"Mit windows update kann derzeit nicht nach updates gesucht werden" / Firewall nicht aktivierbar

akakesios · 03.09.2012, 21:38

Liebes Trojaner-Board Team,

(Win 7, 64bit)

Nachdem mehrmals der automatische Windows Update fehlgeschlagen ist erscheint nun wenn ich manuell nach Updates suche folgende Fehlermeldung:

"Mit Windows Update kann derzeit nicht nach Updates gesucht werden,
da der Dienst nicht ausgeführt wird. Möglicherweise müssen Sie den Computer neu starten"

Die Firewall kann nicht aktiviert werden. Nach dem Klick auf Empfohlene Einstellungen kommt folgende Fehlermeldung: "Einige der Einstellungen können von der Windows-Firewall nicht geändert werden. Fehlercode 0x80070424".

Das Internet läuft langsam, es öffnen sich häufig Fenster. Weiteres Problem besteht darin dass ich mich nicht in das VPN Netzwerk der Uni einwählen kann, weil die Installation fehlschlägt. Das dürfte mit der Firewall zusammen hängen.

Die Recherche im Netz ergab, dass es sich um kein seltenes Problem handelt. Häufig entsteht der Fehler aufgrund von Festplatten-Aufteilungen oder wegen falschen Treibern. Diese Ursachen kann ich eigentlich ausschließen.
Die allgemeinen Lösungsvorschläge haben leider nicht geholfen:

- Microsoft FixIt-tool zum Beheben von Update-Problemen (Fehlermeldung am Ende im Result Report: "Mindestens eine Windows Update-Komponente ist fehlerhaft konfiguriert" und "Der Speicherort, an dem Daten von Windows Update gespeichert werden, hat sich geändert und muss repariert werden."

- habe dann im Anschluss versucht beschädigte Systemdatein mit Reparaturbefehl "sfc /scannow" wieder herzustellen. Der Durchlauf konnte jedoch nichts finden.

- Windows Batch Datei "Reset Windows Update Full", ohne Erfolg.

- habe dann winUpdRestore v.28 eingesetzt, nicht geholfen.

- habe dann Tool pcwUpdateRepair verwendet, Problem besteht weiter.

Ein Scan mit Malware ergab eine Infizierung, SuperAntiSpiware hat Funde verzeichnet.

Nun hoffe ich dass Ihr mir helfen könnt!

Hier die Logfiles:

defogger

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:25 on 03/09/2012 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

OTL:

Code:

ATTFilter

OTL logfile created on: 03.09.2012 21:28:17 - Run 1
OTL by OldTimer - Version 3.2.60.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,45% Memory free
9,99 Gb Paging File | 8,18 Gb Available in Paging File | 81,88% Paging File free
Paging file location(s): c:\pagefile.sys 6138 6138 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,56 Gb Total Space | 25,32 Gb Free Space | 8,90% Space Free | Partition Type: NTFS
Drive D: | 13,23 Gb Total Space | 2,20 Gb Free Space | 16,66% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Windows\SysWOW64\NlsSrv32.exe (Nalpeiron Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (c4654bb66a72af8) -- C:\Windows\SysNative\drivers\c4654bb66a72af8.sys ()
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe (IDT, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NlsSrv32.exe (Nalpeiron Ltd.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (c4654bb66a72af8) -- C:\Windows\SysNative\drivers\c4654bb66a72af8.sys ()
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (NBVol) -- C:\Windows\SysNative\drivers\NBVol.sys (Nero AG)
DRV:64bit: - (NBVolUp) -- C:\Windows\SysNative\drivers\NBVolUp.sys (Nero AG)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (acedrv07) -- C:\Windows\SysNative\drivers\acedrv07.sys ()
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\DRIVERS\vpnva64.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys ()
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys ()
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\DRIVERS\yk62x64.sys ()
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\DRIVERS\usbfilter.sys ()
DRV:64bit: - (vcd10bus) -- C:\Windows\SysNative\DRIVERS\vcd10bus.sys ()
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\drivers\s0016mdm.sys (MCCI Corporation)
DRV:64bit: - (s0016unic) -- C:\Windows\SysNative\drivers\s0016unic.sys (MCCI Corporation)
DRV:64bit: - (s0016mgmt) -- C:\Windows\SysNative\drivers\s0016mgmt.sys (MCCI Corporation)
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\drivers\s0016obex.sys (MCCI Corporation)
DRV:64bit: - (s0016nd5) -- C:\Windows\SysNative\drivers\s0016nd5.sys (MCCI Corporation)
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\drivers\s0016mdfl.sys (MCCI Corporation)
DRV:64bit: - (s0016bus) -- C:\Windows\SysNative\drivers\s0016bus.sys (MCCI Corporation)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (tandpl) -- C:\Windows\SysWOW64\drivers\tandpl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.faz.net/
IE - HKCU\..\URLSearchHook: {213c8ed6-1d78-4d8f-8729-25006aa86a76} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {04C168DE-3056-4DD3-A997-227ADB753E50}
IE - HKCU\..\SearchScopes\{04C168DE-3056-4DD3-A997-227ADB753E50}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3242337
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.16 22:36:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.03 16:26:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.16 22:36:01 | 000,000,000 | ---D | M]
 
[2012.09.03 16:26:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.09.03 16:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\nphsf8uk.default\extensions
[2012.09.03 16:26:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.09.03 16:27:24 | 000,270,021 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NPHSF8UK.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2012.08.25 04:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.09.03 05:39:13 | 000,000,064 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 134.95.7.4	vpngate.uni-koeln.de
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://vpngate.uni-koeln.de/CACHE/stc/3/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1003CBEC-F7D5-466D-B0DF-23B5A3219CAA}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69B7970C-4514-485A-9B59-A6C32002E811}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA92405A-2AA9-4546-964D-8016BF7078D0}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD92F0B3-F6AE-42E5-A2EB-250EB86FA7E6}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.03 21:26:17 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.03 20:48:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HPAppData
[2012.09.03 20:38:16 | 000,000,000 | ---D | C] -- C:\AULOGS
[2012.09.03 18:47:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2012.09.03 18:13:32 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.09.03 16:26:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.09.03 16:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.03 16:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012.09.03 16:10:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Conduit
[2012.09.03 15:49:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Softland
[2012.09.03 15:21:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nitro PDF
[2012.09.03 15:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2012.09.03 15:20:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenCandy
[2012.09.03 15:20:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro PDF
[2012.09.03 01:16:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bettina Stackelberg - Selbstbewußtsein - Das Trainingsbuch
[2012.09.02 10:27:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\jacke
[2012.08.30 11:04:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Engelmann Media
[2012.08.30 11:01:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HDX4
[2012.08.22 13:46:38 | 000,000,000 | ---D | C] -- C:\Users\***\Calibre Bibliothek
[2012.08.14 12:55:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mediathek II
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.03 21:27:02 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\pymjbtjm.exe
[2012.09.03 21:26:19 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.09.03 21:25:25 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.09.03 21:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.03 21:10:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.03 20:49:57 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.03 20:49:57 | 000,026,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.03 20:42:18 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.03 20:42:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.03 20:42:03 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.03 16:26:09 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.03 05:39:13 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.09.03 04:48:35 | 000,086,472 | ---- | M] () -- C:\Windows\SysNative\drivers\c4654bb66a72af8.sys
[2012.09.02 12:43:07 | 000,158,593 | ---- | M] () -- C:\Users\***\Desktop\2.jpg
[2012.09.02 12:42:27 | 000,130,636 | ---- | M] () -- C:\Users\***\Desktop\1.jpg
[2012.09.01 11:57:39 | 001,666,628 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.01 11:57:39 | 000,716,532 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.01 11:57:39 | 000,668,786 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.01 11:57:39 | 000,157,184 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.01 11:57:39 | 000,128,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.01 09:44:01 | 000,000,280 | ---- | M] () -- C:\Users\***\Desktop\http--www.winklerverlag.com-verlag-v1842x-index.html.url
[2012.08.30 08:49:11 | 004,992,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.27 14:25:17 | 000,001,240 | ---- | M] () -- C:\Users\***\Desktop\932c977c4c971d290d369a1203747b87.dlc
[2012.08.14 16:59:43 | 000,272,409 | ---- | M] () -- C:\Windows\SysWow64\TmpA68033674
 
========== Files Created - No Company Name ==========
 
[2012.09.03 21:27:02 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\pymjbtjm.exe
[2012.09.03 21:25:25 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.09.03 16:26:09 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.03 15:49:04 | 000,007,549 | ---- | C] () -- C:\Windows\SysNative\dopdf7.ctm
[2012.09.03 15:20:34 | 000,095,008 | ---- | C] () -- C:\Windows\SysNative\Primomonnt.dll
[2012.09.03 05:50:02 | 054,775,479 | ---- | C] () -- C:\Users\***\Desktop\Deleuze. Eine Philosophie der Begriffe 2.mp3
[2012.09.03 04:48:35 | 000,086,472 | ---- | C] () -- C:\Windows\SysNative\drivers\c4654bb66a72af8.sys
[2012.09.02 12:43:07 | 000,158,593 | ---- | C] () -- C:\Users\***\Desktop\2.jpg
[2012.09.02 12:42:27 | 000,130,636 | ---- | C] () -- C:\Users\***\Desktop\1.jpg
[2012.09.01 09:44:01 | 000,000,280 | ---- | C] () -- C:\Users\***\Desktop\http--www.winklerverlag.com-verlag-v1842x-index.html.url
[2012.09.01 09:22:20 | 000,635,814 | ---- | C] () -- C:\Users\***\Desktop\6. KAPITEL I. Selbst analysieren.pdf
[2012.08.27 14:25:17 | 000,001,240 | ---- | C] () -- C:\Users\***\Desktop\932c977c4c971d290d369a1203747b87.dlc
[2012.08.16 21:38:52 | 003,148,800 | ---- | C] () -- C:\Windows\SysNative\win32k.sys
[2012.08.14 16:59:43 | 000,272,409 | ---- | C] () -- C:\Windows\SysWow64\TmpA68033674
[2012.07.24 23:09:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.24 23:09:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.24 23:09:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.24 23:09:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.24 23:09:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.05 03:54:49 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdce.ini
[2012.07.05 03:53:07 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdih.ini
[2012.07.05 03:53:02 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdko.ini
[2012.07.05 03:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdpe.ini
[2012.07.05 03:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdmk.ini
[2012.07.05 03:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdhj.ini
[2012.07.05 03:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdfg.ini
[2012.07.05 03:52:54 | 000,000,005 | ---- | C] () -- C:\Windows\oobbfdai.ini
[2012.07.05 03:16:25 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012.07.05 03:16:25 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2012.07.05 03:16:25 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2012.07.05 02:32:01 | 000,000,099 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
[2012.05.30 12:20:34 | 000,001,083 | ---- | C] () -- C:\Windows\lightworks.ini
[2012.05.28 21:33:58 | 000,000,205 | ---- | C] () -- C:\Users\***\.swfinfo
[2012.05.11 00:11:57 | 000,000,403 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2012.04.12 23:04:56 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2012.03.20 17:20:06 | 000,000,208 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.03.05 19:30:55 | 000,000,034 | ---- | C] () -- C:\Windows\DTLite.INI
[2012.02.23 22:23:35 | 000,286,208 | ---- | C] () -- C:\Windows\SysWow64\binkw32.dll
[2012.02.16 01:35:20 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.02.16 01:35:20 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.01.17 10:17:32 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{B9A2CC7C-E572-4C7E-9A7C-573B0FF0BEFE}
[2012.01.13 00:16:57 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.12.04 14:14:00 | 000,038,432 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011.12.04 14:13:59 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.12.04 14:12:50 | 000,038,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.09.28 23:18:53 | 000,000,055 | ---- | C] () -- C:\Users\***\AppData\Roaming\Win-HaBu.ini
[2011.08.04 02:00:59 | 000,218,374 | ---- | C] () -- C:\Windows\hpoins39.dat.temp
[2011.08.04 02:00:59 | 000,000,629 | ---- | C] () -- C:\Windows\hpomdl39.dat.temp
[2011.08.03 16:25:33 | 000,000,298 | ---- | C] () -- C:\Windows\Clony2.ini
[2011.07.15 17:24:52 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2011.07.15 17:24:52 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2011.05.26 21:35:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2011.03.23 03:27:53 | 000,016,098 | ---- | C] () -- C:\Windows\German2.ini
[2011.02.19 13:19:00 | 000,007,599 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2011.01.28 06:23:15 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\AVLibrary.dll
[2011.01.09 00:44:42 | 000,000,138 | ---- | C] () -- C:\Windows\trsubreader.INI
[2010.12.19 18:03:54 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.09.19 15:06:27 | 000,302,592 | ---- | C] () -- C:\Windows\mauninst.exe
[2010.05.17 16:23:34 | 000,012,288 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.15 16:35:48 | 003,198,860 | ---- | C] () -- C:\Users\***\AppData\Local\tmpDESIGN FOR TANNHA¦ÈUSER.JPG
[2010.04.15 16:35:46 | 003,088,891 | ---- | C] () -- C:\Users\***\AppData\Local\tmpDESIGN FOR TANNHA¦ÈUSER.0
 
========== LOP Check ==========
 
[2011.12.23 18:06:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2010.04.15 13:36:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2012.03.25 17:21:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012.07.31 15:41:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent
[2011.07.22 12:23:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\biu software
[2012.05.27 17:50:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blue Cat Audio
[2011.01.08 22:47:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Boilsoft
[2011.05.31 21:03:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2012.07.25 01:33:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.02.23 18:44:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2011.02.16 03:46:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DL
[2012.06.16 15:57:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdisaster
[2012.06.20 21:12:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Easy Macro Recorder
[2012.07.20 17:50:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.08.30 11:04:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Engelmann Media
[2010.12.20 15:32:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileMaker
[2012.05.29 21:35:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Freemium
[2012.05.27 17:52:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HighAndes
[2011.09.24 04:30:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HTC
[2011.04.08 20:16:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.06.08 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImTOO
[2011.03.25 05:02:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\iSilo
[2010.07.28 22:17:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012.05.30 16:11:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.07.05 02:17:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Morphine
[2011.12.23 18:02:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MOVAVI
[2012.09.03 15:21:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nitro PDF
[2012.06.23 17:14:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance
[2012.09.03 16:01:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2011.04.13 20:01:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Outlook
[2011.08.14 16:24:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDAppFlex
[2011.10.03 18:58:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pogo
[2011.08.03 16:20:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDISC
[2012.07.05 02:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2012.05.11 00:16:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2012.09.03 15:49:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Softland
[2012.05.28 23:59:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Solveig Multimedia
[2012.07.05 02:36:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2012.07.05 20:20:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg
[2012.03.25 16:02:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\streamWriter
[2012.06.21 05:10:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2011.08.06 00:06:13 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Virtual CD v10
[2012.07.05 03:42:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Waves Audio
[2011.08.13 16:29:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft
[2012.05.11 00:15:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zeon
[2011.10.03 19:40:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zylom
[2010.04.13 16:14:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\_MDLogs
[2012.09.03 17:34:34 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A303874F

< End of report >

Extra:

Code:

