Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Java Viren seit Java Deinstallation

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.02.2013, 11:12   #1
Gizmo_
 
Java Viren seit Java Deinstallation - Standard

Java Viren seit Java Deinstallation



Hallo liebes TB-Team,

habe gestern im Internet gelesen, dass Java erhebliche Sicherheitsmängel aufweist und daraufhin Java von meinem Laptop deinstalliert. Danach war mein Laptop sehr langsam. Fenster, die ich geöffnet habe, sind in Zeitlupe aufgegangen, sodass es aussah, als würden die Fenster ganz langsam "erscheinen"(wie der eine Effekt in Powerpoint^^). Nach einem Neustart sehen die Fenster wieder normal aus. Habe einen Suchlauf mit Avira gemacht, 12 Java Viren wurden gefunden (habe erst vor einer Woche den letzten Suchlauf gestartet und da fand Avira noch nichts).

Hier meine log-Files:


OTL.txt

Code:
ATTFilter
OTL logfile created on: 05.02.2013 09:51:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Yoshi\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 37,33% Memory free
7,83 Gb Paging File | 5,17 Gb Available in Paging File | 66,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 276,60 Gb Total Space | 5,66 Gb Free Space | 2,05% Space Free | Partition Type: NTFS
Drive F: | 81,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 930,83 Gb Total Space | 329,21 Gb Free Space | 35,37% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOPKERSI | User Name: Kersi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.05 09:49:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yoshi\Downloads\OTL(1).exe
PRC - [2013.02.05 09:46:58 | 000,050,477 | ---- | M] () -- C:\Users\Yoshi\Downloads\Defogger.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.11 16:54:05 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.11 16:53:53 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.11 16:53:53 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.21 15:58:26 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2012.05.09 16:31:12 | 000,577,536 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2012.04.13 09:12:00 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.12.09 18:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011.04.19 07:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2010.12.29 19:54:10 | 000,740,688 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
PRC - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010.10.01 17:49:08 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe
PRC - [2010.10.01 15:49:34 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010.05.08 12:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.12.02 23:00:00 | 000,847,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2009.09.23 15:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009.07.06 20:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2007.06.01 09:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 09:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.05 09:46:58 | 000,050,477 | ---- | M] () -- C:\Users\Yoshi\Downloads\Defogger.exe
MOD - [2010.11.25 04:44:02 | 000,375,280 | ---- | M] () -- c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
MOD - [2010.11.17 16:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010.10.01 15:49:34 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.02.05 00:30:26 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.10.07 14:56:44 | 003,137,840 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.01.09 19:14:17 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.11 16:54:05 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 16:53:53 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.21 15:58:26 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2012.04.13 09:12:00 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.09.17 05:19:27 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Kersi\AppData\Local\Temp\7zS6025\hpslpsvc64.dll -- (HPSLPSVC)
SRV - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.12.29 19:54:24 | 000,440,144 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Programme\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2010.12.21 00:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.12.21 00:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.17 20:46:48 | 000,053,920 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010.11.29 21:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.11.25 11:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010.11.25 11:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010.10.07 14:45:28 | 002,692,400 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2010.10.01 17:49:08 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2010.09.23 00:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.05.08 12:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.11 16:54:09 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.11 16:54:09 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.05 08:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2011.06.16 14:40:20 | 000,176,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011.03.26 03:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.03.17 06:29:56 | 001,416,240 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.10 23:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 23:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.02.05 00:59:50 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.02.04 23:53:42 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.17 20:47:10 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.12.17 20:47:08 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.12.17 20:47:08 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.12.17 20:47:06 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.12.16 23:47:06 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.12.16 23:47:06 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.12.16 23:47:06 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.12.16 23:47:04 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (AthDfu)
DRV:64bit: - [2010.12.01 17:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.11.30 23:02:54 | 000,412,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.29 21:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.24 12:33:24 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.29 19:38:32 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.08.20 10:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010.06.25 15:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.04.09 14:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.04.07 16:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.03.25 09:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.20 10:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010.03.19 09:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.09.28 09:55:42 | 000,051,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys -- (OXSDIDRV_x64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ADFBE265-4C10-4F87-821E-DC52AB64F9A4}
IE:64bit: - HKLM\..\SearchScopes\{ADFBE265-4C10-4F87-821E-DC52AB64F9A4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {ADFBE265-4C10-4F87-821E-DC52AB64F9A4}
IE - HKLM\..\SearchScopes\{ADFBE265-4C10-4F87-821E-DC52AB64F9A4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
IE - HKCU\..\SearchScopes,DefaultScope = {ADFBE265-4C10-4F87-821E-DC52AB64F9A4}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.2.1
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011.08.05 17:55:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.25 14:12:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.09 18:47:59 | 000,000,000 | ---D | M]
 
