nur java jre
start ausführen
msconfig enter
systemstart
alle haken raus außer bei
Avira
klicke ok, starte neu
rufst du die mails über thunderbird ab? dann sende mir mal so eine, wies geht, steht in meiner signatur

mina88 · 05.07.2012, 12:08

ich bräuchte die sdk zum programmieren mit java, deshalb hatte ich gefragt

ich rufe meine mails nur über den browser ab, wie kann ich denn die email abspeichern?

ich hab in meinem mail account gerade gesehen, dass die emails auch im postausgang ordner zu finden sind.

29.06.2012, 22:32	#6
markusg /// Malware-holic	$Mail Account verschickt automatische Mails und Avira Fund 'HTML\IFrame.aho' - Standard$ Mail Account verschickt automatische Mails und Avira Fund 'HTML\IFrame.aho' sind probleme mit dem pc festzustellen? läuft er langsamer zb? __________________ --> Mail Account verschickt automatische Mails und Avira Fund 'HTML\IFrame.aho'

Mail Account verschickt automatische Mails und Avira Fund 'HTML\IFrame.aho'

Plagegeister aller Art und deren Bekämpfung: Mail Account verschickt automatische Mails und Avira Fund 'HTML\IFrame.aho'