ATTFilter

OTL Extras logfile created on: 03.09.2012 21:28:17 - Run 1
OTL by OldTimer - Version 3.2.60.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,45% Memory free
9,99 Gb Paging File | 8,18 Gb Available in Paging File | 81,88% Paging File free
Paging file location(s): c:\pagefile.sys 6138 6138 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,56 Gb Total Space | 25,32 Gb Free Space | 8,90% Space Free | Partition Type: NTFS
Drive D: | 13,23 Gb Total Space | 2,20 Gb Free Space | 16,66% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{3A634415-DE75-4433-B9AB-5171A2BAFF37}" = Classic Shell
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6C47240C-016E-03B5-D13E-AECAED09F2E3}" = ATI Catalyst Install Manager
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{79A72AAD-7ED4-49D8-872D-D1465061F9DB}" = HP Photosmart Wireless B109n-z All-in-One Driver 14.0 Rel. 6
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADEB3402-CFBD-00E2-0EE6-F6A3F1AFACF0}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{F1F25693-126D-4228-8606-DF88977881AD}" = Nuance PDF Create 7
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0713D1F9-DD77-42C1-8C7D-54D479E2E743}" = Nero SoundTrax 11
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09CC0D0E-061D-3C7B-3881-D2EB53A8AAFC}" = CCC Help Polish
"{0D7A4289-99CF-4B8D-B812-86BE50A54552}" = Nero Video 11
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26606D8F-3133-DBE2-8AF5-AB28F300860A}" = CCC Help Chinese Standard
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2CA7225D-CB12-462A-9DD1-50319E158BA5}" = Nero 11 PiP Effects Basic
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{33C17B75-EA9C-0687-9CED-03D92637B042}" = CCC Help Hungarian
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{390757AA-8830-43DC-AEE0-4E5B6F8439EB}" = Nero SoundTrax 11 Help (CHM)
"{3E8DE1A6-B365-4FF6-B917-2892A34990E8}" = LG USB Modem Drivers
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FBDB7B8-7472-E895-2E5D-99D190B2D1B6}" = Catalyst Control Center InstallProxy
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{48EB9208-593D-4DC7-B613-9C5A210D87BA}" = Sony Sound Forge 8.0b
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{512CF969-1C40-4F8D-8DA4-68CB6E293E5F}" = Nuance OmniPage 18
"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{546937C5-0529-333E-0D5E-FE3C53108806}" = CCC Help Japanese
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{55C2143E-FBA5-442F-9AFA-726FF068F39D}" = Nero CoverDesigner 11 Help (CHM)
"{55C70B62-5EF1-D527-7CAB-E50D8B3B4990}" = Catalyst Control Center Graphics Full New
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{577ED77E-25D9-1A76-4EF0-773B9C173758}" = CCC Help Portuguese
"{57F80ECF-E27C-4EEE-AB58-E971BACE2639}" = Nero Recode 11 Help (CHM)
"{5A212B2D-140D-46F4-B625-2D1CA5A00594}" = Nero 11 Kwik Themes Basic
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DB4EA68-A509-D408-585C-C9D045FADF72}" = Catalyst Control Center Graphics Previews Vista
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit June 2009 (Version 3.5.40619.1)
"{601F2C04-4E0A-464F-B9FE-4FD140098E21}" = PS_AIO_06_B109n-z_SW_Min
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{6AB2427E-A18F-4809-9A12-29F5EBABBB3A}" = Nero BackItUp 11 Help (CHM)
"{6D335F78-1F4F-7826-56DD-4F350EA6EADD}" = CCC Help Greek
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6EF04EAE-0354-9919-E757-F1203E6F422B}" = CCC Help Italian
"{7028B245-30A2-BD8C-31B9-6008216FBDC2}" = CCC Help French
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779D3256-84D0-936F-18F9-A154DC85B4B4}" = Catalyst Control Center Localization All
"{7F4DA5B8-6884-47F2-AEBA-D9111E420C63}" = CCC Help Danish
"{7F9A8D27-A1B9-164F-FCB1-0B64C88629CF}" = CCC Help Norwegian
"{8014FACB-1D1D-48C2-94AA-E29EE2E6B9CE}" = Nero WaveEditor 11
"{803263F7-8CAC-DC6D-3288-8128865A7472}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8CC47AA0-5774-61FC-6A59-7E1C936DB753}" = ccc-core-static
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A28867B-109A-5BBF-85C0-FC1BAA98CA1C}" = CCC Help Russian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A8BCC9E4-9036-3029-F2BC-AA73A62DA73D}" = CCC Help Turkish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB2BBC64-8AC8-4E66-BBF3-E22D5EACEECA}" = Nero BackItUp 11
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{B132E67C-EEA5-492B-B368-543CD88D8569}" = AnyDVD Registration
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B5C746E6-D961-445C-3768-5B6FAF6A1A31}" = CCC Help Spanish
"{B66222B3-1D51-412C-80B7-E335C2C78EA3}" = calibre
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7E01095-8BAA-456E-8AED-504C3CCADBA0}" = Nero 11
"{B9B1BA7F-7E07-49DD-A713-5B397A5BB66B}" = Nero Kwik Media Help (CHM)
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BE814218-3919-4EA3-868A-2F60BC135CB4}" = Nero Kwik Media
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C0769946-2CF1-9E8D-009B-5C413B3F01D1}" = CCC Help Czech
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4F7EEE5-3D99-8552-7483-B2F412838B2A}" = Catalyst Control Center Graphics Previews Common
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE210DF-7EEF-4A76-A63C-3EB091FDB992}" = welcome
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D2CBEFA4-F2D3-4E97-A171-8BFD6A31A5EC}" = Nero Express 11 Help (CHM)
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4C41D27-A2D5-94C6-1D08-3D470A12EAF0}" = CCC Help Swedish
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9D6A848-1BFD-592B-5F9D-0BA8692FDF0B}" = CCC Help Finnish
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DCD91C2F-3A86-B328-59A0-5EED6190D983}" = Catalyst Control Center Graphics Full Existing
"{E10AAE4A-98B8-420A-BD93-E0520C23D624}" = Nero Express 11
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E51BC4B0-EA5E-49CC-AF3B-93B5C627EC22}" = Nero 11 Effects Basic
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E5F5CAA5-84ED-DE41-40D0-8926FE7E5F4D}" = Catalyst Control Center Graphics Light
"{E6CE345D-BF83-1242-9E4D-3D60A5036D87}" = CCC Help English
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EB8DED20-A887-4A9C-BB5A-F3E7523DFB44}" = Nero WaveEditor 11 Help (CHM)
"{EC155897-712F-5637-A5DA-6C7CE7CB5521}" = CCC Help Korean
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0580F64-44A1-C607-9364-887912B74F4D}" = CCC Help Thai
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.149
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F1F25693-126D-4228-8606-DF88977881AD}" = Nuance PDF Create 7
"{F2471277-4C40-44B8-9A5D-D170F237673C}" = TubeBox
"{F3743A2C-5D5F-4456-8F98-5DF36A954C50}" = Nero 11 Image Samples
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F3F9A4E5-CD9F-4657-CF99-5CE3F7729909}" = Catalyst Control Center Core Implementation
"{F428DC33-C0E4-40A8-BFC3-B59957F86FE0}" = B109n-z
"{F49EF443-B2BD-4F10-8A46-87AFCDB90EDD}" = Nero 11 Disc Menus Basic
"{F5B1D41A-05B9-98E2-C350-E69D4A444CB4}" = CCC Help Chinese Traditional
"{F69FB940-5031-4FE8-AFAD-085802D0BF63}" = Nero Recode 11
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAC3C37E-EDAB-4F3A-A173-A7C70CC88F09}" = Nero Video 11 Help (CHM)
"{FCF0F615-6E70-B949-028F-88D32C55C2BC}" = CCC Help Dutch
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF44BCE5-5A18-4051-85F0-BC172D7B4695}" = Nero CoverDesigner 11
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnyDVD" = AnyDVD
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"AviSynth" = AviSynth 2.5
"BigTickRhino2Vst_is1" = Rhino 2.04
"BitTorrent" = BitTorrent
"D - metallbaupraxis 2010.2 (September)_is1" = D - metallbaupraxis 2010.2 (September)
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digitale Bibliothek 5" = Digitale Bibliothek 5
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"ESET Online Scanner" = ESET Online Scanner v3
"FL Studio 10" = FL Studio 10
"FL Studio 8" = FL Studio 8
"HP Photo Creations" = HP Photo Creations
"IL Download Manager" = IL Download Manager
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"JDownloader" = JDownloader
"Korg Legacy Collection v1.1.2" = Korg Legacy Collection v1.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Monopoly Deluxe" = Monopoly Deluxe
"Morphine" = Morphine
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Native Instruments B4 II" = Native Instruments B4 II
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Predator_is1" = Rob Papen Predator V1.1.1
"reFX Nexus 1.0.9_is1" = reFX Nexus 1.0.9
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"reFX Vanguard VSTi_is1" = reFX Vanguard VSTi v1.6.1
"ReNamer_is1" = ReNamer
"Roger Nichols Digital DETAILER VST RTAS_is1" = Roger Nichols Digital DETAILER VST RTAS v1.2
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"Soulseek2" = SoulSeek 157 NS 13e
"TubeBox 3.5.3" = TubeBox
"VLC media player" = VLC media player 1.1.11
"Wave Arts Power Suite" = Wave Arts Power Suite
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
"Xvid_is1" = Xvid 1.1.3 final uninstall
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.09.2012 06:21:24 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11722
Description = 
 
Error - 03.09.2012 06:21:27 | Computer Name = ***-PC | Source = acvpndownloader | ID = 67108866
Description = 
 
Error - 03.09.2012 06:21:27 | Computer Name = ***-PC | Source = acvpndownloader | ID = 67108865
Description = 
 
Error - 03.09.2012 06:21:28 | Computer Name = ***-PC | Source = acvpndownloader | ID = 67108866
Description = 
 
Error - 03.09.2012 06:21:28 | Computer Name = ***-PC | Source = acvpndownloader | ID = 67108866
Description = 
 
Error - 03.09.2012 06:27:21 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11722
Description = 
 
Error - 03.09.2012 06:43:46 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11722
Description = 
 
Error - 03.09.2012 10:14:16 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7601.17514,
 Zeitstempel: 0x4ce79912  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften
 Prozesses: 0xa30  Startzeit der fehlerhaften Anwendung: 0x01cd89b6ce1eea9c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: a4b53a93-f5d1-11e1-8475-00269e9f2f6a
 
Error - 03.09.2012 11:05:51 | Computer Name = ***-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 03.09.2012 11:09:01 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd026  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e21213c  Ausnahmecode: 0xc06d007f  Fehleroffset: 0x000000000000cacd
ID
 des fehlerhaften Prozesses: 0xecc  Startzeit der fehlerhaften Anwendung: 0x01cd89e60c3a30c9
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 4a97088d-f5d9-11e1-8e14-00269e9f2f6a
 
Error - 03.09.2012 11:09:01 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnscfg.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd026  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.17651,
 Zeitstempel: 0x4e21213c  Ausnahmecode: 0xc06d007f  Fehleroffset: 0x000000000000cacd
ID
 des fehlerhaften Prozesses: 0x970  Startzeit der fehlerhaften Anwendung: 0x01cd89e60c30ab47
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnscfg.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 4a96e17d-f5d9-11e1-8e14-00269e9f2f6a
 
[ Cisco AnyConnect VPN Client Events ]
Error - 02.09.2012 23:39:27 | Computer Name = ***-PC | Source = vpnui | ID = 67108866
Description = Function: CTransportWinHttp::processRequestResponse File: .\CTransportWinHttp.cpp
Line:
 1124 Invoked Function: CTransportWinHttp::setResponseHeaders Return Code: -29949902
 (0xFE370032) Description: CTRANSPORT_ERROR_HTTP_RETURNED_ERROR:The HTTP server returned
 an error code (>= 400) HTTP status code received 404
 
Error - 02.09.2012 23:39:27 | Computer Name = ***-PC | Source = vpnui | ID = 67108866
Description = Function: CTransportWinHttp::SendRequest File: .\CTransportWinHttp.cpp
Line:
 1374 Invoked Function: CTransportWinHttp::processRequestResponse Return Code: -29949902
 (0xFE370032) Description: CTRANSPORT_ERROR_HTTP_RETURNED_ERROR:The HTTP server returned
 an error code (>= 400) 
 
Error - 02.09.2012 23:39:28 | Computer Name = ***-PC | Source = vpnui | ID = 67108866
Description = Function: CTransportWinHttp::processRequestResponse File: .\CTransportWinHttp.cpp
Line:
 1124 Invoked Function: CTransportWinHttp::setResponseHeaders Return Code: -29949902
 (0xFE370032) Description: CTRANSPORT_ERROR_HTTP_RETURNED_ERROR:The HTTP server returned
 an error code (>= 400) HTTP status code received 404
 
Error - 02.09.2012 23:39:28 | Computer Name = ***-PC | Source = vpnui | ID = 67108866
Description = Function: CTransportWinHttp::SendRequest File: .\CTransportWinHttp.cpp
Line:
 1374 Invoked Function: CTransportWinHttp::processRequestResponse Return Code: -29949902
 (0xFE370032) Description: CTRANSPORT_ERROR_HTTP_RETURNED_ERROR:The HTTP server returned
 an error code (>= 400) 
 
Error - 02.09.2012 23:39:29 | Computer Name = ***-PC | Source = vpnui | ID = 67108866
Description = Function: CTransportWinHttp::processRequestResponse File: .\CTransportWinHttp.cpp
Line:
 1124 Invoked Function: CTransportWinHttp::setResponseHeaders Return Code: -29949902
 (0xFE370032) Description: CTRANSPORT_ERROR_HTTP_RETURNED_ERROR:The HTTP server returned
 an error code (>= 400) HTTP status code received 404
 
Error - 02.09.2012 23:39:29 | Computer Name = ***-PC | Source = vpnui | ID = 67108866
Description = Function: CTransportWinHttp::SendRequest File: .\CTransportWinHttp.cpp
Line:
 1374 Invoked Function: CTransportWinHttp::processRequestResponse Return Code: -29949902
 (0xFE370032) Description: CTRANSPORT_ERROR_HTTP_RETURNED_ERROR:The HTTP server returned
 an error code (>= 400) 
 
Error - 02.09.2012 23:39:29 | Computer Name = ***-PC | Source = vpnui | ID = 67108866
Description = Function: CTransportWinHttp::processRequestResponse File: .\CTransportWinHttp.cpp
Line:
 1124 Invoked Function: CTransportWinHttp::setResponseHeaders Return Code: -29949902
 (0xFE370032) Description: CTRANSPORT_ERROR_HTTP_RETURNED_ERROR:The HTTP server returned
 an error code (>= 400) HTTP status code received 404
 
Error - 02.09.2012 23:39:29 | Computer Name = ***-PC | Source = vpnui | ID = 67108866
Description = Function: CTransportWinHttp::SendRequest File: .\CTransportWinHttp.cpp
Line:
 1374 Invoked Function: CTransportWinHttp::processRequestResponse Return Code: -29949902
 (0xFE370032) Description: CTRANSPORT_ERROR_HTTP_RETURNED_ERROR:The HTTP server returned
 an error code (>= 400) 
 
Error - 02.09.2012 23:39:39 | Computer Name = ***-PC | Source = vpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
 
Error - 02.09.2012 23:39:39 | Computer Name = ***-PC | Source = vpnagent | ID = 67108866
Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:
 _tstat Return Code: 2 (0x00000002) Description: Das System kann die angegebene Datei
 nicht finden.   File: C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw
Error:
 No such file or directory
 
[ Hewlett-Packard Events ]
Error - 27.10.2010 12:19:20 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

   bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
 RoutedEventArgs e)     bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
 target, RoutedEventArgs routedEventArgs)     bei System.Windows.EventRoute.InvokeHandlersImpl(Object
 source, RoutedEventArgs args, Boolean reRaised)     bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
 sender, RoutedEventArgs args)     bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
 e)     bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
 RoutedEvent routedEvent)     bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
 root)     bei MS.Internal.LoadedOrUnloadedOperation.DoWork()     bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

   bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()     bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
 resizedCompositionTarget)     bei System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
 resizedCompositionTarget)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 27.10.2010 12:19:22 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Aufrufziel hat einen Ausnahmefehler verursacht. mscorlib   
 bei System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments,
 SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)

   bei System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments,
 Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)   
  bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr,
 Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)

   bei System.Delegate.DynamicInvokeImpl(Object[] args)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
 
Error - 26.01.2011 15:09:00 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

   bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
 RoutedEventArgs e)     bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
 target, RoutedEventArgs routedEventArgs)     bei System.Windows.EventRoute.InvokeHandlersImpl(Object
 source, RoutedEventArgs args, Boolean reRaised)     bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
 sender, RoutedEventArgs args)     bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
 e)     bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
 RoutedEvent routedEvent)     bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
 root)     bei MS.Internal.LoadedOrUnloadedOperation.DoWork()     bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

   bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()     bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
 resizedCompositionTarget)     bei System.Windows.Media.MediaContext.RenderMessageHandler(Object
 resizedCompositionTarget)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 02.02.2011 13:33:09 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

   bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
 RoutedEventArgs e)     bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
 target, RoutedEventArgs routedEventArgs)     bei System.Windows.EventRoute.InvokeHandlersImpl(Object
 source, RoutedEventArgs args, Boolean reRaised)     bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
 sender, RoutedEventArgs args)     bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
 e)     bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
 RoutedEvent routedEvent)     bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
 root)     bei MS.Internal.LoadedOrUnloadedOperation.DoWork()     bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

   bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()     bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
 resizedCompositionTarget)     bei System.Windows.Media.MediaContext.AnimatedRenderMessageHandler(Object
 resizedCompositionTarget)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 10.08.2011 12:46:20 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

   bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
 RoutedEventArgs e)     bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
 target, RoutedEventArgs routedEventArgs)     bei System.Windows.EventRoute.InvokeHandlersImpl(Object
 source, RoutedEventArgs args, Boolean reRaised)     bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
 sender, RoutedEventArgs args)     bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
 e)     bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
 RoutedEvent routedEvent)     bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
 root)     bei MS.Internal.LoadedOrUnloadedOperation.DoWork()     bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

   bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()     bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
 resizedCompositionTarget)     bei System.Windows.Media.MediaContext.RenderMessageHandler(Object
 resizedCompositionTarget)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 13.05.2012 13:25:14 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

   bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
 RoutedEventArgs e)     bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
 target, RoutedEventArgs routedEventArgs)     bei System.Windows.EventRoute.InvokeHandlersImpl(Object
 source, RoutedEventArgs args, Boolean reRaised)     bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
 sender, RoutedEventArgs args)     bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
 e)     bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
 RoutedEvent routedEvent)     bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
 root)     bei MS.Internal.LoadedOrUnloadedOperation.DoWork()     bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

   bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()     bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
 resizedCompositionTarget)     bei System.Windows.Media.MediaContext.RenderMessageHandler(Object
 resizedCompositionTarget)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 24.05.2012 04:40:55 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

   bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
 RoutedEventArgs e)     bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
 target, RoutedEventArgs routedEventArgs)     bei System.Windows.EventRoute.InvokeHandlersImpl(Object
 source, RoutedEventArgs args, Boolean reRaised)     bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
 sender, RoutedEventArgs args)     bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
 e)     bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
 RoutedEvent routedEvent)     bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
 root)     bei MS.Internal.LoadedOrUnloadedOperation.DoWork()     bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

   bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()     bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
 resizedCompositionTarget)     bei System.Windows.Media.MediaContext.RenderMessageHandler(Object
 resizedCompositionTarget)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 24.05.2012 04:41:05 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Aufrufziel hat einen Ausnahmefehler verursacht. mscorlib   
 bei System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments,
 SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)

   bei System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments,
 Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)   
  bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr,
 Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)

   bei System.Delegate.DynamicInvokeImpl(Object[] args)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
 
Error - 11.07.2012 13:08:08 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
HPSF

   bei HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender,
 RoutedEventArgs e)     bei System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object
 target, RoutedEventArgs routedEventArgs)     bei System.Windows.EventRoute.InvokeHandlersImpl(Object
 source, RoutedEventArgs args, Boolean reRaised)     bei System.Windows.UIElement.RaiseEventImpl(DependencyObject
 sender, RoutedEventArgs args)     bei System.Windows.UIElement.RaiseEvent(RoutedEventArgs
 e)     bei System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
 RoutedEvent routedEvent)     bei System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
 root)     bei MS.Internal.LoadedOrUnloadedOperation.DoWork()     bei System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

   bei System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()     bei System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
 resizedCompositionTarget)     bei System.Windows.Media.MediaContext.RenderMessageHandler(Object
 resizedCompositionTarget)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

 
Error - 11.07.2012 13:08:20 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Aufrufziel hat einen Ausnahmefehler verursacht. mscorlib   
 bei System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments,
 SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)

   bei System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments,
 Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)   
  bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr,
 Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)

   bei System.Delegate.DynamicInvokeImpl(Object[] args)     bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
 callback, Object args, Boolean isSingleParameter)     bei System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Der
 Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
 
[ Media Center Events ]
Error - 25.07.2010 06:34:08 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 12:34:08 - Fehler beim Herstellen der Internetverbindung.  12:34:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 25.07.2010 06:34:42 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 12:34:38 - Fehler beim Herstellen der Internetverbindung.  12:34:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.08.2010 12:37:19 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 18:37:19 - Fehler beim Herstellen der Internetverbindung.  18:37:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.08.2010 12:37:26 | Computer Name = ***-PC | Source = MCUpdate | ID = 0
Description = 18:37:24 - Fehler beim Herstellen der Internetverbindung.  18:37:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 03.09.2012 12:59:42 | Computer Name = ***-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 03.09.2012 12:59:42 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   acedrv07
 
Error - 03.09.2012 12:59:44 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 03.09.2012 13:00:40 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 03.09.2012 14:42:17 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 03.09.2012 14:42:20 | Computer Name = ***-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 03.09.2012 14:42:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147024891
 
Error - 03.09.2012 14:42:24 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   acedrv07
 
Error - 03.09.2012 14:42:25 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 03.09.2012 14:43:19 | Computer Name = ***-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >

Ich danke euch schon Mal für eure Hilfe!

Larusso · 04.09.2012, 22:10

Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.

Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.

Deinstalliere bitte
SuperAntiSpyware
Malwarebytes oder Emsisoft Anti Malware

Du füllst deinen Rechner mit unmengen an Tools aber keiner Anti Virensoftware. Das muss man nicht verstehen oder ?

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

akakesios · 04.09.2012, 23:22

Hallo Daniel,

ich danke dir für deine schnelle Antwort und vor allem dass du mir helfen möchtest! Ganz großes DANKESCHÖN!