[2011.08.15 11:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\Extensions
[2012.06.07 09:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\Firefox\Profiles\tk0xsy36.default\extensions
[2012.06.07 09:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\Firefox\Profiles\tk0xsy36.default\extensions\staged
[2011.09.27 22:54:39 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Users\Kersi\AppData\Roaming\mozilla\Firefox\Profiles\tk0xsy36.default\extensions\toolbar@ask.com
[2011.10.21 12:13:46 | 000,583,875 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\testpilot@labs.mozilla.com.xpi
[2012.01.03 15:42:08 | 000,520,337 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011.10.21 12:13:47 | 000,627,675 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.06.07 09:08:39 | 001,184,804 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\staged\testpilot@labs.mozilla.com.xpi
[2012.06.07 09:08:38 | 000,525,079 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.06.07 09:08:35 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Kersi\AppData\Roaming\mozilla\firefox\profiles\tk0xsy36.default\extensions\staged\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.04.07 14:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.25 15:02:05 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.12.17 06:09:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.12.17 02:38:42 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.17 02:38:42 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011.12.17 02:38:42 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011.12.17 02:38:42 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Dell Computer Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4:64bit: - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKLM..\RunOnce: [CTSU] C:\Program Files (x86)\Creative\Software Update\CTSURun.exe (Creative Technology Ltd.)
O4 - HKLM..\RunOnce: [InstallShieldSetup] C:\PROGRA~2\INSTAL~1\{BC124~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{BC124~1\reboot.ini  -l0x7 File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Kersi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6124BFFB-70A1-490A-869C-7047E1C3AEF3}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75BFD33E-46B4-4689-A16C-43114DBF6D90}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6A7C4F5-A233-47EC-A6E5-0882137F6395}: NameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll File not found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe) - C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0293247e-d783-11e0-8968-3859f9760090}\Shell - "" = AutoRun
O33 - MountPoints2\{0293247e-d783-11e0-8968-3859f9760090}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.21 16:17:14 | 000,000,000 | ---D | C] -- C:\Users\Kersi\AppData\Roaming\WinRAR
[2013.01.21 16:17:14 | 000,000,000 | ---D | C] -- C:\Users\Kersi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.21 16:17:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.01.21 16:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.01.13 15:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RStudio
[2013.01.11 14:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2013.01.11 14:09:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative Live! Cam
[2013.01.07 01:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.07 01:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.07 01:08:15 | 000,000,000 | ---D | C] -- C:\Users\Kersi\AppData\Local\Programs
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.05 09:52:00 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\WebReg .job
[2013.02.05 09:47:32 | 000,000,000 | ---- | M] () -- C:\Users\Kersi\defogger_reenable
[2013.02.05 09:46:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.02.05 09:43:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.02.05 09:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.04 23:40:22 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 23:40:22 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 23:33:25 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.02.04 23:32:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.04 23:32:21 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.03 21:26:10 | 001,642,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.03 21:26:10 | 000,708,076 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.03 21:26:10 | 000,663,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.03 21:26:10 | 000,151,828 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.03 21:26:10 | 000,124,774 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.09 18:40:09 | 000,409,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.08 23:37:46 | 001,620,594 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.07 01:08:49 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.05 09:47:32 | 000,000,000 | ---- | C] () -- C:\Users\Kersi\defogger_reenable
[2013.01.07 01:08:49 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.02 09:35:56 | 000,201,966 | ---- | C] () -- C:\Windows\hpwins19.dat
[2011.09.01 12:01:49 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.30 15:38:29 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat
[2011.08.30 15:36:33 | 000,201,966 | ---- | C] () -- C:\Windows\hpwins19.dat.temp
[2011.08.30 15:36:33 | 000,000,997 | ---- | C] () -- C:\Windows\hpwmdl19.dat.temp
[2011.08.05 19:14:13 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.08.05 19:13:33 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.08.05 19:13:29 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.08.05 19:13:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.08.05 19:13:22 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.05 17:45:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.08.05 17:44:55 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.02.11 18:45:27 | 001,620,594 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.08.14 23:37:10 | 000,000,000 | ---D | M] -- C:\Users\Kersi\AppData\Roaming\DigitalPersona
[2011.11.20 10:31:57 | 000,000,000 | ---D | M] -- C:\Users\Kersi\AppData\Roaming\Epson
[2011.08.16 20:23:56 | 000,000,000 | ---D | M] -- C:\Users\Kersi\AppData\Roaming\PCDr
[2011.08.31 09:16:10 | 000,000,000 | ---D | M] -- C:\Users\Kersi\AppData\Roaming\PhotoFiltre
 
========== Purity Check ==========
 
 