Hier sind die Ergebnisse vom Scan

Code:

ATTFilter

00:16:45.0179 6420  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
00:16:45.0273 6420  ============================================================
00:16:45.0273 6420  Current date / time: 2012/09/05 00:16:45.0273
00:16:45.0273 6420  SystemInfo:
00:16:45.0273 6420  
00:16:45.0273 6420  OS Version: 6.1.7601 ServicePack: 1.0
00:16:45.0273 6420  Product type: Workstation
00:16:45.0273 6420  ComputerName: ***
00:16:45.0273 6420  UserName: ***
00:16:45.0273 6420  Windows directory: C:\Windows
00:16:45.0273 6420  System windows directory: C:\Windows
00:16:45.0273 6420  Running under WOW64
00:16:45.0273 6420  Processor architecture: Intel x64
00:16:45.0273 6420  Number of processors: 2
00:16:45.0273 6420  Page size: 0x1000
00:16:45.0273 6420  Boot type: Normal boot
00:16:45.0273 6420  ============================================================
00:16:52.0059 6420  !crdlk
00:16:52.0105 6420  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
00:16:52.0152 6420  ============================================================
00:16:52.0152 6420  \Device\Harddisk0\DR0:
00:16:52.0152 6420  MBR partitions:
00:16:52.0152 6420  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
00:16:52.0152 6420  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23921000
00:16:52.0152 6420  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23985000, BlocksNum 0x1A75800
00:16:52.0152 6420  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
00:16:52.0152 6420  ============================================================
00:16:52.0183 6420  C: <-> \Device\Harddisk0\DR0\Partition2
00:16:52.0230 6420  D: <-> \Device\Harddisk0\DR0\Partition3
00:16:52.0230 6420  ============================================================
00:16:52.0230 6420  Initialize success
00:16:52.0230 6420  ============================================================
00:16:55.0350 3956  ============================================================
00:16:55.0350 3956  Scan started
00:16:55.0350 3956  Mode: Manual; 
00:16:55.0350 3956  ============================================================
00:16:55.0803 3956  ================ Scan system memory ========================
00:16:55.0803 3956  System memory - ok
00:16:55.0803 3956  ================ Scan services =============================
00:16:55.0849 3956  [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
00:16:55.0849 3956  !SASCORE - ok
00:16:56.0052 3956  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
00:16:56.0052 3956  1394ohci - ok
00:16:56.0115 3956  [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
00:16:56.0115 3956  Accelerometer - ok
00:16:56.0177 3956  [ 6E9C8B324980AFE454C6F7762E2B4478 ] acedrv07        C:\Windows\system32\drivers\acedrv07.sys
00:16:56.0177 3956  acedrv07 - ok
00:16:56.0224 3956  [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
00:16:56.0224 3956  acedrv11 - ok
00:16:56.0286 3956  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:16:56.0286 3956  ACPI - ok
00:16:56.0317 3956  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:16:56.0317 3956  AcpiPmi - ok
00:16:56.0380 3956  [ E5568164C070A4988BD79C896920B3C6 ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
00:16:56.0380 3956  acsock - ok
00:16:56.0411 3956  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
00:16:56.0427 3956  adp94xx - ok
00:16:56.0473 3956  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
00:16:56.0473 3956  adpahci - ok
00:16:56.0489 3956  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
00:16:56.0505 3956  adpu320 - ok
00:16:56.0551 3956  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:16:56.0551 3956  AeLookupSvc - ok
00:16:56.0645 3956  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
00:16:56.0645 3956  AESTFilters - ok
00:16:56.0707 3956  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
00:16:56.0754 3956  AFD - ok
00:16:56.0941 3956  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
00:16:56.0957 3956  AgereSoftModem - ok
00:16:57.0035 3956  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
00:16:57.0035 3956  agp440 - ok
00:16:57.0082 3956  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
00:16:57.0082 3956  ALG - ok
00:16:57.0113 3956  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:16:57.0113 3956  aliide - ok
00:16:57.0238 3956  ALSysIO - ok
00:16:57.0285 3956  [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:16:57.0285 3956  AMD External Events Utility - ok
00:16:57.0300 3956  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
00:16:57.0300 3956  amdide - ok
00:16:57.0347 3956  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
00:16:57.0347 3956  AmdK8 - ok
00:16:57.0378 3956  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
00:16:57.0378 3956  AmdPPM - ok
00:16:57.0441 3956  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:16:57.0441 3956  amdsata - ok
00:16:57.0456 3956  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
00:16:57.0456 3956  amdsbs - ok
00:16:57.0487 3956  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:16:57.0487 3956  amdxata - ok
00:16:57.0565 3956  [ 7CE7D6019D0D73F9203BA4FF4BA35B6A ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
00:16:57.0565 3956  AnyDVD - ok
00:16:57.0612 3956  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
00:16:57.0612 3956  AppID - ok
00:16:57.0659 3956  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:16:57.0659 3956  AppIDSvc - ok
00:16:57.0721 3956  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
00:16:57.0737 3956  Appinfo - ok
00:16:57.0831 3956  [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:16:57.0831 3956  Apple Mobile Device - ok
00:16:57.0877 3956  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
00:16:57.0877 3956  arc - ok
00:16:57.0893 3956  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
00:16:57.0893 3956  arcsas - ok
00:16:57.0940 3956  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:16:57.0940 3956  AsyncMac - ok
00:16:58.0002 3956  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
00:16:58.0018 3956  atapi - ok
00:16:58.0065 3956  [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
00:16:58.0080 3956  athr - ok
00:16:58.0127 3956  [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
00:16:58.0127 3956  AtiHdmiService - ok
00:16:58.0252 3956  [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
00:16:58.0314 3956  atikmdag - ok
00:16:58.0361 3956  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
00:16:58.0361 3956  AtiPcie - ok
00:16:58.0455 3956  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:16:58.0455 3956  AudioEndpointBuilder - ok
00:16:58.0486 3956  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:16:58.0486 3956  AudioSrv - ok
00:16:58.0548 3956  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:16:58.0548 3956  AxInstSV - ok
00:16:58.0595 3956  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
00:16:58.0595 3956  b06bdrv - ok
00:16:58.0642 3956  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:16:58.0642 3956  b57nd60a - ok
00:16:58.0689 3956  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:16:58.0689 3956  BDESVC - ok
00:16:58.0735 3956  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:16:58.0735 3956  Beep - ok
00:16:58.0813 3956  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
00:16:58.0829 3956  BFE - ok
00:16:58.0845 3956  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:16:58.0845 3956  blbdrive - ok
00:16:58.0923 3956  [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
00:16:58.0923 3956  Bonjour Service - ok
00:16:59.0016 3956  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:16:59.0016 3956  bowser - ok
00:16:59.0047 3956  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:16:59.0047 3956  BrFiltLo - ok
00:16:59.0079 3956  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:16:59.0079 3956  BrFiltUp - ok
00:16:59.0110 3956  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
00:16:59.0110 3956  BridgeMP - ok
00:16:59.0172 3956  [ 8EF0D5C41EC907751B8429162B1239ED ] Browser         C:\Windows\System32\browser.dll
00:16:59.0188 3956  Browser - ok
00:16:59.0219 3956  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:16:59.0219 3956  Brserid - ok
00:16:59.0250 3956  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:16:59.0250 3956  BrSerWdm - ok
00:16:59.0266 3956  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:16:59.0266 3956  BrUsbMdm - ok
00:16:59.0281 3956  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:16:59.0281 3956  BrUsbSer - ok
00:16:59.0297 3956  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
00:16:59.0297 3956  BTHMODEM - ok
00:16:59.0344 3956  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
00:16:59.0359 3956  bthserv - ok
00:16:59.0359 3956  Suspicious service (NoAccess): c4654bb66a72af8
00:16:59.0422 3956  [ 0A7DAB6A5D1C59348CD56EDA45CF90B7 ] c4654bb66a72af8 C:\Windows\System32\Drivers\c4654bb66a72af8.sys
00:16:59.0422 3956  Suspicious file (NoAccess): C:\Windows\System32\Drivers\c4654bb66a72af8.sys. md5: 0A7DAB6A5D1C59348CD56EDA45CF90B7
00:16:59.0593 3956  c4654bb66a72af8 ( Rootkit.Win32.Necurs.gen ) - infected
00:16:59.0593 3956  c4654bb66a72af8 - detected Rootkit.Win32.Necurs.gen (0)
00:16:59.0609 3956  catchme - ok
00:16:59.0640 3956  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:16:59.0640 3956  cdfs - ok
00:16:59.0703 3956  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:16:59.0703 3956  cdrom - ok
00:16:59.0765 3956  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
00:16:59.0765 3956  CertPropSvc - ok
00:16:59.0796 3956  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
00:16:59.0796 3956  circlass - ok
00:16:59.0859 3956  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
00:16:59.0874 3956  CLFS - ok
00:16:59.0937 3956  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:16:59.0937 3956  clr_optimization_v2.0.50727_32 - ok
00:17:00.0015 3956  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:17:00.0015 3956  clr_optimization_v2.0.50727_64 - ok
00:17:00.0108 3956  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:17:00.0139 3956  clr_optimization_v4.0.30319_32 - ok
00:17:00.0202 3956  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:17:00.0217 3956  clr_optimization_v4.0.30319_64 - ok
00:17:00.0264 3956  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
00:17:00.0280 3956  CmBatt - ok
00:17:00.0295 3956  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:17:00.0295 3956  cmdide - ok
00:17:00.0373 3956  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
00:17:00.0373 3956  CNG - ok
00:17:00.0436 3956  [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
00:17:00.0436 3956  Com4QLBEx - ok
00:17:00.0467 3956  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
00:17:00.0467 3956  Compbatt - ok
00:17:00.0529 3956  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
00:17:00.0529 3956  CompositeBus - ok
00:17:00.0545 3956  COMSysApp - ok
00:17:00.0592 3956  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
00:17:00.0592 3956  crcdisk - ok
00:17:00.0654 3956  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:17:00.0654 3956  CryptSvc - ok
00:17:00.0732 3956  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:17:00.0748 3956  DcomLaunch - ok
00:17:00.0779 3956  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
00:17:00.0795 3956  defragsvc - ok
00:17:00.0888 3956  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:17:00.0888 3956  DfsC - ok
00:17:00.0935 3956  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:17:00.0951 3956  Dhcp - ok
00:17:00.0982 3956  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
00:17:00.0982 3956  discache - ok
00:17:01.0013 3956  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
00:17:01.0029 3956  Disk - ok
00:17:01.0091 3956  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:17:01.0091 3956  Dnscache - ok
00:17:01.0153 3956  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:17:01.0153 3956  dot3svc - ok
00:17:01.0231 3956  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
00:17:01.0231 3956  Dot4 - ok
00:17:01.0278 3956  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
00:17:01.0278 3956  Dot4Print - ok
00:17:01.0309 3956  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
00:17:01.0309 3956  dot4usb - ok
00:17:01.0372 3956  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
00:17:01.0372 3956  DPS - ok
00:17:01.0387 3956  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:17:01.0387 3956  drmkaud - ok
00:17:01.0481 3956  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
00:17:01.0481 3956  dtsoftbus01 - ok
00:17:01.0575 3956  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:17:01.0590 3956  DXGKrnl - ok
00:17:01.0621 3956  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
00:17:01.0621 3956  EapHost - ok
00:17:01.0699 3956  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
00:17:01.0731 3956  ebdrv - ok
00:17:01.0809 3956  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
00:17:01.0809 3956  EFS - ok
00:17:01.0871 3956  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:17:01.0887 3956  ehRecvr - ok
00:17:01.0949 3956  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
00:17:01.0949 3956  ehSched - ok
00:17:02.0027 3956  [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
00:17:02.0027 3956  ElbyCDIO - ok
00:17:02.0074 3956  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
00:17:02.0074 3956  elxstor - ok
00:17:02.0105 3956  [ 524C79054636D2E5751169005006460B ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
00:17:02.0105 3956  enecir - ok
00:17:02.0136 3956  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:17:02.0136 3956  ErrDev - ok
00:17:02.0214 3956  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
00:17:02.0214 3956  EventSystem - ok
00:17:02.0261 3956  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
00:17:02.0261 3956  exfat - ok
00:17:02.0292 3956  ezSharedSvc - ok
00:17:02.0323 3956  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:17:02.0323 3956  fastfat - ok
00:17:02.0401 3956  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
00:17:02.0417 3956  Fax - ok
00:17:02.0448 3956  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
00:17:02.0448 3956  fdc - ok
00:17:02.0464 3956  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
00:17:02.0464 3956  fdPHost - ok
00:17:02.0495 3956  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:17:02.0495 3956  FDResPub - ok
00:17:02.0542 3956  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:17:02.0542 3956  FileInfo - ok
00:17:02.0573 3956  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:17:02.0573 3956  Filetrace - ok
00:17:02.0635 3956  [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:17:02.0635 3956  FLEXnet Licensing Service - ok
00:17:02.0682 3956  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
00:17:02.0682 3956  flpydisk - ok
00:17:02.0760 3956  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:17:02.0776 3956  FltMgr - ok
00:17:02.0854 3956  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
00:17:02.0869 3956  FontCache - ok
00:17:02.0947 3956  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:17:02.0947 3956  FontCache3.0.0.0 - ok
00:17:02.0994 3956  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:17:02.0994 3956  FsDepends - ok
00:17:03.0088 3956  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:17:03.0088 3956  Fs_Rec - ok
00:17:03.0150 3956  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:17:03.0150 3956  fvevol - ok
00:17:03.0181 3956  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
00:17:03.0181 3956  gagp30kx - ok
00:17:03.0275 3956  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
00:17:03.0275 3956  gpsvc - ok
00:17:03.0431 3956  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:17:03.0431 3956  gupdate - ok
00:17:03.0447 3956  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:17:03.0447 3956  gupdatem - ok
00:17:03.0525 3956  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:17:03.0525 3956  gusvc - ok
00:17:03.0571 3956  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:17:03.0571 3956  hcw85cir - ok
00:17:03.0649 3956  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:17:03.0649 3956  HdAudAddService - ok
00:17:03.0696 3956  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
00:17:03.0696 3956  HDAudBus - ok
00:17:03.0712 3956  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
00:17:03.0712 3956  HidBatt - ok
00:17:03.0743 3956  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
00:17:03.0743 3956  HidBth - ok
00:17:03.0774 3956  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
00:17:03.0774 3956  HidIr - ok
00:17:03.0821 3956  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
00:17:03.0821 3956  hidserv - ok
00:17:03.0837 3956  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:17:03.0837 3956  HidUsb - ok
00:17:03.0915 3956  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:17:03.0915 3956  hkmsvc - ok
00:17:03.0993 3956  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:17:03.0993 3956  HomeGroupListener - ok
00:17:04.0071 3956  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:17:04.0071 3956  HomeGroupProvider - ok
00:17:04.0117 3956  [ 0141816A095A3F5A83FFA5B4A47B8023 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
00:17:04.0133 3956  HP Health Check Service - ok
00:17:04.0180 3956  [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
00:17:04.0180 3956  hpdskflt - ok
00:17:04.0351 3956  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
00:17:04.0351 3956  hpqcxs08 - ok
00:17:04.0414 3956  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
00:17:04.0414 3956  hpqddsvc - ok
00:17:04.0445 3956  [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
00:17:04.0445 3956  HpqKbFiltr - ok
00:17:04.0492 3956  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
00:17:04.0492 3956  hpqwmiex - ok
00:17:04.0554 3956  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:17:04.0554 3956  HpSAMD - ok
00:17:04.0632 3956  [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
00:17:04.0648 3956  HPSLPSVC - ok
00:17:04.0679 3956  [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv           C:\Windows\system32\Hpservice.exe
00:17:04.0679 3956  hpsrv - ok
00:17:04.0741 3956  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
00:17:04.0741 3956  HTCAND64 - ok
00:17:04.0804 3956  [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
00:17:04.0804 3956  htcnprot - ok
00:17:04.0882 3956  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:17:04.0882 3956  HTTP - ok
00:17:04.0944 3956  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:17:04.0944 3956  hwpolicy - ok
00:17:05.0022 3956  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
00:17:05.0022 3956  i8042prt - ok
00:17:05.0053 3956  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:17:05.0069 3956  iaStorV - ok
00:17:05.0147 3956  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:17:05.0147 3956  IDriverT - ok
00:17:05.0241 3956  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:17:05.0256 3956  idsvc - ok
00:17:05.0412 3956  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
00:17:05.0490 3956  igfx - ok
00:17:05.0537 3956  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
00:17:05.0537 3956  iirsp - ok
00:17:05.0631 3956  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
00:17:05.0631 3956  IKEEXT - ok
00:17:05.0709 3956  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
00:17:05.0709 3956  intelide - ok
00:17:05.0740 3956  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:17:05.0740 3956  intelppm - ok
00:17:05.0771 3956  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:17:05.0771 3956  IPBusEnum - ok
00:17:05.0833 3956  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:17:05.0833 3956  IpFilterDriver - ok
00:17:05.0896 3956  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
00:17:05.0896 3956  IPMIDRV - ok
00:17:05.0927 3956  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:17:05.0927 3956  IPNAT - ok
00:17:05.0974 3956  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:17:05.0974 3956  IRENUM - ok
00:17:06.0005 3956  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:17:06.0005 3956  isapnp - ok
00:17:06.0036 3956  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
00:17:06.0036 3956  iScsiPrt - ok
00:17:06.0099 3956  [ F8844B00C10E386C704C610E95A9847D ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
00:17:06.0099 3956  JMCR - ok
00:17:06.0114 3956  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
00:17:06.0114 3956  kbdclass - ok
00:17:06.0192 3956  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
00:17:06.0192 3956  kbdhid - ok
00:17:06.0208 3956  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
00:17:06.0208 3956  KeyIso - ok
00:17:06.0286 3956  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:17:06.0286 3956  KSecDD - ok
00:17:06.0317 3956  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:17:06.0317 3956  KSecPkg - ok
00:17:06.0333 3956  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:17:06.0333 3956  ksthunk - ok
00:17:06.0395 3956  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:17:06.0395 3956  KtmRm - ok
00:17:06.0489 3956  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
00:17:06.0489 3956  LanmanServer - ok
00:17:06.0567 3956  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:17:06.0567 3956  LanmanWorkstation - ok
00:17:06.0598 3956  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:17:06.0598 3956  lltdio - ok
00:17:06.0645 3956  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:17:06.0645 3956  lltdsvc - ok
00:17:06.0676 3956  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:17:06.0676 3956  lmhosts - ok
00:17:06.0707 3956  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
00:17:06.0707 3956  LSI_FC - ok
00:17:06.0738 3956  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
00:17:06.0738 3956  LSI_SAS - ok
00:17:06.0754 3956  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:17:06.0754 3956  LSI_SAS2 - ok
00:17:06.0801 3956  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:17:06.0801 3956  LSI_SCSI - ok
00:17:06.0847 3956  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
00:17:06.0847 3956  luafv - ok
00:17:06.0910 3956  [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
00:17:06.0925 3956  MBAMProtector - ok
00:17:06.0988 3956  [ 43683E970F008C93C9429EF428147A54 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:17:06.0988 3956  MBAMService - ok
00:17:07.0066 3956  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:17:07.0066 3956  Mcx2Svc - ok
00:17:07.0097 3956  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
00:17:07.0097 3956  megasas - ok
00:17:07.0128 3956  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
00:17:07.0128 3956  MegaSR - ok
00:17:07.0144 3956  MEMSWEEP2 - ok
00:17:07.0269 3956  Microsoft SharePoint Workspace Audit Service - ok
00:17:07.0315 3956  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
00:17:07.0315 3956  MMCSS - ok
00:17:07.0362 3956  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
00:17:07.0362 3956  Modem - ok
00:17:07.0393 3956  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:17:07.0393 3956  monitor - ok
00:17:07.0456 3956  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:17:07.0456 3956  mouclass - ok
00:17:07.0503 3956  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:17:07.0503 3956  mouhid - ok
00:17:07.0565 3956  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:17:07.0565 3956  mountmgr - ok
00:17:07.0643 3956  [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:17:07.0643 3956  MozillaMaintenance - ok
00:17:07.0705 3956  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:17:07.0705 3956  mpio - ok
00:17:07.0737 3956  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:17:07.0737 3956  mpsdrv - ok
00:17:07.0815 3956  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:17:07.0815 3956  MRxDAV - ok
00:17:07.0877 3956  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:17:07.0893 3956  mrxsmb - ok
00:17:07.0924 3956  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:17:07.0924 3956  mrxsmb10 - ok
00:17:07.0971 3956  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:17:07.0986 3956  mrxsmb20 - ok
00:17:08.0033 3956  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
00:17:08.0033 3956  msahci - ok
00:17:08.0064 3956  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:17:08.0064 3956  msdsm - ok
00:17:08.0095 3956  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
00:17:08.0095 3956  MSDTC - ok
00:17:08.0142 3956  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:17:08.0142 3956  Msfs - ok
00:17:08.0173 3956  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:17:08.0173 3956  mshidkmdf - ok
00:17:08.0189 3956  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:17:08.0189 3956  msisadrv - ok
00:17:08.0236 3956  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:17:08.0236 3956  MSiSCSI - ok
00:17:08.0251 3956  msiserver - ok
00:17:08.0283 3956  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:17:08.0283 3956  MSKSSRV - ok
00:17:08.0314 3956  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:17:08.0314 3956  MSPCLOCK - ok
00:17:08.0361 3956  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:17:08.0361 3956  MSPQM - ok
00:17:08.0423 3956  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:17:08.0423 3956  MsRPC - ok
00:17:08.0501 3956  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
00:17:08.0501 3956  mssmbios - ok
00:17:08.0532 3956  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:17:08.0532 3956  MSTEE - ok
00:17:08.0563 3956  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
00:17:08.0563 3956  MTConfig - ok
00:17:08.0610 3956  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
00:17:08.0610 3956  Mup - ok
00:17:08.0688 3956  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
00:17:08.0704 3956  napagent - ok
00:17:08.0719 3956  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:17:08.0719 3956  NativeWifiP - ok
00:17:08.0844 3956  [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
00:17:08.0860 3956  NAUpdate - ok
00:17:08.0907 3956  [ DACA803A8D732FE5EEAA024EC342F81D ] NBVol           C:\Windows\system32\DRIVERS\NBVol.sys
00:17:08.0907 3956  NBVol - ok
00:17:08.0938 3956  [ 6208F622E9E35860DFB0753DFF56F0C0 ] NBVolUp         C:\Windows\system32\DRIVERS\NBVolUp.sys
00:17:08.0953 3956  NBVolUp - ok
00:17:09.0031 3956  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:17:09.0031 3956  NDIS - ok
00:17:09.0078 3956  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:17:09.0078 3956  NdisCap - ok
00:17:09.0094 3956  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:17:09.0094 3956  NdisTapi - ok
00:17:09.0187 3956  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:17:09.0187 3956  Ndisuio - ok
00:17:09.0234 3956  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:17:09.0250 3956  NdisWan - ok
00:17:09.0312 3956  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:17:09.0312 3956  NDProxy - ok
00:17:09.0359 3956  [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
00:17:09.0359 3956  Net Driver HPZ12 - ok
00:17:09.0375 3956  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:17:09.0375 3956  NetBIOS - ok
00:17:09.0453 3956  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:17:09.0453 3956  NetBT - ok
00:17:09.0484 3956  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
00:17:09.0484 3956  Netlogon - ok
00:17:09.0531 3956  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
00:17:09.0546 3956  Netman - ok
00:17:09.0609 3956  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:17:09.0624 3956  NetMsmqActivator - ok
00:17:09.0624 3956  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:17:09.0640 3956  NetPipeActivator - ok
00:17:09.0671 3956  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
00:17:09.0671 3956  netprofm - ok
00:17:09.0687 3956  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:17:09.0687 3956  NetTcpActivator - ok
00:17:09.0702 3956  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:17:09.0702 3956  NetTcpPortSharing - ok
00:17:09.0827 3956  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
00:17:09.0889 3956  netw5v64 - ok
00:17:09.0936 3956  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
00:17:09.0936 3956  nfrd960 - ok
00:17:09.0999 3956  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:17:10.0014 3956  NlaSvc - ok
00:17:10.0030 3956  nlsX86cc - ok
00:17:10.0077 3956  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:17:10.0077 3956  Npfs - ok
00:17:10.0108 3956  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
00:17:10.0108 3956  nsi - ok
00:17:10.0139 3956  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:17:10.0139 3956  nsiproxy - ok
00:17:10.0233 3956  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:17:10.0248 3956  Ntfs - ok
00:17:10.0279 3956  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
00:17:10.0279 3956  Null - ok
00:17:10.0295 3956  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:17:10.0295 3956  nvraid - ok
00:17:10.0373 3956  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:17:10.0373 3956  nvstor - ok
00:17:10.0451 3956  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:17:10.0451 3956  nv_agp - ok
00:17:10.0513 3956  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:17:10.0513 3956  ohci1394 - ok
00:17:10.0560 3956  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:17:10.0576 3956  ose - ok
00:17:10.0747 3956  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:17:10.0810 3956  osppsvc - ok
00:17:10.0857 3956  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:17:10.0872 3956  p2pimsvc - ok
00:17:10.0903 3956  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:17:10.0919 3956  p2psvc - ok
00:17:10.0950 3956  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
00:17:10.0950 3956  Parport - ok
00:17:11.0028 3956  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:17:11.0028 3956  partmgr - ok
00:17:11.0153 3956  [ 68139940B5AC84AFFB7EB1B713BE66E7 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
00:17:11.0153 3956  PassThru Service - ok
00:17:11.0184 3956  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:17:11.0184 3956  PcaSvc - ok
00:17:11.0200 3956  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
00:17:11.0215 3956  pci - ok
00:17:11.0278 3956  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
00:17:11.0278 3956  pciide - ok
00:17:11.0293 3956  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
00:17:11.0293 3956  pcmcia - ok
00:17:11.0325 3956  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:17:11.0325 3956  pcw - ok
00:17:11.0387 3956  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:17:11.0403 3956  PEAUTH - ok
00:17:11.0512 3956  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:17:11.0512 3956  PerfHost - ok
00:17:11.0621 3956  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
00:17:11.0637 3956  pla - ok
00:17:11.0715 3956  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:17:11.0715 3956  PlugPlay - ok
00:17:11.0746 3956  [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:17:11.0746 3956  Pml Driver HPZ12 - ok
00:17:11.0761 3956  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:17:11.0777 3956  PNRPAutoReg - ok
00:17:11.0808 3956  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:17:11.0808 3956  PNRPsvc - ok
00:17:11.0871 3956  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:17:11.0886 3956  PolicyAgent - ok
00:17:11.0949 3956  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
00:17:11.0949 3956  Power - ok
00:17:12.0027 3956  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:17:12.0027 3956  PptpMiniport - ok
00:17:12.0058 3956  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
00:17:12.0058 3956  Processor - ok
00:17:12.0136 3956  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
00:17:12.0136 3956  ProfSvc - ok
00:17:12.0151 3956  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:17:12.0151 3956  ProtectedStorage - ok
00:17:12.0214 3956  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:17:12.0214 3956  Psched - ok
00:17:12.0276 3956  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
00:17:12.0292 3956  ql2300 - ok
00:17:12.0323 3956  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
00:17:12.0323 3956  ql40xx - ok
00:17:12.0370 3956  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
00:17:12.0370 3956  QWAVE - ok
00:17:12.0401 3956  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:17:12.0401 3956  QWAVEdrv - ok
00:17:12.0432 3956  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
00:17:12.0448 3956  RapiMgr - ok