< End of report >
         




Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 05.02.2013 09:51:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Yoshi\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,92 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 37,33% Memory free
7,83 Gb Paging File | 5,17 Gb Available in Paging File | 66,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 276,60 Gb Total Space | 5,66 Gb Free Space | 2,05% Space Free | Partition Type: NTFS
Drive F: | 81,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 930,83 Gb Total Space | 329,21 Gb Free Space | 35,37% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOPKERSI | User Name: Kersi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3587A0C0-1EC3-4345-825B-FDBA96FB5C7C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3EF01DD3-9B6C-4880-AF26-BB81BC6C305D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{5C81E03E-DB3E-4A28-AB34-2A7B601CEBFD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5C8963FE-3AFB-4458-A181-A0F8F9E08DB8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5E1F2858-B134-444A-8833-D4242279B345}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{619C9527-52FD-46AE-A21B-6A990D99767E}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent - update | 
"{66C24403-6CA2-4C87-8B11-009157F23697}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{68C0882D-61BC-4C4C-B3E1-BE8AE93613A1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6EF97E1C-EAE8-44C2-9CF7-95112CF27616}" = rport=445 | protocol=6 | dir=out | app=system | 
"{70CDAC83-DCC9-45AC-B713-67000B09BDE1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{793377EE-C56F-43DC-8E7D-C70C44EABD5A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7A1472E6-EDEF-458D-AFDD-4C2D9729C39B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{890D9966-AE4B-4FA8-B3E0-B397176745AE}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{89A2624B-6472-4083-BCE0-0A5614323ACF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8FE33200-A884-4192-850A-32FBD2FD4FE5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9352FA7F-4AA0-47E4-A041-B24D33B92701}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{967F230B-F5ED-4E35-B4CC-931BDCFB1891}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A768EBB1-50B8-467D-9455-76792DDE02D9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BE90127B-14F3-49CF-9522-8CED91EEC7EA}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C1ED3D8F-A71E-4447-A530-4FFFF6817BF0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C9F2F2CB-DAFC-4B3F-810A-3DC049BC9F75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CAF9752C-F0D3-4689-9C8D-FF25330F6056}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D2D308E7-8781-4B5E-A87B-572867791A68}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DAF80082-643F-4E86-BD62-57B15E301B2F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EC25FBC3-EAC5-4A8D-8483-52948987A838}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ED8FD923-2D1A-4031-B17A-6BFF3CC088EE}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent - broadcast | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C480C8-FDCB-4273-A9D5-7872FA945D57}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{1F6D00B4-A0AE-4968-A9C8-7F192A919154}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{20235AE5-2683-4F5A-A078-96D1166CB56D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{20FFA239-92D1-46F9-AAE8-25BC80ABED19}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{23F1BFB9-2A0B-404A-9D09-768711A3701F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{295B5177-A056-4953-96E8-4B53A7CD142B}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htc sync\htcsyncloader.exe | 
"{2DFD026C-4372-4C84-B079-A63339E30B06}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{2E6527EA-2E14-40D9-A514-5688CC4C981E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{41112723-9D25-41D2-A44E-1A740073DD9A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{4222B3DD-045E-422F-9B58-70C686184407}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5F056231-B7E9-4A0E-A05B-5B758E8E59E1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7718A546-F049-4611-A118-3027B21CABBD}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe | 
"{79733A63-E9DB-4E32-9A0C-582E9E891B2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7E3D32E1-26CF-41F9-82BD-B0B8C11573B2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8012AF6C-5A20-4F5A-A22E-FD2A6D93AE58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{81606167-2E03-4424-B53B-9905516371FF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8E226DEF-159C-4CCF-8788-7B04904A89F2}" = protocol=6 | dir=out | app=system | 
"{97E9DE23-6B37-4AAC-809D-072E5F0E4017}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A351C94F-80FA-443C-9DF7-889608B8FEDF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A42622D8-F8C4-4BEE-9083-9B9C4C98C93D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A9D1CCE1-4308-4652-8D77-7F3654FB634E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AE64B437-5E62-45BF-944E-C0C1516EABE4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{B433F2E4-A41D-41A7-97FA-1A33C77DE106}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{BA1C33BB-5064-437D-95B9-B69419306CBE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C3ED1D2B-A80E-4F75-9D02-5D41EB99CE00}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{CAA6895D-BD5D-4A98-939E-C0E8F0B94C28}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{CAC190DC-8207-46D8-A93E-5D7ACA833B33}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{D407C6FD-A4FC-45AD-AC2E-1642FA9E86BE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D8FE5719-A322-4B20-AECA-F5BCB2EADC63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D933D19E-F403-4B6F-81EF-7936D9F826B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DD205CE4-DFAE-4B13-9A7A-8BBAACE3A277}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E6A1AF81-7DAD-413D-891E-5AEBC0BCD1DA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F1B59442-5AB8-4AF3-828A-ADA38CCA42F0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{F366F347-BAB3-4C8D-A2BA-BEEA4E7BE8F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{1483A6E6-8F43-4275-931F-112B4B7E9402}C:\users\yoshi\appdata\roaming\icq\application\icq7.7\icq.exe" = protocol=6 | dir=in | app=c:\users\yoshi\appdata\roaming\icq\application\icq7.7\icq.exe | 
"TCP Query User{28D6BC67-3253-487C-9662-FA23579A8768}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{653CD78E-5C2F-476B-9D62-2BF9690C730A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{CBF25348-60A7-4F08-8C3F-FEF816AD1EFD}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{4C6D9D31-C9FE-436C-8185-DAB3C9ED4B39}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{5F4A6D1C-4B6F-4AE0-B083-8C28B298DA6F}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{ED6D0CC7-574C-45B9-BA01-061C7C08D17A}C:\users\yoshi\appdata\roaming\icq\application\icq7.7\icq.exe" = protocol=17 | dir=in | app=c:\users\yoshi\appdata\roaming\icq\application\icq7.7\icq.exe | 
"UDP Query User{F46E4061-C46F-461F-9278-96A6C4502115}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{08AABBF5-353E-43E5-9E38-94989DDE600C}" = Iomega Encryption
"{10AAF056-7792-497A-ACAF-3BF002196574}" = Validity Sensors DDK
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{18C99C4F-6BAB-84D1-261B-EC1099610C63}" = ATI AVIVO64 Codecs
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{480C331C-C21E-F744-DBFF-98F8F2B0D4AC}" = ATI Catalyst Install Manager
"{50B4B603-A4C6-4739-AE96-6C76A0F8A388}" = Dell Backup and Recovery Manager
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{729F2EAD-6283-7CFE-E5DB-03C653A309E0}" = ccc-utility64
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C0C2D40A-1231-46FA-8F02-B45E6BF2036A}" = DigitalPersona Fingerprint Software 5.20
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"EPSON BX305 Series" = Druckerdeinstallation für EPSON BX305 Series
"GIMP-2_is1" = GIMP 2.8.2
"HP Smart Web Printing" = HP Smart Web Printing
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"R for Windows 2.13.2_is1" = R for Windows 2.13.2
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04FCD5DE-1662-4F99-BDA9-C57212113EF2}" = RemoteComms External Disk Access
"{07E10D8F-9E63-9334-4902-192A954E3B64}" = CCC Help Norwegian
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0FA0F736-0851-C84A-08AE-D2F39C188B83}" = PX Profile Update
"{17422E25-DCC9-9192-6FC7-A0E8B324A7C9}" = CCC Help Finnish
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2554B5A7-330A-D672-0F4B-D960F4F4F428}" = CCC Help German
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C6F513-5800-96BF-12EA-B4C7DC7DD671}" = Catalyst Control Center InstallProxy
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{41CE67B3-7766-4CC0-9E5A-D28DF12072E7}" = HTC Sync Manager
"{428C0601-9461-B6C8-D6D6-191FF8308410}" = ccc-core-static
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{46314378-EB8B-46B4-A790-4CFD0461ADA1}" = Catalyst Control Center - Branding
"{470AE5CD-6626-2D2A-6123-5D898D8813E5}" = CCC Help Japanese
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5765DDB0-6A73-F8CB-006E-76168E3DE49F}" = CCC Help Danish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5CFB494B-1A52-82E3-9EB2-8E21084390F6}" = CCC Help Swedish
"{5D2E23BC-C6A2-BB50-E738-B756F8040E65}" = CCC Help English
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68998208-3CED-2259-C735-92F0C0D57620}" = Catalyst Control Center Localization All
"{69D91A61-4328-08DD-E0FB-D011E324F610}" = Catalyst Control Center Profiles Mobile
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7CA87328-1AFA-3B5C-A279-C917D299E0CB}" = CCC Help Italian
"{8328181F-5C6B-9304-DDDC-85BE47A3B917}" = CCC Help Spanish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{878F597D-BA4C-2694-55E9-F1AE1988B144}" = CCC Help Portuguese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.1.3.1
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BA22076-945C-F764-4D33-2AF4DFE6A3F0}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1024FE-2009-2350-446F-3A6E00E5181A}" = CCC Help Russian
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B28FC637-A783-FE1C-8488-CAA05F11B690}" = CCC Help Chinese Traditional
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5EB9B5A-2964-D5A3-869A-520448200FC3}" = PowerXpressHybrid
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9454417-3019-FDB1-272B-A64F39202E3C}" = CCC Help Korean
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EDA023EF-0F82-4030-BF23-5283C1EE1031}" = Nero 7 Essentials
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9C53AC8-C288-5727-1856-5B641CDFA2C1}" = CCC Help Dutch
"{FC687ED0-69A9-67E7-0219-55CFB9B643CC}" = CCC Help Chinese Standard
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"EADM" = EA Download Manager
"EPSON BX305 Series Manual" = EPSON BX305 Series Handbuch
"EPSON BX305 Series Network Guide" = EPSON BX305 Series Netzwerk-Handbuch
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"FileHippo.com" = FileHippo.com Update Checker
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 9.0 (x86 en-GB)" = Mozilla Firefox 9.0 (x86 en-GB)
"RStudio" = RStudio
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.02.2013 10:06:41 | Computer Name = LaptopKersi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Updater.exe, Version: 5.10.1.44067,
 Zeitstempel: 0x5000146c  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x009f00c4  ID des fehlerhaften
 Prozesses: 0x774  Startzeit der fehlerhaften Anwendung: 0x01ce02178d7bedc1  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Updater\Updater.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: ee8fce88-6e0a-11e2-9ae0-3859f9760090
 