00:17:12.0463 3956  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:17:12.0463 3956  RasAcd - ok
00:17:12.0495 3956  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:17:12.0495 3956  RasAgileVpn - ok
00:17:12.0526 3956  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
00:17:12.0526 3956  RasAuto - ok
00:17:12.0588 3956  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:17:12.0588 3956  Rasl2tp - ok
00:17:12.0666 3956  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
00:17:12.0666 3956  RasMan - ok
00:17:12.0697 3956  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:17:12.0697 3956  RasPppoe - ok
00:17:12.0713 3956  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:17:12.0713 3956  RasSstp - ok
00:17:12.0791 3956  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:17:12.0807 3956  rdbss - ok
00:17:12.0838 3956  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
00:17:12.0838 3956  rdpbus - ok
00:17:12.0869 3956  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:17:12.0869 3956  RDPCDD - ok
00:17:12.0916 3956  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:17:12.0916 3956  RDPENCDD - ok
00:17:12.0947 3956  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:17:12.0947 3956  RDPREFMP - ok
00:17:13.0009 3956  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:17:13.0009 3956  RDPWD - ok
00:17:13.0072 3956  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:17:13.0072 3956  rdyboost - ok
00:17:13.0119 3956  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:17:13.0119 3956  RemoteAccess - ok
00:17:13.0165 3956  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:17:13.0165 3956  RemoteRegistry - ok
00:17:13.0197 3956  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:17:13.0197 3956  RpcEptMapper - ok
00:17:13.0243 3956  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
00:17:13.0243 3956  RpcLocator - ok
00:17:13.0321 3956  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
00:17:13.0321 3956  RpcSs - ok
00:17:13.0384 3956  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:17:13.0384 3956  rspndr - ok
00:17:13.0431 3956  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
00:17:13.0431 3956  RTL8167 - ok
00:17:13.0493 3956  [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
00:17:13.0493 3956  s0016bus - ok
00:17:13.0540 3956  [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
00:17:13.0540 3956  s0016mdfl - ok
00:17:13.0555 3956  [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
00:17:13.0555 3956  s0016mdm - ok
00:17:13.0618 3956  [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
00:17:13.0633 3956  s0016mgmt - ok
00:17:13.0696 3956  [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
00:17:13.0696 3956  s0016nd5 - ok
00:17:13.0711 3956  [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
00:17:13.0711 3956  s0016obex - ok
00:17:13.0743 3956  [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
00:17:13.0743 3956  s0016unic - ok
00:17:13.0774 3956  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
00:17:13.0774 3956  SamSs - ok
00:17:13.0821 3956  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
00:17:13.0821 3956  SASDIFSV - ok
00:17:13.0867 3956  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
00:17:13.0867 3956  SASKUTIL - ok
00:17:13.0930 3956  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:17:13.0930 3956  sbp2port - ok
00:17:13.0977 3956  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:17:13.0977 3956  SCardSvr - ok
00:17:14.0039 3956  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:17:14.0039 3956  scfilter - ok
00:17:14.0117 3956  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
00:17:14.0133 3956  Schedule - ok
00:17:14.0195 3956  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:17:14.0195 3956  SCPolicySvc - ok
00:17:14.0226 3956  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
00:17:14.0226 3956  sdbus - ok
00:17:14.0289 3956  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:17:14.0304 3956  SDRSVC - ok
00:17:14.0367 3956  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:17:14.0367 3956  secdrv - ok
00:17:14.0429 3956  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
00:17:14.0429 3956  seclogon - ok
00:17:14.0476 3956  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
00:17:14.0476 3956  SENS - ok
00:17:14.0507 3956  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:17:14.0507 3956  SensrSvc - ok
00:17:14.0523 3956  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
00:17:14.0523 3956  Serenum - ok
00:17:14.0554 3956  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:17:14.0554 3956  Serial - ok
00:17:14.0616 3956  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
00:17:14.0616 3956  sermouse - ok
00:17:14.0694 3956  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
00:17:14.0694 3956  SessionEnv - ok
00:17:14.0772 3956  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:17:14.0772 3956  sffdisk - ok
00:17:14.0803 3956  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:17:14.0803 3956  sffp_mmc - ok
00:17:14.0819 3956  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:17:14.0819 3956  sffp_sd - ok
00:17:14.0835 3956  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
00:17:14.0835 3956  sfloppy - ok
00:17:14.0881 3956  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:17:14.0881 3956  ShellHWDetection - ok
00:17:14.0928 3956  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:17:14.0928 3956  SiSRaid2 - ok
00:17:14.0975 3956  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
00:17:14.0975 3956  SiSRaid4 - ok
00:17:15.0006 3956  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:17:15.0006 3956  Smb - ok
00:17:15.0053 3956  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:17:15.0053 3956  SNMPTRAP - ok
00:17:15.0100 3956  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:17:15.0100 3956  spldr - ok
00:17:15.0193 3956  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
00:17:15.0193 3956  Spooler - ok
00:17:15.0318 3956  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
00:17:15.0365 3956  sppsvc - ok
00:17:15.0396 3956  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:17:15.0396 3956  sppuinotify - ok
00:17:15.0427 3956  sptd - ok
00:17:15.0521 3956  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:17:15.0521 3956  srv - ok
00:17:15.0552 3956  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:17:15.0552 3956  srv2 - ok
00:17:15.0599 3956  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:17:15.0599 3956  SrvHsfHDA - ok
00:17:15.0646 3956  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:17:15.0661 3956  SrvHsfV92 - ok
00:17:15.0708 3956  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:17:15.0724 3956  SrvHsfWinac - ok
00:17:15.0802 3956  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:17:15.0802 3956  srvnet - ok
00:17:15.0849 3956  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:17:15.0849 3956  SSDPSRV - ok
00:17:15.0880 3956  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:17:15.0880 3956  SstpSvc - ok
00:17:15.0973 3956  [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
00:17:15.0973 3956  STacSV - ok
00:17:16.0020 3956  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
00:17:16.0020 3956  stexstor - ok
00:17:16.0067 3956  [ ED1722F43CE61409EF68340402D6267D ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
00:17:16.0083 3956  STHDA - ok
00:17:16.0145 3956  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
00:17:16.0145 3956  StillCam - ok
00:17:16.0223 3956  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
00:17:16.0223 3956  stisvc - ok
00:17:16.0301 3956  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
00:17:16.0301 3956  swenum - ok
00:17:16.0348 3956  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
00:17:16.0348 3956  swprv - ok
00:17:16.0395 3956  [ 929C9FA0B18AD2EBC8340591C4BF00FF ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
00:17:16.0395 3956  SynTP - ok
00:17:16.0488 3956  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
00:17:16.0519 3956  SysMain - ok
00:17:16.0582 3956  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:17:16.0597 3956  TabletInputService - ok
00:17:16.0597 3956  tandpl - ok
00:17:16.0675 3956  [ 4EF44915E522F3ECD1A3FF540AA64126 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
00:17:16.0675 3956  tap0901 - ok
00:17:16.0707 3956  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:17:16.0707 3956  TapiSrv - ok
00:17:16.0753 3956  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
00:17:16.0753 3956  TBS - ok
00:17:16.0863 3956  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:17:16.0894 3956  Tcpip - ok
00:17:16.0925 3956  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:17:16.0941 3956  TCPIP6 - ok
00:17:17.0034 3956  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:17:17.0034 3956  tcpipreg - ok
00:17:17.0065 3956  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:17:17.0081 3956  TDPIPE - ok
00:17:17.0128 3956  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:17:17.0143 3956  TDTCP - ok
00:17:17.0221 3956  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:17:17.0221 3956  tdx - ok
00:17:17.0284 3956  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
00:17:17.0299 3956  TermDD - ok
00:17:17.0362 3956  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
00:17:17.0377 3956  TermService - ok
00:17:17.0424 3956  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
00:17:17.0424 3956  Themes - ok
00:17:17.0455 3956  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
00:17:17.0471 3956  THREADORDER - ok
00:17:17.0502 3956  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
00:17:17.0518 3956  TrkWks - ok
00:17:17.0611 3956  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:17:17.0611 3956  TrustedInstaller - ok
00:17:17.0674 3956  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:17:17.0689 3956  tssecsrv - ok
00:17:17.0752 3956  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:17:17.0752 3956  TsUsbFlt - ok
00:17:17.0814 3956  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:17:17.0814 3956  tunnel - ok
00:17:17.0845 3956  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
00:17:17.0845 3956  uagp35 - ok
00:17:17.0908 3956  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:17:17.0908 3956  udfs - ok
00:17:17.0986 3956  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:17:17.0986 3956  UI0Detect - ok
00:17:18.0048 3956  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:17:18.0048 3956  uliagpkx - ok
00:17:18.0126 3956  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:17:18.0126 3956  umbus - ok
00:17:18.0157 3956  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
00:17:18.0157 3956  UmPass - ok
00:17:18.0204 3956  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
00:17:18.0204 3956  upnphost - ok
00:17:18.0282 3956  [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
00:17:18.0282 3956  USBAAPL64 - ok
00:17:18.0313 3956  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
00:17:18.0313 3956  usbaudio - ok
00:17:18.0329 3956  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:17:18.0329 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6F1A3157A1C89435352CEB543CDB359C
00:17:18.0345 3956  usbccgp ( LockedFile.Multi.Generic ) - warning
00:17:18.0345 3956  usbccgp - detected LockedFile.Multi.Generic (1)
00:17:18.0376 3956  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:17:18.0376 3956  Suspicious file (NoAccess): C:\Windows\system32\drivers\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7
00:17:18.0391 3956  usbcir ( LockedFile.Multi.Generic ) - warning
00:17:18.0391 3956  usbcir - detected LockedFile.Multi.Generic (1)
00:17:18.0423 3956  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
00:17:18.0423 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbehci.sys. md5: C025055FE7B87701EB042095DF1A2D7B
00:17:18.0438 3956  usbehci ( LockedFile.Multi.Generic ) - warning
00:17:18.0438 3956  usbehci - detected LockedFile.Multi.Generic (1)
00:17:18.0469 3956  [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
00:17:18.0469 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbfilter.sys. md5: 44D9C773FEBFF10593B50DDFC2D6BC27
00:17:18.0485 3956  usbfilter ( LockedFile.Multi.Generic ) - warning
00:17:18.0485 3956  usbfilter - detected LockedFile.Multi.Generic (1)
00:17:18.0516 3956  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:17:18.0516 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 287C6C9410B111B68B52CA298F7B8C24
00:17:18.0532 3956  usbhub ( LockedFile.Multi.Generic ) - warning
00:17:18.0532 3956  usbhub - detected LockedFile.Multi.Generic (1)
00:17:18.0610 3956  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
00:17:18.0610 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbohci.sys. md5: 9840FC418B4CBD632D3D0A667A725C31
00:17:18.0610 3956  usbohci ( LockedFile.Multi.Generic ) - warning
00:17:18.0610 3956  usbohci - detected LockedFile.Multi.Generic (1)
00:17:18.0641 3956  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:17:18.0641 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D
00:17:18.0672 3956  usbprint ( LockedFile.Multi.Generic ) - warning
00:17:18.0672 3956  usbprint - detected LockedFile.Multi.Generic (1)
00:17:18.0735 3956  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:17:18.0735 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usbscan.sys. md5: AAA2513C8AED8B54B189FD0C6B1634C0
00:17:18.0735 3956  usbscan ( LockedFile.Multi.Generic ) - warning
00:17:18.0735 3956  usbscan - detected LockedFile.Multi.Generic (1)
00:17:18.0766 3956  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:17:18.0766 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6
00:17:18.0781 3956  USBSTOR ( LockedFile.Multi.Generic ) - warning
00:17:18.0781 3956  USBSTOR - detected LockedFile.Multi.Generic (1)
00:17:18.0797 3956  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
00:17:18.0797 3956  Suspicious file (NoAccess): C:\Windows\system32\drivers\usbuhci.sys. md5: 62069A34518BCF9C1FD9E74B3F6DB7CD
00:17:18.0813 3956  usbuhci ( LockedFile.Multi.Generic ) - warning
00:17:18.0813 3956  usbuhci - detected LockedFile.Multi.Generic (1)
00:17:18.0844 3956  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
00:17:18.0844 3956  Suspicious file (NoAccess): C:\Windows\system32\Drivers\usbvideo.sys. md5: 454800C2BC7F3927CE030141EE4F4C50
00:17:18.0844 3956  usbvideo ( LockedFile.Multi.Generic ) - warning
00:17:18.0844 3956  usbvideo - detected LockedFile.Multi.Generic (1)
00:17:18.0906 3956  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
00:17:18.0906 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\usb8023x.sys. md5: 70D05EE263568A742D14E1876DF80532
00:17:18.0922 3956  usb_rndisx ( LockedFile.Multi.Generic ) - warning
00:17:18.0922 3956  usb_rndisx - detected LockedFile.Multi.Generic (1)
00:17:18.0969 3956  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
00:17:18.0969 3956  UxSms - ok
00:17:19.0000 3956  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
00:17:19.0000 3956  VaultSvc - ok
00:17:19.0062 3956  [ F0FAF3FB9B138F8CAFB65ECFFE9F4AB6 ] vcd10bus        C:\Windows\system32\DRIVERS\vcd10bus.sys
00:17:19.0062 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vcd10bus.sys. md5: F0FAF3FB9B138F8CAFB65ECFFE9F4AB6
00:17:19.0078 3956  vcd10bus ( LockedFile.Multi.Generic ) - warning
00:17:19.0078 3956  vcd10bus - detected LockedFile.Multi.Generic (1)
00:17:19.0109 3956  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:17:19.0109 3956  Suspicious file (NoAccess): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD
00:17:19.0125 3956  vdrvroot ( LockedFile.Multi.Generic ) - warning
00:17:19.0125 3956  vdrvroot - detected LockedFile.Multi.Generic (1)
00:17:19.0203 3956  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
00:17:19.0203 3956  vds - ok
00:17:19.0249 3956  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:17:19.0249 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD
00:17:19.0265 3956  vga ( LockedFile.Multi.Generic ) - warning
00:17:19.0265 3956  vga - detected LockedFile.Multi.Generic (1)
00:17:19.0296 3956  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:17:19.0296 3956  Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC
00:17:19.0296 3956  VgaSave ( LockedFile.Multi.Generic ) - warning
00:17:19.0296 3956  VgaSave - detected LockedFile.Multi.Generic (1)
00:17:19.0374 3956  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
00:17:19.0374 3956  Suspicious file (NoAccess): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB
00:17:19.0374 3956  vhdmp ( LockedFile.Multi.Generic ) - warning
00:17:19.0374 3956  vhdmp - detected LockedFile.Multi.Generic (1)
00:17:19.0437 3956  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
00:17:19.0437 3956  Suspicious file (NoAccess): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54
00:17:19.0452 3956  viaide ( LockedFile.Multi.Generic ) - warning
00:17:19.0452 3956  viaide - detected LockedFile.Multi.Generic (1)
00:17:19.0499 3956  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:17:19.0499 3956  Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0
00:17:19.0515 3956  volmgr ( LockedFile.Multi.Generic ) - warning
00:17:19.0515 3956  volmgr - detected LockedFile.Multi.Generic (1)
00:17:19.0577 3956  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:17:19.0577 3956  Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B
00:17:19.0577 3956  volmgrx ( LockedFile.Multi.Generic ) - warning
00:17:19.0577 3956  volmgrx - detected LockedFile.Multi.Generic (1)
00:17:19.0608 3956  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:17:19.0608 3956  Suspicious file (NoAccess): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639
00:17:19.0608 3956  volsnap ( LockedFile.Multi.Generic ) - warning
00:17:19.0608 3956  volsnap - detected LockedFile.Multi.Generic (1)
00:17:19.0639 3956  [ 13E6D95E7AC67ABB7A1196557EF8849F ] vpnva           C:\Windows\system32\DRIVERS\vpnva64.sys
00:17:19.0639 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vpnva64.sys. md5: 13E6D95E7AC67ABB7A1196557EF8849F
00:17:19.0655 3956  vpnva ( LockedFile.Multi.Generic ) - warning
00:17:19.0655 3956  vpnva - detected LockedFile.Multi.Generic (1)
00:17:19.0686 3956  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
00:17:19.0686 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997
00:17:19.0702 3956  vsmraid ( LockedFile.Multi.Generic ) - warning
00:17:19.0702 3956  vsmraid - detected LockedFile.Multi.Generic (1)
00:17:19.0780 3956  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
00:17:20.0139 3956  VSS - ok
00:17:20.0544 3956  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
00:17:20.0544 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1
00:17:20.0560 3956  vwifibus ( LockedFile.Multi.Generic ) - warning
00:17:20.0560 3956  vwifibus - detected LockedFile.Multi.Generic (1)
00:17:20.0591 3956  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
00:17:20.0591 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F
00:17:20.0607 3956  vwififlt ( LockedFile.Multi.Generic ) - warning
00:17:20.0607 3956  vwififlt - detected LockedFile.Multi.Generic (1)
00:17:20.0653 3956  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
00:17:20.0653 3956  W32Time - ok
00:17:20.0700 3956  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
00:17:20.0700 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E
00:17:20.0700 3956  WacomPen ( LockedFile.Multi.Generic ) - warning
00:17:20.0700 3956  WacomPen - detected LockedFile.Multi.Generic (1)
00:17:20.0763 3956  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:17:20.0763 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
00:17:20.0763 3956  WANARP ( LockedFile.Multi.Generic ) - warning
00:17:20.0763 3956  WANARP - detected LockedFile.Multi.Generic (1)
00:17:20.0778 3956  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:17:20.0778 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C
00:17:20.0794 3956  Wanarpv6 ( LockedFile.Multi.Generic ) - warning
00:17:20.0794 3956  Wanarpv6 - detected LockedFile.Multi.Generic (1)
00:17:20.0856 3956  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
00:17:20.0872 3956  WatAdminSvc - ok
00:17:21.0012 3956  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
00:17:21.0028 3956  wbengine - ok
00:17:21.0059 3956  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:17:21.0075 3956  WbioSrvc - ok
00:17:21.0106 3956  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
00:17:21.0121 3956  WcesComm - ok
00:17:21.0231 3956  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:17:21.0231 3956  wcncsvc - ok
00:17:21.0262 3956  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:17:21.0262 3956  WcsPlugInService - ok
00:17:21.0309 3956  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
00:17:21.0309 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC
00:17:21.0324 3956  Wd ( LockedFile.Multi.Generic ) - warning
00:17:21.0324 3956  Wd - detected LockedFile.Multi.Generic (1)
00:17:21.0355 3956  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:17:21.0355 3956  Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441BD2D7B4F98134C3A4F9FA570FD250
00:17:21.0371 3956  Wdf01000 ( LockedFile.Multi.Generic ) - warning
00:17:21.0371 3956  Wdf01000 - detected LockedFile.Multi.Generic (1)
00:17:21.0418 3956  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:17:21.0418 3956  WdiServiceHost - ok
00:17:21.0433 3956  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:17:21.0433 3956  WdiSystemHost - ok
00:17:21.0839 3956  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
00:17:21.0839 3956  WebClient - ok
00:17:21.0917 3956  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:17:21.0917 3956  Wecsvc - ok
00:17:21.0948 3956  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:17:21.0948 3956  wercplsupport - ok
00:17:21.0979 3956  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:17:21.0979 3956  WerSvc - ok
00:17:22.0011 3956  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:17:22.0011 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725
00:17:22.0026 3956  WfpLwf ( LockedFile.Multi.Generic ) - warning
00:17:22.0026 3956  WfpLwf - detected LockedFile.Multi.Generic (1)
00:17:22.0089 3956  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:17:22.0089 3956  Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC
00:17:22.0089 3956  WIMMount ( LockedFile.Multi.Generic ) - warning
00:17:22.0089 3956  WIMMount - detected LockedFile.Multi.Generic (1)
00:17:22.0120 3956  WinHttpAutoProxySvc - ok
00:17:22.0198 3956  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:17:22.0198 3956  Winmgmt - ok
00:17:22.0323 3956  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
00:17:22.0354 3956  WinRM - ok
00:17:22.0447 3956  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
00:17:22.0447 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D
00:17:22.0463 3956  WinUsb ( LockedFile.Multi.Generic ) - warning
00:17:22.0463 3956  WinUsb - detected LockedFile.Multi.Generic (1)
00:17:22.0510 3956  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:17:22.0525 3956  Wlansvc - ok
00:17:22.0635 3956  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
00:17:22.0635 3956  Suspicious file (NoAccess): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778
00:17:22.0635 3956  WmiAcpi ( LockedFile.Multi.Generic ) - warning
00:17:22.0635 3956  WmiAcpi - detected LockedFile.Multi.Generic (1)
00:17:22.0681 3956  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:17:22.0697 3956  wmiApSrv - ok
00:17:22.0744 3956  WMPNetworkSvc - ok
00:17:22.0775 3956  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:17:22.0775 3956  WPCSvc - ok
00:17:22.0837 3956  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:17:22.0853 3956  WPDBusEnum - ok
00:17:22.0900 3956  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:17:22.0900 3956  Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52
00:17:22.0931 3956  ws2ifsl ( LockedFile.Multi.Generic ) - warning
00:17:22.0931 3956  ws2ifsl - detected LockedFile.Multi.Generic (1)
00:17:22.0978 3956  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
00:17:22.0978 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WSDPrint.sys. md5: 8D918B1DB190A4D9B1753A66FA8C96E8
00:17:22.0993 3956  WSDPrintDevice ( LockedFile.Multi.Generic ) - warning
00:17:22.0993 3956  WSDPrintDevice - detected LockedFile.Multi.Generic (1)
00:17:23.0009 3956  WSearch - ok
00:17:23.0040 3956  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:17:23.0040 3956  Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: D3381DC54C34D79B22CEE0D65BA91B7C
00:17:23.0040 3956  WudfPf ( LockedFile.Multi.Generic ) - warning
00:17:23.0040 3956  WudfPf - detected LockedFile.Multi.Generic (1)
00:17:23.0118 3956  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:17:23.0118 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: CF8D590BE3373029D57AF80914190682
00:17:23.0118 3956  WUDFRd ( LockedFile.Multi.Generic ) - warning
00:17:23.0118 3956  WUDFRd - detected LockedFile.Multi.Generic (1)
00:17:23.0196 3956  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:17:23.0196 3956  wudfsvc - ok
00:17:23.0243 3956  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:17:23.0259 3956  WwanSvc - ok
00:17:23.0305 3956  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
00:17:23.0305 3956  Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\yk62x64.sys. md5: B3EEACF62445E24FBB2CD4B0FB4DB026
00:17:23.0337 3956  yukonw7 ( LockedFile.Multi.Generic ) - warning
00:17:23.0337 3956  yukonw7 - detected LockedFile.Multi.Generic (1)
00:17:23.0368 3956  ================ Scan global ===============================
00:17:23.0415 3956  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:17:23.0446 3956  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:17:23.0446 3956  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
00:17:23.0805 3956  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:17:23.0820 3956  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:17:23.0820 3956  [Global] - ok
00:17:23.0820 3956  ================ Scan MBR ==================================
00:17:23.0836 3956  [ 80063A27F44478B1A9B3E74C2F4343C7 ] \Device\Harddisk0\DR0
00:17:24.0023 3956  \Device\Harddisk0\DR0 - ok
00:17:24.0023 3956  ================ Scan VBR ==================================
00:17:24.0023 3956  [ 7D41F354FA0D635070014652ED8E3E69 ] \Device\Harddisk0\DR0\Partition1
00:17:24.0039 3956  \Device\Harddisk0\DR0\Partition1 - ok
00:17:24.0039 3956  [ 746A4F7787ADF6BDE2496981A7E4DCF4 ] \Device\Harddisk0\DR0\Partition2
00:17:24.0039 3956  \Device\Harddisk0\DR0\Partition2 - ok
00:17:24.0070 3956  [ A56F59111126170C67B8F53F8CFB7983 ] \Device\Harddisk0\DR0\Partition3
00:17:24.0070 3956  \Device\Harddisk0\DR0\Partition3 - ok
00:17:24.0085 3956  [ 5CC30615B7303DAAF7C6C3B06F714532 ] \Device\Harddisk0\DR0\Partition4
00:17:24.0085 3956  \Device\Harddisk0\DR0\Partition4 - ok
00:17:24.0085 3956  ============================================================
00:17:24.0085 3956  Scan finished
00:17:24.0085 3956  ============================================================
00:17:24.0101 4996  Detected object count: 40
00:17:24.0101 4996  Actual detected object count: 40
00:18:21.0322 4996  c4654bb66a72af8 ( Rootkit.Win32.Necurs.gen ) - skipped by user
00:18:21.0322 4996  c4654bb66a72af8 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip 
00:18:21.0322 4996  usbccgp ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0322 4996  usbccgp ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0322 4996  usbcir ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0322 4996  usbcir ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0322 4996  usbehci ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0322 4996  usbehci ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0322 4996  usbfilter ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0322 4996  usbfilter ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0322 4996  usbhub ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0322 4996  usbhub ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0322 4996  usbohci ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0322 4996  usbohci ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0338 4996  usbprint ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0338 4996  usbprint ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0338 4996  usbscan ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0338 4996  usbscan ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0338 4996  USBSTOR ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0338 4996  USBSTOR ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0338 4996  usbuhci ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0338 4996  usbuhci ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0338 4996  usbvideo ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0338 4996  usbvideo ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0338 4996  usb_rndisx ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0338 4996  usb_rndisx ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0338 4996  vcd10bus ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0338 4996  vcd10bus ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0353 4996  vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0353 4996  vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0353 4996  vga ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0353 4996  vga ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0353 4996  VgaSave ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0353 4996  VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0353 4996  vhdmp ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0353 4996  vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0353 4996  viaide ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0353 4996  viaide ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0353 4996  volmgr ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0353 4996  volmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0353 4996  volmgrx ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0353 4996  volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0369 4996  volsnap ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0369 4996  volsnap ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0369 4996  vpnva ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0369 4996  vpnva ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0369 4996  vsmraid ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0369 4996  vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0369 4996  vwifibus ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0369 4996  vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0369 4996  vwififlt ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0369 4996  vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0369 4996  WacomPen ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0369 4996  WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0369 4996  WANARP ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0369 4996  WANARP ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0384 4996  Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0384 4996  Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0384 4996  Wd ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0384 4996  Wd ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0384 4996  Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0384 4996  Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0384 4996  WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0384 4996  WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0384 4996  WIMMount ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0384 4996  WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0384 4996  WinUsb ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0384 4996  WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0384 4996  WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0384 4996  WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0400 4996  ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0400 4996  ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0400 4996  WSDPrintDevice ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0400 4996  WSDPrintDevice ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0400 4996  WudfPf ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0400 4996  WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0400 4996  WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0400 4996  WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:21.0400 4996  yukonw7 ( LockedFile.Multi.Generic ) - skipped by user
00:18:21.0400 4996  yukonw7 ( LockedFile.Multi.Generic ) - User select action: Skip 
00:18:55.0470 6828  Deinitialize success