Error - 03.02.2013 11:45:29 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 03.02.2013 11:45:29 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 03.02.2013 11:45:34 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 03.02.2013 17:27:51 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 04.02.2013 10:57:04 | Computer Name = LaptopKersi | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.02.2013 11:57:42 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 04.02.2013 11:57:42 | Computer Name = LaptopKersi | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC 
 
Error - 04.02.2013 11:59:51 | Computer Name = LaptopKersi | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.02.2013 18:33:30 | Computer Name = LaptopKersi | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 03.02.2013 11:45:17 | Computer Name = LaptopKersi | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 03.02.2013 11:45:17 | Computer Name = LaptopKersi | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 04.02.2013 10:58:01 | Computer Name = LaptopKersi | Source = DCOM | ID = 10016
Description = 
 
Error - 04.02.2013 10:58:50 | Computer Name = LaptopKersi | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
Error - 04.02.2013 10:59:02 | Computer Name = LaptopKersi | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 04.02.2013 11:01:07 | Computer Name = LaptopKersi | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP Network Devices Support" wurde nicht richtig gestartet.
 
Error - 04.02.2013 12:00:50 | Computer Name = LaptopKersi | Source = DCOM | ID = 10016
Description = 
 
Error - 04.02.2013 12:18:38 | Computer Name = LaptopKersi | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?02.?2013 um 17:09:16 unerwartet heruntergefahren.
 
Error - 04.02.2013 18:34:05 | Computer Name = LaptopKersi | Source = DCOM | ID = 10016
Description = 
 
Error - 04.02.2013 20:42:54 | Computer Name = LaptopKersi | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >
         
gmer.txt

Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-05 10:43:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST320LT0 rev.0001 298,09GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\Kersi\AppData\Local\Temp\uxdyyfow.sys


---- User code sections - GMER 2.0 ----

.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17             00000000762d1401 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17               00000000762d1419 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17             00000000762d1431 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42             00000000762d144a 2 bytes [2D, 76]
.text  ...                                                                                                                                 * 9
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                00000000762d14dd 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17         00000000762d14f5 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                00000000762d150d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17         00000000762d1525 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17               00000000762d153d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                    00000000762d1555 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17             00000000762d156d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17               00000000762d1585 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                  00000000762d159d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17               00000000762d15b5 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17             00000000762d15cd 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20         00000000762d16b2 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31         00000000762d16bd 2 bytes [2D, 76]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      00000000762d1401 2 bytes [2D, 76]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        00000000762d1419 2 bytes [2D, 76]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      00000000762d1431 2 bytes [2D, 76]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      00000000762d144a 2 bytes [2D, 76]
.text  ...                                                                                                                                 * 9
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000762d14dd 2 bytes [2D, 76]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000762d14f5 2 bytes [2D, 76]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         00000000762d150d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  00000000762d1525 2 bytes [2D, 76]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        00000000762d153d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             00000000762d1555 2 bytes [2D, 76]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      00000000762d156d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        00000000762d1585 2 bytes [2D, 76]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           00000000762d159d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000762d15b5 2 bytes [2D, 76]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000762d15cd 2 bytes [2D, 76]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000762d16b2 2 bytes [2D, 76]
.text  C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[2264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000762d16bd 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                           00000000762d1401 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                             00000000762d1419 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                           00000000762d1431 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                           00000000762d144a 2 bytes [2D, 76]
.text  ...                                                                                                                                 * 9
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                              00000000762d14dd 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                       00000000762d14f5 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                              00000000762d150d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                       00000000762d1525 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                             00000000762d153d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                  00000000762d1555 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                           00000000762d156d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                             00000000762d1585 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                00000000762d159d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                             00000000762d15b5 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                           00000000762d15cd 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                       00000000762d16b2 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[2348] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                       00000000762d16bd 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                            00000000762d1401 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                              00000000762d1419 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                            00000000762d1431 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                            00000000762d144a 2 bytes [2D, 76]
.text  ...                                                                                                                                 * 9
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                               00000000762d14dd 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                        00000000762d14f5 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                               00000000762d150d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                        00000000762d1525 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                              00000000762d153d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                   00000000762d1555 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                            00000000762d156d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                              00000000762d1585 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                 00000000762d159d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                              00000000762d15b5 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                            00000000762d15cd 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                        00000000762d16b2 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[3708] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                        00000000762d16bd 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                       00000000762d1401 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                         00000000762d1419 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                       00000000762d1431 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                       00000000762d144a 2 bytes [2D, 76]
.text  ...                                                                                                                                 * 9
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                          00000000762d14dd 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                   00000000762d14f5 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                          00000000762d150d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                   00000000762d1525 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                         00000000762d153d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                              00000000762d1555 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                       00000000762d156d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                         00000000762d1585 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                            00000000762d159d 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                         00000000762d15b5 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                       00000000762d15cd 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                   00000000762d16b2 2 bytes [2D, 76]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                   00000000762d16bd 2 bytes [2D, 76]

---- Registry - GMER 2.0 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f9760090                                                         
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f9760090 (not active ControlSet)                                     

---- EOF - GMER 2.0 ----
         
(zu gmer: Obwohl nachdem ich nach dem Scan die Datei gespeichert hab, ist sie nicht auf dem Desktop bzw. dem angegebem Pfad aufgetaucht. Habe deswegen auf "copy" geklickt und das in einen Editor reingespeichert. Passt hoffentlich!)