Liebe Grüße!

Larusso · 04.09.2012, 23:31

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

akakesios · 05.09.2012, 00:40

Danke Daniel für deine schnelle Hilfe!

Hier das Logfile:

Code:

ATTFilter

ComboFix 12-09-04.02 - *** 05.09.2012   1:11.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4092.1529 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-04 bis 2012-09-04  ))))))))))))))))))))))))))))))
.
.
2012-09-04 23:23 . 2012-09-04 23:23	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-09-04 23:23 . 2012-09-04 23:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-04 17:57 . 2012-09-04 17:57	--------	d-----w-	c:\users\***\AppData\Roaming\HPAppData
2012-09-04 09:52 . 2012-09-04 09:52	--------	d-----w-	c:\users\***\AppData\Local\Macromedia
2012-09-04 09:47 . 2012-09-04 09:47	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-09-03 18:38 . 2012-09-03 18:38	--------	d-----w-	C:\AULOGS
2012-09-03 14:10 . 2012-09-03 14:10	--------	d-----w-	c:\program files (x86)\Conduit
2012-09-03 14:10 . 2012-09-03 14:24	--------	d-----w-	c:\users\***\AppData\Local\Conduit
2012-09-03 13:49 . 2012-09-03 13:49	--------	d-----w-	c:\users\***\AppData\Roaming\Softland
2012-09-03 13:49 . 2010-02-05 13:00	1700352	----a-w-	c:\windows\system32\GdiPlus.dll
2012-09-03 13:21 . 2012-09-03 13:21	--------	d-----w-	c:\users\***\AppData\Roaming\Nitro PDF
2012-09-03 13:20 . 2011-02-28 22:37	95008	----a-w-	c:\windows\system32\Primomonnt.dll
2012-09-03 13:20 . 2012-09-03 14:01	--------	d-----w-	c:\users\***\AppData\Roaming\OpenCandy
2012-09-03 10:43 . 2012-08-03 19:38	107432	----a-r-	c:\windows\system32\drivers\acsock64.sys
2012-08-30 09:04 . 2012-08-30 09:04	--------	d-----w-	c:\users\***\AppData\Roaming\Engelmann Media
2012-08-30 09:01 . 2012-08-30 09:01	--------	d-----w-	c:\program files (x86)\Common Files\HDX4
2012-08-22 11:46 . 2012-08-22 11:47	--------	d-----w-	c:\users\***\Calibre Bibliothek
2012-08-16 19:38 . 2012-07-18 18:15	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-08-16 19:38 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 09:51 . 2012-04-06 12:13	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-04 09:51 . 2011-09-25 01:19	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 08:26 . 2012-08-31 07:29	9310152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{909E8FCB-C623-4048-9A8D-7F8DEC109C74}\mpengine.dll
2012-08-17 06:56 . 2010-05-02 14:30	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-08-03 11:53 . 2012-08-03 11:53	145912	----a-w-	c:\windows\SysWow64\vpnweb.ocx
2012-07-24 23:49 . 2012-07-24 23:49	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2012-07-05 20:06 . 2012-07-26 02:46	772544	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2010-04-17 16:43	687544	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:46 . 2012-03-20 15:24	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
2012-06-09 05:43 . 2012-07-11 19:05	14172672	----a-w-	c:\windows\system32\shell32.dll
1601-01-01 00:00 . 1601-01-01 00:00	0	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys	ERROR(0x00000005)
2011-07-03 06:23	59837	--sh--w-	c:\windows\dtmn.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-07-24_21.30.15   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-09-03 02:49	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-24 21:29	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-24 21:29	49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-03 02:49	49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-03 02:49	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-24 21:29	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-01 16:53 . 2012-09-04 23:28	75612              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-04 23:28	72562              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-13 14:09 . 2012-09-04 23:28	21016              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2814579153-1674331957-496315902-1001_UserData.bin
- 2009-07-14 05:30 . 2012-06-28 20:38	86016              c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-09-03 02:33	86016              c:\windows\system32\DriverStore\infpub.dat
+ 2012-09-03 02:54 . 2012-09-03 09:17	32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-09-03 02:54 . 2012-09-03 03:14	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012090320120904\index.dat
+ 2009-07-14 04:54 . 2012-09-04 22:56	98304              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-09-03 02:54 . 2012-09-03 02:54	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
+ 2012-09-03 02:54 . 2012-09-03 09:17	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2010-04-13 14:13 . 2012-07-21 18:54	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-13 14:13 . 2012-09-03 18:44	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-09-03 16:45	94472              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-04-13 14:13 . 2012-09-03 18:44	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-13 14:13 . 2012-07-21 18:54	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-13 14:13 . 2012-09-03 18:44	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-13 14:13 . 2012-07-21 18:54	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-13 14:11 . 2012-09-04 23:29	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-13 14:11 . 2012-07-24 21:29	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-13 14:11 . 2012-07-24 21:14	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-13 14:11 . 2012-09-04 23:29	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-09 22:29 . 2012-05-09 22:29	49936              c:\windows\Installer\{95120000-00AF-0407-0000-0000000FF1CE}\ppvwicon.exe
+ 2012-08-17 07:02 . 2012-08-17 07:02	49936              c:\windows\Installer\{95120000-00AF-0407-0000-0000000FF1CE}\ppvwicon.exe
- 2011-12-04 11:24 . 2012-07-12 01:04	34144              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-12-04 11:24 . 2012-08-17 07:01	34144              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2011-12-04 11:24 . 2012-08-17 07:01	43608              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
- 2011-12-04 11:24 . 2012-07-12 01:04	19296              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-12-04 11:24 . 2012-08-17 07:01	19296              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-08-17 07:02 . 2012-08-17 07:02	35600              c:\windows\Installer\{90120000-0020-0407-0000-0000000FF1CE}\O12ConvIcon.exe
- 2012-05-09 22:39 . 2012-05-09 22:39	35600              c:\windows\Installer\{90120000-0020-0407-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-07-27 18:21 . 2012-07-27 18:21	12800              c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2012-02-23 20:15 . 2012-02-23 20:15	12800              c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2012-02-23 20:15 . 2012-02-23 20:15	53248              c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2012-07-27 18:21 . 2012-07-27 18:21	53248              c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2012-09-04 23:26 . 2012-09-04 23:26	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-24 21:29 . 2012-07-24 21:29	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-04 23:26 . 2012-09-04 23:26	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-24 21:29 . 2012-07-24 21:29	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-04 09:51 . 2012-09-04 09:51	690888              c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe
+ 2012-08-16 19:35 . 2012-08-16 19:35	686792              c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
+ 2012-08-16 19:35 . 2012-08-16 19:35	466632              c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll
+ 2012-04-06 12:13 . 2012-09-04 09:51	250568              c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-07-26 02:46 . 2012-07-26 02:45	227824              c:\windows\SysWOW64\javaws.exe
+ 2012-07-26 02:46 . 2012-07-26 02:45	174064              c:\windows\SysWOW64\javaw.exe
+ 2012-07-26 02:46 . 2012-07-26 02:45	174064              c:\windows\SysWOW64\java.exe
+ 2010-04-19 16:03 . 2012-08-25 10:40	389234              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-04-13 16:54 . 2012-09-04 06:31	429316              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2012-09-03 13:20 . 2009-12-21 01:42	733696              c:\windows\system32\spool\drivers\x64\pscript5.dll
+ 2012-09-03 13:20 . 2009-12-21 01:42	237568              c:\windows\system32\spool\drivers\x64\ps5ui.dll
- 2009-07-14 02:36 . 2012-07-20 16:24	668786              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-01 09:57	668786              c:\windows\system32\perfh009.dat
+ 2009-10-02 02:40 . 2012-09-01 09:57	716532              c:\windows\system32\perfh007.dat
- 2009-10-02 02:40 . 2012-07-20 16:24	716532              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-09-01 09:57	128614              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-20 16:24	128614              c:\windows\system32\perfc009.dat
- 2009-10-02 02:40 . 2012-07-20 16:24	157184              c:\windows\system32\perfc007.dat
+ 2009-10-02 02:40 . 2012-09-01 09:57	157184              c:\windows\system32\perfc007.dat
+ 2012-09-04 09:51 . 2012-09-04 09:51	420552              c:\windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_Plugin.exe
+ 2012-08-16 19:35 . 2012-08-16 19:35	417992              c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.exe
+ 2012-08-16 19:35 . 2012-08-16 19:35	513224              c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.dll
+ 2009-07-14 05:30 . 2012-09-03 02:28	143360              c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-06-28 20:38	143360              c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-09-03 02:33	143360              c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-06-28 20:38	143360              c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:12 . 2012-09-04 22:56	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-07-24 18:21	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-11-23 23:23 . 2012-09-04 22:56	114688              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 05:01 . 2012-07-24 21:26	485948              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-04 23:24	485948              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-26 02:47 . 2012-07-26 02:47	179200              c:\windows\Installer\2b9810d.msi
+ 2012-07-04 05:59 . 2012-07-04 05:59	261120              c:\windows\Installer\11c944c0.msp
- 2011-12-04 11:24 . 2012-07-12 01:04	415584              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-12-04 11:24 . 2012-08-17 07:01	415584              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-12-04 11:24 . 2012-08-17 07:01	303456              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2011-12-04 11:24 . 2012-07-12 01:04	303456              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2011-12-04 11:24 . 2012-08-17 07:01	571232              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2011-12-04 11:24 . 2012-07-12 01:04	571232              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2011-12-04 11:24 . 2012-08-17 07:01	326496              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
- 2011-12-04 11:24 . 2012-07-12 01:04	326496              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-12-04 11:24 . 2012-08-17 07:01	470616              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2011-12-04 11:24 . 2012-07-12 01:04	470616              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2011-12-04 11:24 . 2012-08-17 07:01	178528              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
- 2011-12-04 11:24 . 2012-07-12 01:04	178528              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
+ 2009-01-18 14:00 . 2009-01-18 14:00	598016              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB7449A0100000010\9.1.0\AXSLE.dll
+ 2012-01-03 07:37 . 2012-01-03 07:37	320456              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB7449A0100000010\9.1.0\adobearmhelper.exe
- 2012-02-23 20:15 . 2012-02-23 20:15	223232              c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2012-07-27 18:21 . 2012-07-27 18:21	223232              c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2012-07-27 18:21 . 2012-07-27 18:21	178176              c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2012-02-23 20:15 . 2012-02-23 20:15	178176              c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2012-07-27 18:21 . 2012-07-27 18:21	364544              c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2012-02-23 20:15 . 2012-02-23 20:15	364544              c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2012-02-23 20:15 . 2012-02-23 20:15	159232              c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2012-07-27 18:21 . 2012-07-27 18:21	159232              c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2012-02-23 20:15 . 2012-02-23 20:15	145920              c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2012-07-27 18:21 . 2012-07-27 18:21	145920              c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2012-02-23 20:15 . 2012-02-23 20:15	578560              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-27 18:21 . 2012-07-27 18:21	578560              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-27 18:21 . 2012-07-27 18:21	578560              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 20:15 . 2012-02-23 20:15	578560              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 20:15 . 2012-02-23 20:15	577536              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-27 18:21 . 2012-07-27 18:21	577536              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 20:15 . 2012-02-23 20:15	577536              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-27 18:21 . 2012-07-27 18:21	577536              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-27 18:21 . 2012-07-27 18:21	577024              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 20:15 . 2012-02-23 20:15	577024              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-27 18:21 . 2012-07-27 18:21	576000              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 20:15 . 2012-02-23 20:15	576000              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-27 18:21 . 2012-07-27 18:21	567296              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 20:15 . 2012-02-23 20:15	567296              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 20:15 . 2012-02-23 20:15	563712              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-27 18:21 . 2012-07-27 18:21	563712              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 20:15 . 2012-02-23 20:15	473600              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-07-27 18:21 . 2012-07-27 18:21	473600              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2012-09-04 09:51 . 2012-09-04 09:51	9813704              c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
+ 2012-09-04 09:51 . 2012-09-04 09:51	1807560              c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
- 2009-07-14 04:45 . 2012-07-12 01:23	4992784              c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-08-30 06:49	4992784              c:\windows\system32\FNTCACHE.DAT
+ 2012-07-11 20:08 . 2012-09-04 22:56	2031616              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:45 . 2012-08-30 06:52	7100862              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-07-12 01:27	7100862              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-10-01 20:15 . 2012-08-30 19:12	9226712              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-04-16 01:01 . 2012-09-04 23:24	8624084              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2814579153-1674331957-496315902-1001-12288.dat
+ 2012-07-31 16:18 . 2012-07-31 16:18	5018624              c:\windows\Installer\33bb6.msp
+ 2012-06-26 16:03 . 2012-06-26 16:03	3875840              c:\windows\Installer\11c9456a.msp
+ 2012-07-19 00:45 . 2012-07-19 00:45	3464704              c:\windows\Installer\11c94560.msp
+ 2012-07-04 06:04 . 2012-07-04 06:04	1292288              c:\windows\Installer\11c94548.msp
+ 2012-07-04 06:12 . 2012-07-04 06:12	4772352              c:\windows\Installer\11c9453d.msp
+ 2012-07-04 06:09 . 2012-07-04 06:09	1284096              c:\windows\Installer\11c94524.msp
+ 2012-07-04 06:01 . 2012-07-04 06:01	9082368              c:\windows\Installer\11c9450c.msp
+ 2012-07-04 05:58 . 2012-07-04 05:58	6163456              c:\windows\Installer\11c944eb.msp
+ 2011-12-04 11:24 . 2012-08-17 07:01	1479520              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-12-04 11:24 . 2012-07-12 01:04	1479520              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-12-04 11:24 . 2012-08-17 07:01	1858400              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-12-04 11:24 . 2012-07-12 01:04	1858400              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-12-04 11:24 . 2012-08-17 07:01	3792736              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2011-12-04 11:24 . 2012-07-12 01:04	3792736              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-12-04 11:24 . 2012-08-17 07:01	1449312              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2011-12-04 11:24 . 2012-07-12 01:04	1449312              c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2012-07-25 22:29 . 2012-07-25 22:29	1693048              c:\windows\Installer\{3AC8457C-0385-4BEA-A959-E095F05D6D67}\BFBC2Updater.exe
- 2012-02-23 20:15 . 2012-02-23 20:15	2846720              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-27 18:21 . 2012-07-27 18:21	2846720              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-07-27 18:21 . 2012-07-27 18:21	2676224              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2012-02-23 20:15 . 2012-02-23 20:15	2676224              c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2012-09-03 18:51 . 2012-08-03 02:46	59884088              c:\windows\SysWOW64\MRT.exe
+ 2009-07-14 02:34 . 2012-09-01 01:01	10747904              c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-07-12 01:21	10747904              c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-09-04 09:51 . 2012-09-04 09:51	12812488              c:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll
+ 2012-07-26 02:45 . 2012-07-26 02:45	17379840              c:\windows\Installer\2b980f7.msi
+ 2012-07-18 13:53 . 2012-07-18 13:53	10937344              c:\windows\Installer\11c944ca.msp
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-28 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 135664]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-08-03 107432]
R3 ALSysIO;ALSysIO;c:\users\***~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 135664]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\E6AF.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-25 114144]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-25 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 sptd;sptd;c:\windows\\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - c4654bb66a72af8
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 16:47]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 16:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2010-03-20 96768]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.faz.net/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 192.168.0.1
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vpngate.uni-koeln.de/CACHE/stc/3/binaries/vpnweb.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\71bm362o.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{213c8ed6-1d78-4d8f-8729-25006aa86a76} - (no file)
WebBrowser-{213C8ED6-1D78-4D8F-8729-25006AA86A76} - (no file)
ShellIconOverlayIdentifiers-{594D4122-1F87-41E2-96C7-825FB4796516} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\E6AF.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\c4654bb66a72af8]
"ImagePath"="\SystemRoot\System32\Drivers\c4654bb66a72af8.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*VÝw]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*VÝw\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*uF*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*uF*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AE82A8B-9492-57EB-6383-AD09A3B48B9D}*]
"haefdjmlebbnceaj"=hex:6b,61,6e,63,65,64,68,69,68,61,65,65,62,62,6c,62,64,6b,
   63,6e,69,6b,00,77
"iakdbiejnbblgknbfh"=hex:6b,61,6e,63,65,64,68,69,68,61,65,65,62,62,6c,62,64,6b,
   63,6e,69,6b,00,77
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\NlsSrv32.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-05  01:34:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-04 23:34
ComboFix2.txt  2012-07-24 21:36
.
Vor Suchlauf: 19 Verzeichnis(se), 29.449.023.488 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 29.508.870.144 Bytes frei
.
- - End Of File - - F136190A241B4B1A1067DF5211FDFBE7

Viele Grüße

Larusso · 05.09.2012, 10:32

Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:

BleepingComputer.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die

+ R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

ATTFilter

File::
C:\windows\System32\Drivers\c4654bb66a72af8.sys
Driver::
c4654bb66a72af8

Speichere dies als CFScript.txt auf deinem Desktop.
Wichtig:

Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern. Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher, dass ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Downloade dir bitte ServiceRepair.exe auf deinem Desktop.
Doppelklick auf die Datei und bestätige die ersten Nachricht mit Yes.
Das Tool wird einen Neustart verlangen, dies bitte zulassen.

Downloade dir bitte Farbar's Service Scanner

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

[*] Klicke auf Scan.[*] Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.[/list]Poste bitte den Inhalt hier.

akakesios · 05.09.2012, 11:24

Danke Daniel!

Hier die Logfiles:

Combo Fix:

Code:

ATTFilter

ComboFix 12-09-04.03 - *** 05.09.2012  11:43:45.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4092.2849 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\System32\Drivers\c4654bb66a72af8.sys"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_C4654BB66A72AF8
-------\Service_c4654bb66a72af8
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-05 bis 2012-09-05  ))))))))))))))))))))))))))))))
.
.
2012-09-05 09:54 . 2012-09-05 09:54	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-09-05 09:54 . 2012-09-05 09:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-05 09:37 . 2012-09-05 09:37	--------	d-----w-	c:\users\***\AppData\Roaming\HPAppData
2012-09-04 09:52 . 2012-09-04 09:52	--------	d-----w-	c:\users\***\AppData\Local\Macromedia
2012-09-04 09:47 . 2012-09-04 09:47	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-09-03 18:38 . 2012-09-03 18:38	--------	d-----w-	C:\AULOGS
2012-09-03 14:10 . 2012-09-03 14:10	--------	d-----w-	c:\program files (x86)\Conduit
2012-09-03 14:10 . 2012-09-03 14:24	--------	d-----w-	c:\users\***\AppData\Local\Conduit
2012-09-03 13:49 . 2012-09-03 13:49	--------	d-----w-	c:\users\***\AppData\Roaming\Softland
2012-09-03 13:49 . 2010-02-05 13:00	1700352	----a-w-	c:\windows\system32\GdiPlus.dll
2012-09-03 13:21 . 2012-09-03 13:21	--------	d-----w-	c:\users\***\AppData\Roaming\Nitro PDF
2012-09-03 13:20 . 2011-02-28 22:37	95008	----a-w-	c:\windows\system32\Primomonnt.dll
2012-09-03 13:20 . 2012-09-03 14:01	--------	d-----w-	c:\users\***\AppData\Roaming\OpenCandy
2012-09-03 10:43 . 2012-08-03 19:38	107432	----a-r-	c:\windows\system32\drivers\acsock64.sys
2012-08-30 09:04 . 2012-08-30 09:04	--------	d-----w-	c:\users\***\AppData\Roaming\Engelmann Media
2012-08-30 09:01 . 2012-08-30 09:01	--------	d-----w-	c:\program files (x86)\Common Files\HDX4
2012-08-22 11:46 . 2012-08-22 11:47	--------	d-----w-	c:\users\***\Calibre Bibliothek
2012-08-16 19:38 . 2012-07-18 18:15	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-08-16 19:38 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-04 09:51 . 2012-04-06 12:13	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-04 09:51 . 2011-09-25 01:19	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 08:26 . 2012-08-31 07:29	9310152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{909E8FCB-C623-4048-9A8D-7F8DEC109C74}\mpengine.dll
2012-08-17 06:56 . 2010-05-02 14:30	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-08-03 11:53 . 2012-08-03 11:53	145912	----a-w-	c:\windows\SysWow64\vpnweb.ocx
2012-07-24 23:49 . 2012-07-24 23:49	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2012-07-05 20:06 . 2012-07-26 02:46	772544	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2010-04-17 16:43	687544	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:46 . 2012-03-20 15:24	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-28 20:37 . 2012-06-28 20:37	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
2012-06-09 05:43 . 2012-07-11 19:05	14172672	----a-w-	c:\windows\system32\shell32.dll
2011-07-03 06:23	59837	--sh--w-	c:\windows\dtmn.exe
.
.
(((((((((((((((((((((((((((((   SnapShot_2012-09-04_23.26.42   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-10-01 16:53 . 2012-09-04 23:28	75612              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-10-01 16:53 . 2012-09-05 07:42	75612              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-05 10:01	72658              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-13 14:09 . 2012-09-05 10:01	21056              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2814579153-1674331957-496315902-1001_UserData.bin
+ 2009-07-14 00:39 . 2009-07-14 00:39	23040              c:\windows\system32\drivers\WSDPrint.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10	21504              c:\windows\system32\drivers\ws2ifsl.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45	16464              c:\windows\system32\drivers\wmilib.sys
+ 2009-07-13 23:31 . 2009-07-13 23:31	14336              c:\windows\system32\drivers\wmiacpi.sys
+ 2011-06-09 09:30 . 2010-11-20 10:43	41984              c:\windows\system32\drivers\winusb.sys
+ 2009-07-13 23:29 . 2009-07-14 01:45	22096              c:\windows\system32\drivers\wimmount.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09	12800              c:\windows\system32\drivers\wfplwf.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45	42064              c:\windows\system32\drivers\WdfLdr.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45	21056              c:\windows\system32\drivers\wd.sys
+ 2009-07-13 23:37 . 2009-07-13 23:37	42496              c:\windows\system32\drivers\watchdog.sys
+ 2011-06-09 09:30 . 2010-11-20 10:52	88576              c:\windows\system32\drivers\wanarp.sys
+ 2009-07-14 00:02 . 2009-07-14 00:02	27776              c:\windows\system32\drivers\wacompen.sys
+ 2009-07-14 00:07 . 2009-07-14 00:07	17920              c:\windows\system32\drivers\vwifimp.sys
+ 2009-07-14 00:07 . 2009-07-14 00:07	59904              c:\windows\system32\drivers\vwififlt.sys
+ 2009-07-14 00:07 . 2009-07-14 00:07	24576              c:\windows\system32\drivers\vwifibus.sys
+ 2011-05-18 18:12 . 2011-05-18 18:12	22264              c:\windows\system32\drivers\vpnva64.sys
+ 2011-06-09 09:31 . 2010-11-20 13:34	71552              c:\windows\system32\drivers\volmgr.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45	17488              c:\windows\system32\drivers\viaide.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38	29184              c:\windows\system32\drivers\vgapnp.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38	29184              c:\windows\system32\drivers\vga.sys
+ 2009-07-14 00:01 . 2009-07-14 01:45	36432              c:\windows\system32\drivers\vdrvroot.sys
+ 2011-08-05 21:15 . 2008-06-17 07:22	40464              c:\windows\system32\drivers\vcd10bus.sys
+ 2011-05-10 17:54 . 2011-03-25 03:29	30720              c:\windows\system32\drivers\usbuhci.sys
+ 2011-04-26 19:46 . 2011-03-11 04:37	91648              c:\windows\system32\drivers\USBSTOR.SYS
+ 2009-07-14 00:35 . 2009-07-14 00:35	41984              c:\windows\system32\drivers\usbscan.sys
+ 2011-06-09 09:30 . 2010-11-20 11:37	31744              c:\windows\system32\drivers\usbrpm.sys
+ 2009-07-14 00:38 . 2009-07-14 00:38	25088              c:\windows\system32\drivers\usbprint.sys
+ 2011-05-10 17:54 . 2011-03-25 03:29	25600              c:\windows\system32\drivers\usbohci.sys
+ 2009-11-23 23:21 . 2009-03-09 05:49	36408              c:\windows\system32\drivers\usbfilter.sys
+ 2011-05-10 17:54 . 2011-03-25 03:29	52736              c:\windows\system32\drivers\usbehci.sys
+ 2011-05-10 17:54 . 2011-03-25 03:29	98816              c:\windows\system32\drivers\usbccgp.sys
+ 2011-06-09 09:30 . 2010-11-20 10:44	32896              c:\windows\system32\drivers\USBCAMD2.sys
+ 2011-05-10 06:06 . 2011-05-10 06:06	51712              c:\windows\system32\drivers\usbaapl64.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09	19968              c:\windows\system32\drivers\usb8023x.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09	19968              c:\windows\system32\drivers\usb8023.sys
+ 2011-06-09 09:30 . 2010-11-20 10:44	48640              c:\windows\system32\drivers\umbus.sys
+ 2009-07-13 23:38 . 2009-07-14 01:45	64592              c:\windows\system32\drivers\ULIAGPKX.SYS
+ 2009-07-13 23:38 . 2009-07-14 01:45	64080              c:\windows\system32\drivers\UAGP35.SYS
+ 2011-06-09 09:32 . 2010-11-20 11:07	59392              c:\windows\system32\drivers\TsUsbFlt.sys
+ 2011-06-09 09:30 . 2010-11-20 11:04	39424              c:\windows\system32\drivers\tssecsrv.sys
+ 2011-06-09 09:31 . 2010-11-20 13:33	63360              c:\windows\system32\drivers\termdd.sys
+ 2012-03-14 12:38 . 2012-02-17 04:57	23552              c:\windows\system32\drivers\tdtcp.sys
+ 2009-07-14 00:16 . 2009-07-14 00:16	15872              c:\windows\system32\drivers\tdpipe.sys
+ 2011-06-09 09:30 . 2010-11-20 09:22	26624              c:\windows\system32\drivers\tdi.sys
+ 2011-06-09 09:30 . 2010-11-20 10:51	45056              c:\windows\system32\drivers\tcpipreg.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01	29184              c:\windows\system32\drivers\tape.sys
+ 2011-01-28 04:31 . 2010-02-25 15:51	29696              c:\windows\system32\drivers\tap0901.sys
+ 2009-07-14 00:00 . 2009-07-14 01:45	12496              c:\windows\system32\drivers\swenum.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06	68864              c:\windows\system32\drivers\stream.sys
+ 2009-07-13 21:59 . 2009-07-14 01:45	24656              c:\windows\system32\drivers\stexstor.sys
+ 2009-07-13 20:27 . 2009-07-14 01:45	19008              c:\windows\system32\drivers\spldr.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00	20992              c:\windows\system32\drivers\smclib.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09	93184              c:\windows\system32\drivers\smb.sys
+ 2009-07-13 21:59 . 2009-07-14 01:45	80464              c:\windows\system32\drivers\sisraid4.sys
+ 2009-06-10 20:37 . 2009-07-14 01:45	43584              c:\windows\system32\drivers\sisraid2.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01	16896              c:\windows\system32\drivers\sfloppy.sys
+ 2011-06-09 09:30 . 2010-11-20 10:34	14336              c:\windows\system32\drivers\sffp_sd.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01	13824              c:\windows\system32\drivers\sffp_mmc.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01	14336              c:\windows\system32\drivers\sffdisk.sys
+ 2009-07-14 00:35 . 2009-07-14 00:35	12288              c:\windows\system32\drivers\serscan.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00	26624              c:\windows\system32\drivers\sermouse.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00	94208              c:\windows\system32\drivers\serial.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00	23552              c:\windows\system32\drivers\serenum.sys
+ 2009-07-14 02:36 . 2009-06-10 20:37	23040              c:\windows\system32\drivers\secdrv.sys
+ 2011-06-09 09:30 . 2010-11-20 10:09	29696              c:\windows\system32\drivers\scfilter.sys
+ 2011-04-04 14:34 . 2008-05-16 09:33	15912              c:\windows\system32\drivers\s0016whnt.sys
+ 2011-04-04 14:34 . 2008-05-16 09:33	15912              c:\windows\system32\drivers\s0016wh.sys
+ 2011-04-04 14:34 . 2008-05-16 09:33	34344              c:\windows\system32\drivers\s0016nd5.sys
+ 2011-04-04 14:34 . 2008-05-16 09:33	19496              c:\windows\system32\drivers\s0016mdfl.sys
+ 2011-04-04 14:34 . 2008-05-16 09:33	13864              c:\windows\system32\drivers\s0016cr.sys
+ 2011-04-04 14:34 . 2008-05-16 09:32	14888              c:\windows\system32\drivers\s0016cmnt.sys
+ 2011-04-04 14:34 . 2008-05-16 09:32	14888              c:\windows\system32\drivers\s0016cm.sys
+ 2009-07-14 00:08 . 2009-07-14 00:08	76800              c:\windows\system32\drivers\rspndr.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10	11264              c:\windows\system32\drivers\rootmdm.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09	41472              c:\windows\system32\drivers\rndismpx.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09	41472              c:\windows\system32\drivers\RNDISMP.sys
+ 2007-02-16 00:56 . 2007-02-16 00:56	14032              c:\windows\system32\drivers\RegKill.sys
+ 2009-07-14 00:17 . 2009-07-14 00:17	24064              c:\windows\system32\drivers\rdpbus.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10	83968              c:\windows\system32\drivers\rassstp.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10	92672              c:\windows\system32\drivers\raspppoe.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10	14848              c:\windows\system32\drivers\rasacd.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09	46592              c:\windows\system32\drivers\qwavedrv.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19	60416              c:\windows\system32\drivers\processr.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45	50768              c:\windows\system32\drivers\pcw.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45	48720              c:\windows\system32\drivers\pciidex.sys
+ 2009-07-13 23:19 . 2009-07-14 01:45	12352              c:\windows\system32\drivers\pciide.sys
+ 2012-05-09 11:19 . 2012-03-17 07:58	75120              c:\windows\system32\drivers\partmgr.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00	97280              c:\windows\system32\drivers\parport.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06	72832              c:\windows\system32\drivers\ohci1394.sys
+ 2009-07-13 23:21 . 2009-07-13 23:21	24576              c:\windows\system32\drivers\nsiproxy.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19	44032              c:\windows\system32\drivers\npfs.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48	51264              c:\windows\system32\drivers\nfrd960.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09	44544              c:\windows\system32\drivers\netbios.sys
+ 2011-06-09 09:30 . 2010-11-20 10:52	57856              c:\windows\system32\drivers\ndproxy.sys
+ 2011-06-09 09:30 . 2010-11-20 10:50	56832              c:\windows\system32\drivers\ndisuio.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10	24064              c:\windows\system32\drivers\ndistapi.sys
+ 2009-07-14 00:08 . 2009-07-14 00:08	35328              c:\windows\system32\drivers\ndiscap.sys
+ 2012-03-05 17:44 . 2011-12-01 10:42	15920              c:\windows\system32\drivers\NBVolUp.sys
+ 2012-03-05 17:44 . 2011-12-01 10:42	72240              c:\windows\system32\drivers\NBVol.sys
+ 2009-07-13 23:23 . 2009-07-14 01:48	60496              c:\windows\system32\drivers\mup.sys
+ 2009-07-14 00:02 . 2009-07-14 00:02	15360              c:\windows\system32\drivers\MTConfig.sys
+ 2009-07-13 23:31 . 2009-07-14 01:48	32320              c:\windows\system32\drivers\mssmbios.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00	11136              c:\windows\system32\drivers\mskssrv.sys
+ 2009-07-13 23:19 . 2009-07-14 01:48	15424              c:\windows\system32\drivers\msisadrv.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19	26112              c:\windows\system32\drivers\msfs.sys
+ 2011-06-09 09:31 . 2010-11-20 13:33	31104              c:\windows\system32\drivers\msahci.sys
+ 2009-07-14 00:08 . 2009-07-14 00:08	77312              c:\windows\system32\drivers\mpsdrv.sys
+ 2011-06-09 09:30 . 2010-11-20 13:33	94592              c:\windows\system32\drivers\mountmgr.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00	31232              c:\windows\system32\drivers\mouhid.sys
+ 2009-07-13 23:19 . 2009-07-14 01:48	49216              c:\windows\system32\drivers\mouclass.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38	30208              c:\windows\system32\drivers\monitor.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10	40448              c:\windows\system32\drivers\modem.sys
+ 2009-06-10 20:37 . 2009-07-14 01:48	35392              c:\windows\system32\drivers\megasas.sys
+ 2009-07-14 00:01 . 2009-07-14 00:01	22016              c:\windows\system32\drivers\mcd.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48	65600              c:\windows\system32\drivers\lsi_sas2.sys
+ 2009-07-14 00:08 . 2009-07-14 00:08	60928              c:\windows\system32\drivers\lltdio.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00	20992              c:\windows\system32\drivers\ksthunk.sys
+ 2012-07-11 19:04 . 2012-06-02 05:48	95600              c:\windows\system32\drivers\ksecdd.sys
+ 2011-06-09 09:30 . 2010-11-20 10:33	33280              c:\windows\system32\drivers\kbdhid.sys
+ 2009-07-13 23:19 . 2009-07-14 01:48	50768              c:\windows\system32\drivers\kbdclass.sys
+ 2009-07-13 23:31 . 2009-07-14 01:48	20544              c:\windows\system32\drivers\isapnp.sys
+ 2009-07-14 00:08 . 2009-07-14 00:08	17920              c:\windows\system32\drivers\irenum.sys
+ 2011-06-09 09:30 . 2010-11-20 10:04	78848              c:\windows\system32\drivers\IPMIDrv.sys
+ 2011-06-09 09:31 . 2010-11-20 10:52	82944              c:\windows\system32\drivers\ipfltdrv.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19	62464              c:\windows\system32\drivers\intelppm.sys
+ 2009-07-13 23:19 . 2009-07-14 01:48	16960              c:\windows\system32\drivers\intelide.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48	44112              c:\windows\system32\drivers\iirsp.sys
+ 2011-06-09 09:30 . 2010-11-20 13:33	14720              c:\windows\system32\drivers\hwpolicy.sys
+ 2010-06-25 14:08 . 2010-06-25 14:08	36928              c:\windows\system32\drivers\htcnprot.sys
+ 2011-06-09 09:31 . 2010-11-20 13:33	78720              c:\windows\system32\drivers\HpSAMD.sys
+ 2009-10-01 17:20 . 2009-04-29 06:48	18432              c:\windows\system32\drivers\HpqKbFiltr.sys
+ 2009-07-08 12:49 . 2009-07-08 12:49	30008              c:\windows\system32\drivers\hpdskflt.sys
+ 2011-06-09 09:30 . 2010-11-20 10:43	30208              c:\windows\system32\drivers\hidusb.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06	32896              c:\windows\system32\drivers\hidparse.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06	46592              c:\windows\system32\drivers\hidir.sys
+ 2011-06-09 09:30 . 2010-11-20 10:43	76800              c:\windows\system32\drivers\hidclass.sys
+ 2009-07-13 23:31 . 2009-07-13 23:31	26624              c:\windows\system32\drivers\hidbatt.sys
+ 2011-08-05 21:18 . 2009-07-09 09:24	24088              c:\windows\system32\drivers\HH10Help.sys
+ 2009-07-13 22:53 . 2009-06-10 20:31	31232              c:\windows\system32\drivers\hcw85cir.sys
+ 2009-07-13 23:38 . 2009-07-14 01:47	65088              c:\windows\system32\drivers\GAGP30KX.SYS
+ 2009-07-13 23:26 . 2009-07-14 01:47	55376              c:\windows\system32\drivers\fsdepends.sys
+ 2012-04-11 07:13 . 2012-03-01 06:46	23408              c:\windows\system32\drivers\fs_rec.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00	24576              c:\windows\system32\drivers\flpydisk.sys
+ 2009-07-13 23:25 . 2009-07-13 23:25	34304              c:\windows\system32\drivers\filetrace.sys
+ 2009-07-13 23:34 . 2009-07-14 01:47	70224              c:\windows\system32\drivers\fileinfo.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00	29696              c:\windows\system32\drivers\fdc.sys
+ 2009-06-29 18:17 . 2009-06-29 18:17	70656              c:\windows\system32\drivers\enecir.sys
+ 2010-12-16 22:58 . 2010-12-16 22:58	40816              c:\windows\system32\drivers\ElbyCDIO.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38	98816              c:\windows\system32\drivers\dxg.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38	16896              c:\windows\system32\drivers\dxapi.sys
+ 2009-07-13 23:21 . 2009-07-14 01:43	55128              c:\windows\system32\drivers\dumpfve.sys
+ 2009-07-13 23:19 . 2009-07-14 01:47	28736              c:\windows\system32\drivers\Dumpata.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00	43008              c:\windows\system32\drivers\Dot4usb.sys
+ 2011-06-09 09:30 . 2010-11-20 10:32	19968              c:\windows\system32\drivers\Dot4Prt.sys
+ 2011-05-25 11:15 . 2011-04-22 22:15	27520              c:\windows\system32\drivers\Diskdump.sys
+ 2009-07-13 23:19 . 2009-07-14 01:47	73280              c:\windows\system32\drivers\disk.sys
+ 2009-07-13 23:37 . 2009-07-13 23:37	40448              c:\windows\system32\drivers\discache.sys
+ 2009-07-14 00:01 . 2009-07-14 01:47	24144              c:\windows\system32\drivers\crcdisk.sys
+ 2009-07-14 00:01 . 2009-07-14 01:47	39504              c:\windows\system32\drivers\crashdmp.sys
+ 2011-06-09 09:30 . 2010-11-20 10:33	38912              c:\windows\system32\drivers\CompositeBus.sys
+ 2009-07-13 23:31 . 2009-07-14 01:52	21584              c:\windows\system32\drivers\compbatt.sys
+ 2009-07-13 23:19 . 2009-07-14 01:52	17488              c:\windows\system32\drivers\cmdide.sys
+ 2009-07-13 23:31 . 2009-07-13 23:31	17664              c:\windows\system32\drivers\CmBatt.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06	45568              c:\windows\system32\drivers\circlass.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19	92160              c:\windows\system32\drivers\cdfs.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06	72192              c:\windows\system32\drivers\bthmodem.sys