Habe hoffentlich alles richtig gemacht!
Vielen Dank schon mal im Voraus für eure Hilfe!!

Alt 06.02.2013, 11:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java Viren seit Java Deinstallation - Standard

Java Viren seit Java Deinstallation





Zitat:
Habe einen Suchlauf mit Avira gemacht, 12 Java Viren wurden gefunden (habe erst vor einer Woche den letzten Suchlauf gestartet und da fand Avira noch nichts).
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.


Bevor wir uns an weitere die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________

__________________

Alt 06.02.2013, 13:21   #3
Gizmo_
 
Java Viren seit Java Deinstallation - Standard

Java Viren seit Java Deinstallation



Hi cosinus,

Danke für deine Hilfe! Habe die Anleitung gelesen.

Als ich an den Laptop musste, hatte ich wieder das Problem mit den langsam "erscheinenden" Fenstern. Auch beim hoch- und runterfahren ergaben sich seltsame Übergänge...also z.B. wurde es beim hochfahren schrittweise von nem dunklen Bildschirm heller, bis mein normaler Desktophintergrund sichtbar war (irgendwie schwer das zu beschreiben). Hab gestern noch Scans von Avira und Malwarebytes durchlaufen lassen. Bei den Scans von gestern wurde aber nichts mehr gefunden. Habe im Anschluss noch den CCleaner durchlaufen lassen.

Hier die ganzen Logs:

1. Avira Suchdurchlauf (mit 12 Funden)

Code:
ATTFilter
Exported events:

05.02.2013 09:25 [System Scanner] Malware found
      The file 
      'C:\Users\Yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\51dd7b2c-1d819
      a72'
      contained a virus or unwanted program 'JAVA/Lamar.QU.3' [virus]
      Action(s) taken:
      The file was moved to the quarantine directory under the name '5994603f.qua'!
         
Komischerweise wurde mir nur für einen der 12 gefundenen Viren angezeigt, ob ich diesen in Quarantäne setzen möchte. Die anderen werden in der exportierten Datei gar nicht angezeigt.
In dem report file von dem damaligen Suchdurchlauf werden aber alle angezeigt.

Hier der Log dazu

Code:
ATTFilter
Avira Free Antivirus
Report file date: Dienstag, 5. Februar 2013  00:05


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira Free Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows 7 Professional
Windows version : (Service Pack 1)  [6.1.7601]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : LAPTOPKERSI