+ 2009-07-14 01:20 . 2009-06-10 20:41	14720              c:\windows\system32\drivers\BrUsbSer.sys
+ 2009-07-14 01:20 . 2009-06-10 20:41	14976              c:\windows\system32\drivers\BrUsbMdm.sys
+ 2009-07-14 01:20 . 2009-06-10 20:41	47104              c:\windows\system32\drivers\BrSerWdm.sys
+ 2009-07-14 01:05 . 2009-07-14 01:01	95232              c:\windows\system32\drivers\bridge.sys
+ 2009-07-14 01:19 . 2009-06-10 20:41	18432              c:\windows\system32\drivers\BrFiltLo.sys
+ 2011-04-15 18:58 . 2011-02-23 04:55	90624              c:\windows\system32\drivers\bowser.sys
+ 2009-07-13 23:35 . 2009-07-13 23:35	45056              c:\windows\system32\drivers\blbdrive.sys
+ 2009-07-13 23:31 . 2009-07-14 01:52	28240              c:\windows\system32\drivers\battc.sys
+ 2009-05-05 05:30 . 2009-05-05 05:30	16440              c:\windows\system32\drivers\AtiPcie.sys
+ 2009-07-13 23:19 . 2009-07-14 01:52	24128              c:\windows\system32\drivers\atapi.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10	23040              c:\windows\system32\drivers\asyncmac.sys
+ 2009-07-13 21:59 . 2009-07-14 01:52	97856              c:\windows\system32\drivers\arcsas.sys
+ 2009-07-13 21:59 . 2009-07-14 01:52	87632              c:\windows\system32\drivers\arc.sys
+ 2011-06-09 09:30 . 2010-11-20 10:14	61440              c:\windows\system32\drivers\appid.sys
+ 2009-11-01 17:16 . 2009-11-01 17:16	33736              c:\windows\system32\drivers\ANDROIDUSB.sys
+ 2011-04-26 19:46 . 2011-03-11 06:41	27008              c:\windows\system32\drivers\amdxata.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19	60928              c:\windows\system32\drivers\amdppm.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19	64512              c:\windows\system32\drivers\amdk8.sys
+ 2009-07-13 23:19 . 2009-07-14 01:52	15440              c:\windows\system32\drivers\amdide.sys
+ 2009-07-13 23:19 . 2009-07-14 01:52	15440              c:\windows\system32\drivers\aliide.sys
+ 2009-07-13 23:38 . 2009-07-14 01:52	61008              c:\windows\system32\drivers\AGP440.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10	60416              c:\windows\system32\drivers\agilevpn.sys
+ 2011-06-09 09:30 . 2010-11-20 09:30	12800              c:\windows\system32\drivers\acpipmi.sys
+ 2009-07-08 12:48 . 2009-07-08 12:48	41272              c:\windows\system32\drivers\Accelerometer.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06	68096              c:\windows\system32\drivers\1394bus.sys
+ 2010-04-13 14:13 . 2012-09-05 10:01	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-13 14:13 . 2012-09-03 18:44	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-13 14:13 . 2012-09-05 10:01	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-13 14:13 . 2012-09-03 18:44	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-13 14:13 . 2012-09-05 10:01	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-13 14:13 . 2012-09-03 18:44	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-13 14:11 . 2012-09-04 23:29	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-13 14:11 . 2012-09-05 10:01	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-13 14:11 . 2012-09-05 10:01	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-04-13 14:11 . 2012-09-04 23:29	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-10 17:54 . 2011-03-25 03:28	7936              c:\windows\system32\drivers\usbd.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06	9728              c:\windows\system32\drivers\umpass.sys
+ 2009-07-14 00:16 . 2009-07-14 00:16	8192              c:\windows\system32\drivers\RDPREFMP.sys
+ 2009-07-14 00:16 . 2009-07-14 00:16	7680              c:\windows\system32\drivers\RDPENCDD.sys
+ 2009-07-14 00:16 . 2009-07-14 00:16	7680              c:\windows\system32\drivers\RDPCDD.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19	6144              c:\windows\system32\drivers\null.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00	8064              c:\windows\system32\drivers\mstee.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00	6784              c:\windows\system32\drivers\mspqm.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00	7168              c:\windows\system32\drivers\mspclock.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06	8192              c:\windows\system32\drivers\mshidkmdf.sys
+ 2009-07-13 23:31 . 2009-07-13 23:31	9728              c:\windows\system32\drivers\errdev.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06	5632              c:\windows\system32\drivers\drmkaud.sys
+ 2009-07-14 01:20 . 2009-06-10 20:41	8704              c:\windows\system32\drivers\BrFiltUp.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00	6656              c:\windows\system32\drivers\beep.sys
- 2012-09-04 23:26 . 2012-09-04 23:26	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-05 09:59 . 2012-09-05 09:59	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-04 23:26 . 2012-09-04 23:26	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-05 09:59 . 2012-09-05 09:59	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-15 18:59 . 2011-02-05 17:06	605552              c:\windows\system32\winload.exe
+ 2009-06-10 20:35 . 2009-06-10 20:35	389120              c:\windows\system32\drivers\yk62x64.sys
+ 2011-06-09 09:30 . 2010-11-20 10:43	172544              c:\windows\system32\drivers\WUDFRd.sys
+ 2011-06-09 09:30 . 2010-11-20 10:42	112128              c:\windows\system32\drivers\WUDFPf.sys
+ 2009-07-13 23:22 . 2009-07-14 01:45	654928              c:\windows\system32\drivers\Wdf01000.sys
+ 2009-07-13 22:04 . 2009-06-10 21:01	740864              c:\windows\system32\drivers\VSTCNXT6.SYS
+ 2009-07-13 22:04 . 2009-06-10 21:01	292864              c:\windows\system32\drivers\VSTAZL6.SYS
+ 2009-06-10 20:37 . 2009-07-14 01:45	161872              c:\windows\system32\drivers\vsmraid.sys
+ 2011-06-09 09:31 . 2010-11-20 13:34	295808              c:\windows\system32\drivers\volsnap.sys
+ 2011-06-09 09:30 . 2010-11-20 13:34	363392              c:\windows\system32\drivers\volmgrx.sys
+ 2009-07-13 23:38 . 2009-07-13 23:38	129024              c:\windows\system32\drivers\videoprt.sys
+ 2011-06-09 09:31 . 2010-11-20 13:34	215936              c:\windows\system32\drivers\vhdmp.sys
+ 2011-08-05 21:18 . 2011-04-19 06:53	223256              c:\windows\system32\drivers\vdrv1000.sys
+ 2011-06-09 09:30 . 2010-11-20 10:44	184960              c:\windows\system32\drivers\usbvideo.sys
+ 2011-05-10 17:54 . 2011-03-25 03:29	325120              c:\windows\system32\drivers\usbport.sys
+ 2011-05-10 17:54 . 2011-03-25 03:29	343040              c:\windows\system32\drivers\usbhub.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06	100352              c:\windows\system32\drivers\usbcir.sys
+ 2011-06-09 09:30 . 2010-11-20 10:43	109696              c:\windows\system32\drivers\USBAUDIO.sys
+ 2011-06-09 09:31 . 2010-11-20 09:26	328192              c:\windows\system32\drivers\udfs.sys
+ 2011-06-09 09:30 . 2010-11-20 10:51	125440              c:\windows\system32\drivers\tunnel.sys
+ 2011-11-27 19:57 . 2011-11-27 19:57	230864              c:\windows\system32\drivers\truecrypt.sys
+ 2011-06-09 09:31 . 2010-11-20 09:21	119296              c:\windows\system32\drivers\tdx.sys
+ 2009-07-14 23:16 . 2009-07-14 23:16	273456              c:\windows\system32\drivers\SynTP.sys
+ 2009-11-23 23:23 . 2009-07-22 01:33	487936              c:\windows\system32\drivers\stwrt64.sys
+ 2011-04-26 19:46 . 2011-03-11 06:41	189824              c:\windows\system32\drivers\storport.sys
+ 2011-06-16 11:57 . 2011-04-29 03:05	168448              c:\windows\system32\drivers\srvnet.sys
+ 2011-06-16 11:57 . 2011-04-29 03:05	410112              c:\windows\system32\drivers\srv2.sys
+ 2011-06-16 11:57 . 2011-04-29 03:06	467456              c:\windows\system32\drivers\srv.sys
+ 2010-04-20 17:43 . 2012-04-26 23:37	834544              c:\windows\system32\drivers\sptd.sys
+ 2009-06-10 20:48 . 2009-06-10 20:48	426496              c:\windows\system32\drivers\spsys.sys
+ 2011-06-09 09:30 . 2010-11-20 09:37	109056              c:\windows\system32\drivers\sdbus.sys
+ 2011-06-09 09:30 . 2010-11-20 13:33	171392              c:\windows\system32\drivers\scsiport.sys
+ 2011-06-09 09:31 . 2010-11-20 13:33	103808              c:\windows\system32\drivers\sbp2port.sys
+ 2011-04-04 14:34 . 2008-05-16 09:33	151592              c:\windows\system32\drivers\s0016unic.sys
+ 2011-04-04 14:34 . 2008-05-16 09:33	136744              c:\windows\system32\drivers\s0016obex.sys
+ 2011-04-04 14:34 . 2008-05-16 09:33	137256              c:\windows\system32\drivers\s0016mgmt.sys
+ 2011-04-04 14:34 . 2008-05-16 09:33	158760              c:\windows\system32\drivers\s0016mdm.sys
+ 2011-04-04 14:34 . 2008-05-16 09:32	115240              c:\windows\system32\drivers\s0016bus.sys
+ 2009-11-23 23:22 . 2009-05-23 06:52	215040              c:\windows\system32\drivers\Rt64win7.sys
+ 2011-06-09 09:30 . 2010-11-20 10:49	146432              c:\windows\system32\drivers\rmcast.sys
+ 2011-06-09 09:30 . 2010-11-20 13:33	213888              c:\windows\system32\drivers\rdyboost.sys
+ 2012-06-14 08:56 . 2012-04-28 03:55	210944              c:\windows\system32\drivers\rdpwd.sys
+ 2011-06-09 09:31 . 2010-11-20 09:27	309248              c:\windows\system32\drivers\rdbss.sys
+ 2011-06-09 09:31 . 2010-11-20 10:52	111104              c:\windows\system32\drivers\raspptp.sys
+ 2011-06-09 09:31 . 2010-11-20 10:52	129536              c:\windows\system32\drivers\rasl2tp.sys
+ 2009-07-13 21:59 . 2009-07-14 01:45	128592              c:\windows\system32\drivers\ql40xx.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06	230400              c:\windows\system32\drivers\portcls.sys
+ 2009-07-13 23:51 . 2009-07-14 01:01	651264              c:\windows\system32\drivers\PEAuth.sys
+ 2009-07-13 23:31 . 2009-07-14 01:45	220752              c:\windows\system32\drivers\pcmcia.sys
+ 2011-06-09 09:31 . 2010-11-20 13:33	184704              c:\windows\system32\drivers\pci.sys
+ 2011-06-09 09:30 . 2010-11-20 10:52	131584              c:\windows\system32\drivers\pacer.sys
+ 2009-07-14 00:07 . 2009-07-14 00:07	318976              c:\windows\system32\drivers\nwifi.sys
+ 2011-04-26 19:46 . 2011-03-11 06:41	166272              c:\windows\system32\drivers\nvstor.sys
+ 2011-04-26 19:46 . 2011-03-11 06:41	148352              c:\windows\system32\drivers\nvraid.sys
+ 2009-07-13 23:38 . 2009-07-14 01:48	122960              c:\windows\system32\drivers\NV_AGP.SYS
+ 2011-06-09 09:31 . 2010-11-20 13:33	376192              c:\windows\system32\drivers\netio.sys
+ 2011-06-09 09:31 . 2010-11-20 09:23	261632              c:\windows\system32\drivers\netbt.sys
+ 2011-06-09 09:31 . 2010-11-20 10:52	164352              c:\windows\system32\drivers\ndiswan.sys
+ 2011-06-09 09:31 . 2010-11-20 13:33	951680              c:\windows\system32\drivers\ndis.sys
+ 2011-06-09 09:31 . 2010-11-20 13:33	366976              c:\windows\system32\drivers\msrpc.sys
+ 2011-06-09 09:32 . 2010-11-20 13:33	273792              c:\windows\system32\drivers\msiscsi.sys
+ 2011-06-09 09:31 . 2010-11-20 13:33	140672              c:\windows\system32\drivers\msdsm.sys
+ 2011-06-16 11:58 . 2011-04-27 02:39	128000              c:\windows\system32\drivers\mrxsmb20.sys
+ 2011-08-10 11:35 . 2011-07-09 02:46	288768              c:\windows\system32\drivers\mrxsmb10.sys
+ 2011-06-16 11:58 . 2011-04-27 02:40	158208              c:\windows\system32\drivers\mrxsmb.sys
+ 2011-06-09 09:31 . 2010-11-20 09:26	140800              c:\windows\system32\drivers\mrxdav.sys
+ 2011-06-09 09:30 . 2010-11-20 13:33	155008              c:\windows\system32\drivers\mpio.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48	284736              c:\windows\system32\drivers\MegaSR.sys
+ 2009-07-13 23:26 . 2009-07-13 23:26	113152              c:\windows\system32\drivers\luafv.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48	115776              c:\windows\system32\drivers\lsi_scsi.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48	106560              c:\windows\system32\drivers\lsi_sas.sys
+ 2009-07-13 21:59 . 2009-07-14 01:48	114752              c:\windows\system32\drivers\lsi_fc.sys
+ 2012-07-11 19:04 . 2012-06-02 05:48	151920              c:\windows\system32\drivers\ksecpkg.sys
+ 2011-06-09 09:31 . 2010-11-20 10:33	243712              c:\windows\system32\drivers\ks.sys
+ 2009-07-21 03:39 . 2009-07-21 03:39	140712              c:\windows\system32\drivers\jmcr.sys
+ 2009-07-14 00:09 . 2009-07-14 00:09	120320              c:\windows\system32\drivers\irda.sys
+ 2009-07-14 00:10 . 2009-07-14 00:10	116224              c:\windows\system32\drivers\ipnat.sys
+ 2011-04-26 19:46 . 2011-03-11 06:41	410496              c:\windows\system32\drivers\iaStorV.sys
+ 2009-07-13 23:19 . 2009-07-13 23:19	105472              c:\windows\system32\drivers\i8042prt.sys
+ 2011-06-09 09:31 . 2010-11-20 09:25	753664              c:\windows\system32\drivers\http.sys
+ 2009-07-14 00:06 . 2009-07-14 00:06	100864              c:\windows\system32\drivers\hidbth.sys
+ 2011-06-09 09:30 . 2010-11-20 10:44	350208              c:\windows\system32\drivers\HdAudio.sys
+ 2011-06-09 09:30 . 2010-11-20 10:43	122368              c:\windows\system32\drivers\hdaudbus.sys
+ 2011-06-16 11:58 . 2010-11-20 13:33	288640              c:\windows\system32\drivers\FWPKCLNT.SYS
+ 2011-06-09 09:31 . 2010-11-20 13:28	223248              c:\windows\system32\drivers\fvevol.sys
+ 2011-06-09 09:31 . 2010-11-20 13:33	289664              c:\windows\system32\drivers\fltMgr.sys
+ 2009-07-13 23:23 . 2009-07-13 23:23	204800              c:\windows\system32\drivers\fastfat.sys
+ 2009-07-13 23:23 . 2009-07-13 23:23	195072              c:\windows\system32\drivers\exfat.sys
+ 2009-06-10 20:36 . 2009-07-14 01:47	530496              c:\windows\system32\drivers\elxstor.sys
+ 2011-06-09 09:30 . 2010-11-20 09:49	258048              c:\windows\system32\drivers\dxgmms1.sys
+ 2011-06-09 09:31 . 2010-11-20 13:33	982912              c:\windows\system32\drivers\dxgkrnl.sys
+ 2009-07-14 00:06 . 2009-07-14 01:01	116224              c:\windows\system32\drivers\drmk.sys
+ 2009-07-14 00:00 . 2009-07-14 00:00	145920              c:\windows\system32\drivers\Dot4.sys
+ 2011-06-09 09:30 . 2010-11-20 09:26	102400              c:\windows\system32\drivers\dfsc.sys
+ 2012-07-11 19:04 . 2012-06-02 05:50	458704              c:\windows\system32\drivers\cng.sys
+ 2011-06-09 09:31 . 2010-11-20 13:32	179072              c:\windows\system32\drivers\Classpnp.sys
+ 2011-06-09 09:30 . 2010-11-20 09:19	147456              c:\windows\system32\drivers\cdrom.sys
+ 2009-06-10 20:34 . 2009-06-10 20:34	468480              c:\windows\system32\drivers\bxvbda.sys
+ 2009-07-14 01:19 . 2009-07-14 01:19	286720              c:\windows\system32\drivers\BrSerId.sys
+ 2009-06-10 20:34 . 2009-06-10 20:34	270848              c:\windows\system32\drivers\b57nd60a.sys
+ 2009-06-05 10:20 . 2009-06-05 10:20	114192              c:\windows\system32\drivers\AtiHdmi.sys
+ 2011-06-09 09:30 . 2010-11-20 13:32	155520              c:\windows\system32\drivers\ataport.sys
+ 2011-12-04 21:23 . 2011-12-04 21:23	138872              c:\windows\system32\drivers\AnyDVD.sys
+ 2009-06-10 20:37 . 2009-07-14 01:52	194128              c:\windows\system32\drivers\amdsbs.sys
+ 2011-04-26 19:46 . 2011-03-11 06:41	107904              c:\windows\system32\drivers\amdsata.sys
+ 2012-02-16 11:15 . 2011-12-28 03:59	498688              c:\windows\system32\drivers\afd.sys
+ 2009-07-13 21:59 . 2009-07-14 01:52	182864              c:\windows\system32\drivers\adpu320.sys
+ 2009-07-13 21:59 . 2009-07-14 01:52	339536              c:\windows\system32\drivers\adpahci.sys
+ 2009-06-10 20:36 . 2009-07-14 01:52	491088              c:\windows\system32\drivers\adp94xx.sys
+ 2011-06-09 09:31 . 2010-11-20 13:32	334208              c:\windows\system32\drivers\acpi.sys
+ 2010-02-24 10:20 . 2010-02-24 10:20	191616              c:\windows\system32\drivers\acedrv11.sys
+ 2011-05-26 19:35 . 2011-05-26 19:49	125440              c:\windows\system32\drivers\acedrv07.sys
+ 2011-06-09 09:31 . 2010-11-20 10:44	229888              c:\windows\system32\drivers\1394ohci.sys
+ 2009-07-14 05:01 . 2012-09-05 09:55	485948              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-04 23:24	485948              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-10-01 17:20 . 2006-11-02 05:04	1919968              c:\windows\system32\drivers\wdfcoinstaller01005.dll
+ 2009-07-13 22:04 . 2009-06-10 21:01	1485312              c:\windows\system32\drivers\VSTDPV6.SYS
+ 2012-05-09 11:08 . 2012-03-30 11:35	1918320              c:\windows\system32\drivers\tcpip.sys
+ 2009-06-10 20:37 . 2009-07-14 01:45	1524816              c:\windows\system32\drivers\ql2300.sys
+ 2011-04-26 19:46 . 2011-03-11 06:41	1659776              c:\windows\system32\drivers\ntfs.sys
+ 2009-06-10 20:35 . 2009-06-10 20:35	5434368              c:\windows\system32\drivers\netw5v64.sys
+ 2009-06-10 20:37 . 2009-06-10 20:37	6108416              c:\windows\system32\drivers\igdkmd64.sys
+ 2009-06-10 20:34 . 2009-06-10 20:34	3286016              c:\windows\system32\drivers\evbda.sys
+ 2009-07-02 18:51 . 2009-07-02 18:51	6036480              c:\windows\system32\drivers\atikmdag.sys
+ 2009-09-22 00:47 . 2009-09-22 00:47	1484800              c:\windows\system32\drivers\athrx.sys
+ 2009-06-10 21:01 . 2009-06-10 21:01	1146880              c:\windows\system32\drivers\agrsm64.sys
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-28 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 135664]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-08-03 107432]
R3 ALSysIO;ALSysIO;c:\users\IMRERU~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\E6AF.tmp [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-25 114144]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [2008-06-17 40464]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-25 1255736]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 sptd;sptd;c:\windows\\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-28 283200]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-09-23 641832]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - C4654BB66A72AF8
*Deregistered* - c4654bb66a72af8
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 16:47]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-15 16:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2010-03-20 96768]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"combofix"="c:\combofix\CF20137.3XE" [2010-11-20 345088]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.faz.net/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 192.168.0.1
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://vpngate.uni-koeln.de/CACHE/stc/3/binaries/vpnweb.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab
DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://vpngate.uni-koeln.de/CACHE/stc/2/binaries/vpnweb.cab
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\71bm362o.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{594D4122-1F87-41E2-96C7-825FB4796516} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\E6AF.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\c4654bb66a72af8]
"ImagePath"="\SystemRoot\System32\Drivers\c4654bb66a72af8.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*VÝw]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*VÝw\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*uF*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*uF*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2814579153-1674331957-496315902-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4AE82A8B-9492-57EB-6383-AD09A3B48B9D}*]
"haefdjmlebbnceaj"=hex:6b,61,6e,63,65,64,68,69,68,61,65,65,62,62,6c,62,64,6b,
   63,6e,69,6b,00,77
"iakdbiejnbblgknbfh"=hex:6b,61,6e,63,65,64,68,69,68,61,65,65,62,62,6c,62,64,6b,
   63,6e,69,6b,00,77
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\NlsSrv32.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-05  12:08:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-05 10:08
ComboFix2.txt  2012-09-04 23:34
ComboFix3.txt  2012-07-24 21:36
.
Vor Suchlauf: 20 Verzeichnis(se), 29.566.103.552 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 28.804.182.016 Bytes frei
.
- - End Of File - - AC19B292BA163F327B6C8B54BA10E157