Version information:
BUILD.DAT       : 13.0.0.2890    48567 Bytes  05.12.2012 17:18:00
AVSCAN.EXE      : 13.6.0.402    639264 Bytes  11.12.2012 15:53:54
AVSCANRC.DLL    : 13.4.0.360     54560 Bytes  11.12.2012 15:53:54
LUKE.DLL        : 13.6.0.400     67360 Bytes  11.12.2012 15:54:05
AVSCPLR.DLL     : 13.6.0.402     93984 Bytes  10.12.2012 16:53:08
AVREG.DLL       : 13.6.0.406    248096 Bytes  10.12.2012 16:53:08
avlode.dll      : 13.6.1.402    428832 Bytes  10.12.2012 16:53:09
avlode.rdf      : 13.0.0.36      10917 Bytes  29.01.2013 15:51:45
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  06.11.2009 14:50:29
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  14.12.2010 14:50:31
VBASE002.VDF    : 7.11.19.170 14374912 Bytes  20.12.2011 14:50:34
VBASE003.VDF    : 7.11.21.238  4472832 Bytes  01.02.2012 14:50:36
VBASE004.VDF    : 7.11.26.44   4329472 Bytes  28.03.2012 14:50:37
VBASE005.VDF    : 7.11.34.116  4034048 Bytes  29.06.2012 14:42:40
VBASE006.VDF    : 7.11.41.250  4902400 Bytes  06.09.2012 14:42:40
VBASE007.VDF    : 7.11.50.230  3904512 Bytes  22.11.2012 15:35:20
VBASE008.VDF    : 7.11.55.142  2214912 Bytes  03.01.2013 14:19:52
VBASE009.VDF    : 7.11.55.143     2048 Bytes  03.01.2013 14:19:52
VBASE010.VDF    : 7.11.55.144     2048 Bytes  03.01.2013 14:19:52
VBASE011.VDF    : 7.11.55.145     2048 Bytes  03.01.2013 14:19:52
VBASE012.VDF    : 7.11.55.146     2048 Bytes  03.01.2013 14:19:52
VBASE013.VDF    : 7.11.55.196   260096 Bytes  04.01.2013 13:56:32
VBASE014.VDF    : 7.11.56.23    206848 Bytes  07.01.2013 18:20:12
VBASE015.VDF    : 7.11.56.83    186880 Bytes  08.01.2013 21:39:39
VBASE016.VDF    : 7.11.56.145   135168 Bytes  09.01.2013 09:19:25
VBASE017.VDF    : 7.11.56.211   139776 Bytes  11.01.2013 08:58:48
VBASE018.VDF    : 7.11.57.11    153088 Bytes  13.01.2013 23:19:49
VBASE019.VDF    : 7.11.57.75    165888 Bytes  15.01.2013 14:45:13
VBASE020.VDF    : 7.11.57.163   190976 Bytes  17.01.2013 15:18:22
VBASE021.VDF    : 7.11.57.219   119808 Bytes  18.01.2013 11:03:41
VBASE022.VDF    : 7.11.58.7     167936 Bytes  21.01.2013 15:36:08
VBASE023.VDF    : 7.11.58.49    140288 Bytes  22.01.2013 20:22:25
VBASE024.VDF    : 7.11.58.119   137728 Bytes  24.01.2013 09:57:40
VBASE025.VDF    : 7.11.58.175   132608 Bytes  25.01.2013 23:28:23
VBASE026.VDF    : 7.11.58.213   116736 Bytes  27.01.2013 21:48:11
VBASE027.VDF    : 7.11.59.68   1887744 Bytes  31.01.2013 15:53:44
VBASE028.VDF    : 7.11.59.159   431104 Bytes  04.02.2013 22:37:52
VBASE029.VDF    : 7.11.59.160     2048 Bytes  04.02.2013 22:37:53
VBASE030.VDF    : 7.11.59.161     2048 Bytes  04.02.2013 22:37:53
VBASE031.VDF    : 7.11.59.174    21504 Bytes  04.02.2013 22:37:53
Engine version  : 8.2.10.246
AEVDF.DLL       : 8.1.2.10      102772 Bytes  19.09.2012 14:42:55
AESCRIPT.DLL    : 8.1.4.86      467323 Bytes  31.01.2013 15:53:47
AESCN.DLL       : 8.1.10.0      131445 Bytes  14.12.2012 14:00:55
AESBX.DLL       : 8.2.5.12      606578 Bytes  28.08.2012 16:58:06
AERDL.DLL       : 8.2.0.88      643444 Bytes  11.01.2013 11:16:25
AEPACK.DLL      : 8.3.1.2       819574 Bytes  20.12.2012 22:54:14
AEOFFICE.DLL    : 8.1.2.50      201084 Bytes  05.11.2012 15:57:03
AEHEUR.DLL      : 8.1.4.194    5710199 Bytes  01.02.2013 20:50:35
AEHELP.DLL      : 8.1.25.2      258423 Bytes  12.10.2012 15:52:32
AEGEN.DLL       : 8.1.6.16      434549 Bytes  24.01.2013 21:15:15
AEEXP.DLL       : 8.3.0.18      188789 Bytes  31.01.2013 15:53:47
AEEMU.DLL       : 8.1.3.2       393587 Bytes  19.09.2012 14:42:55
AECORE.DLL      : 8.1.30.0      201079 Bytes  14.12.2012 14:00:54
AEBB.DLL        : 8.1.1.4        53619 Bytes  05.11.2012 15:57:01
AVWINLL.DLL     : 13.4.0.163     25888 Bytes  19.09.2012 18:09:30
AVPREF.DLL      : 13.4.0.360     50464 Bytes  11.12.2012 15:53:54
AVREP.DLL       : 13.4.0.360    177952 Bytes  10.12.2012 16:53:08
AVARKT.DLL      : 13.6.0.402    260384 Bytes  11.12.2012 15:53:51
AVEVTLOG.DLL    : 13.6.0.400    167200 Bytes  11.12.2012 15:53:53
SQLITE3.DLL     : 3.7.0.1       397088 Bytes  19.09.2012 18:17:40
AVSMTP.DLL      : 13.4.0.163     62240 Bytes  19.09.2012 18:08:55
NETNT.DLL       : 13.4.0.360     15648 Bytes  11.12.2012 15:54:05
RCIMAGE.DLL     : 13.4.0.360   4782880 Bytes  11.12.2012 15:53:50
RCTEXT.DLL      : 13.4.0.360     66336 Bytes  11.12.2012 15:53:50

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, G:, 
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Deviating risk categories...........: +SPR,