FSS:

Code:

ATTFilter

Farbar Service Scanner Version: 06-08-2012
Ran by *** (administrator) on 05-09-2012 at 12:17:43
Running from "C:\Users\***\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Die Firewall ist wieder aktiv!

DANKE!

Liebe Grüße

Larusso · 05.09.2012, 11:31

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

sc start bits > look.txt 2>&1
sc start wuauserv >> look.txt 2>&1
notepad look.txt
del %0

Wähle Datei --> Speichern unter
Dateiname: check.bat
Dateityp: Wähle Alle Dateien (*.*)
Speichere die Datei auf deinem Desktop.

Es sollte nun ungefähr so aussehen
Starte die check.bat.

Vista und Win7 User: Mit Rechtsklick "als Administrator starten"

Es wird sich ein Textdokument öffnen, bitte poste den Inhalt hier

akakesios · 05.09.2012, 11:52

Log:

Code:

ATTFilter

[SC] StartService: OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

[SC] StartService: OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

Vielen Dank!

Larusso · 05.09.2012, 15:19

Downloade dir bitte folgende Dateien auf deinem Desktop.

http://download.bleepingcomputer.com...ces/7/BITS.reg

http://download.bleepingcomputer.com...7/wuauserv.reg

Doppelklick auf jede einzelne und erlaube die Modifikation der Registry.
Wenn getan, starte den Rechner neu auf und starte FSS.exe erneut und klicke den Scan Button.

Poste die FSS.txt bitte hier.

akakesios · 05.09.2012, 16:50

Hallo Daniel,

ich konnte Bits.reg nicht hinzufügen. Folgende Fehlermeldung:

..bits.reg kann nicht importiert werden: Nicht alle Daten konnten in der Systemregistrierung eingetragen werden. Einige Schlüssel sind vom System oder anderen Prozessen geöffnet.

Bei wuauserv.reg hat der Eintrag geklappt. Ich habe FSS nicht erneut gestartet.

Vielen Dank!!

Larusso · 05.09.2012, 17:44

Lass mich mal ne FSS Log sehen

akakesios · 05.09.2012, 18:38

FSS Log:

Code:

ATTFilter

Farbar Service Scanner Version: 06-08-2012
Ran by *** (administrator) on 05-09-2012 at 19:37:39
Running from "C:\Users\***\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Disabled Policy: 
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Larusso · 05.09.2012, 19:02

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

for %%g in (
bits
wuauserv
) do (
Reg query "HKLM\System\CurrentControlSet\Services\%%g" /s > look.txt
)
notepad look.txt
del %0

Wähle Datei --> Speichern unter
Dateiname: bla.bat
Dateityp: Wähle Alle Dateien (*.*)
Speichere die Datei auf deinem Desktop.

Es sollte nun ungefähr so aussehen
Starte die bla.bat.

Vista und Win7 User: Mit Rechtsklick "als Administrator starten"

Poste den Inhalt des geöffnentem Textdokument

akakesios · 05.09.2012, 19:06

Code:

ATTFilter

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv
    PreshutdownTimeout    REG_DWORD    0x36ee800
    DisplayName    REG_SZ    @%systemroot%\system32\wuaueng.dll,-105
    ImagePath    REG_EXPAND_SZ    %systemroot%\system32\svchost.exe -k netsvcs
    Description    REG_SZ    @%systemroot%\system32\wuaueng.dll,-106
    ObjectName    REG_SZ    LocalSystem
    ErrorControl    REG_DWORD    0x1
    Start    REG_DWORD    0x2
    DelayedAutoStart    REG_DWORD    0x1
    Type    REG_DWORD    0x20
    DependOnService    REG_MULTI_SZ    rpcss
    ServiceSidType    REG_DWORD    0x1
    RequiredPrivileges    REG_MULTI_SZ    SeAuditPrivilege\0SeCreateGlobalPrivilege\0SeCreatePageFilePrivilege\0SeTcbPrivilege\0SeAssignPrimaryTokenPrivilege\0SeImpersonatePrivilege\0SeIncreaseQuotaPrivilege\0SeShutdownPrivilege
    FailureActions    REG_BINARY    80510100000000000000000003000000140000000100000060EA000000000000000000000000000000000000

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\Parameters
    ServiceDll    REG_EXPAND_SZ    %systemroot%\system32\wuaueng.dll
    ServiceMain    REG_SZ    WUServiceMain
    ServiceDllUnloadOnStop    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\Security
    Security    REG_BINARY    010014807800000084000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200480003000000000014009D00020001010000000000050B00000000001800FF010F000102000000000005200000002002000000001400FF010F00010100000000000512000000010100000000000512000000010100000000000512000000

05.09.2012, 17:44	#12
Larusso /// Selecta Jahrusso	"Mit windows update kann derzeit nicht nach updates gesucht werden" / Firewall nicht aktivierbar Lass mich mal ne FSS Log sehen __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

"Mit windows update kann derzeit nicht nach updates gesucht werden" / Firewall nicht aktivierbar

Plagegeister aller Art und deren Bekämpfung: "Mit windows update kann derzeit nicht nach updates gesucht werden" / Firewall nicht aktivierbar