Start of the scan: Dienstag, 5. Februar 2013  00:05

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '93' Module(s) have been scanned
Scan process 'svchost.exe' - '129' Module(s) have been scanned
Scan process 'svchost.exe' - '156' Module(s) have been scanned
Scan process 'svchost.exe' - '79' Module(s) have been scanned
Scan process 'vcsFPService.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '73' Module(s) have been scanned
Scan process 'atieclxx.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '72' Module(s) have been scanned
Scan process 'spoolsv.exe' - '99' Module(s) have been scanned
Scan process 'DpHostW.exe' - '86' Module(s) have been scanned
Scan process 'sched.exe' - '47' Module(s) have been scanned
Scan process 'eEBSVC.exe' - '40' Module(s) have been scanned
Scan process 'armsvc.exe' - '28' Module(s) have been scanned
Scan process 'AERTSr64.exe' - '8' Module(s) have been scanned
Scan process 'avguard.exe' - '77' Module(s) have been scanned
Scan process 'Ath_CoexAgent.exe' - '40' Module(s) have been scanned
Scan process 'adminservice.exe' - '30' Module(s) have been scanned
Scan process 'cvpnd.exe' - '57' Module(s) have been scanned
Scan process 'DCService.exe' - '37' Module(s) have been scanned
Scan process 'HSMServiceEntry.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'PassThruSvr.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'PSIA.exe' - '80' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '75' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '17' Module(s) have been scanned
Scan process 'taskhost.exe' - '44' Module(s) have been scanned
Scan process 'DPAgent.exe' - '60' Module(s) have been scanned
Scan process 'Dwm.exe' - '40' Module(s) have been scanned
Scan process 'Explorer.EXE' - '169' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'USBVaccine.exe' - '36' Module(s) have been scanned
Scan process 'DCSHelper.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '58' Module(s) have been scanned
Scan process 'RtkNGUI64.exe' - '51' Module(s) have been scanned
Scan process 'igfxtray.exe' - '33' Module(s) have been scanned
Scan process 'hkcmd.exe' - '32' Module(s) have been scanned
Scan process 'igfxpers.exe' - '42' Module(s) have been scanned
Scan process 'FF_Protection.exe' - '39' Module(s) have been scanned
Scan process 'BtvStack.exe' - '90' Module(s) have been scanned
Scan process 'AthBtTray.exe' - '47' Module(s) have been scanned
Scan process 'quickset.exe' - '60' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned
Scan process 'DbrmTrayicon.exe' - '43' Module(s) have been scanned
Scan process 'DPAgent.exe' - '20' Module(s) have been scanned
Scan process 'sidebar.exe' - '100' Module(s) have been scanned
Scan process 'E_IATIGJE.EXE' - '30' Module(s) have been scanned
Scan process 'E_IATIGJE.EXE' - '31' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '54' Module(s) have been scanned
Scan process 'StikyNot.exe' - '44' Module(s) have been scanned
Scan process 'psi_tray.exe' - '33' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '57' Module(s) have been scanned
Scan process 'SignalIslandUi.exe' - '89' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '17' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'PDVD9Serv.exe' - '36' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '109' Module(s) have been scanned
Scan process 'RoxioBurnLauncher.exe' - '68' Module(s) have been scanned
Scan process 'MOM.exe' - '73' Module(s) have been scanned
Scan process 'winampa.exe' - '32' Module(s) have been scanned
Scan process 'FUFAXSTM.exe' - '91' Module(s) have been scanned
Scan process 'avgnt.exe' - '91' Module(s) have been scanned
Scan process 'WebcamDell2.exe' - '56' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '49' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '61' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'CCC.exe' - '175' Module(s) have been scanned
Scan process 'TurboBoost.exe' - '26' Module(s) have been scanned
Scan process 'DllHost.exe' - '41' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'LMS.exe' - '33' Module(s) have been scanned
Scan process 'NASvc.exe' - '46' Module(s) have been scanned
Scan process 'UNS.exe' - '45' Module(s) have been scanned
Scan process 'sua.exe' - '23' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '101' Module(s) have been scanned
Scan process 'splwow64.exe' - '45' Module(s) have been scanned
Scan process 'firefox.exe' - '112' Module(s) have been scanned
Scan process 'avcenter.exe' - '93' Module(s) have been scanned
Scan process 'avscan.exe' - '123' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'taskmgr.exe' - '52' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '29' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '27' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'lsass.exe' - '77' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '3604' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\Users\Yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\51dd7b2c-1d819a72
    [0] Archive type: ZIP
    --> Additional.class
        [DETECTION] Contains recognition pattern of the JAVA/Jogek.TP Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> BAsoxo.class
        [DETECTION] Contains recognition pattern of the JAVA/Treams.JS.1 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> Bobnam.class
        [DETECTION] Contains recognition pattern of the JAVA/Lamar.QS.4 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> Grouiz.class
        [DETECTION] Contains recognition pattern of the JAVA/Jogek.UD Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> Iusus.class
        [DETECTION] Contains recognition pattern of the EXP/2013-0422.AA exploit
        [WARNING]   Infected files in archives cannot be repaired
    --> MAsla.class
        [DETECTION] Contains recognition pattern of the JAVA/Jogek.VU Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> Omototro.class
        [DETECTION] Contains recognition pattern of the JAVA/Jogek.VV Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> Tawwer.class
        [DETECTION] Contains recognition pattern of the JAVA/Lamar.RT.1 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> Tidura.class
        [DETECTION] Contains recognition pattern of the JAVA/Treams.JA.3 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> Vlast.class
        [DETECTION] Contains recognition pattern of the JAVA/Jogek.VW Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> YOpuiso.class
        [DETECTION] Contains recognition pattern of the JAVA/Treams.JB.3 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> Yusioir.class
        [DETECTION] Contains recognition pattern of the JAVA/Lamar.QU.3 Java virus
        [WARNING]   Infected files in archives cannot be repaired
Begin scan in 'G:\' <Iomega_HDD>

Beginning disinfection:
C:\Users\Yoshi\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\51dd7b2c-1d819a72
  [DETECTION] Contains recognition pattern of the JAVA/Lamar.QU.3 Java virus
  [NOTE]      The file was moved to the quarantine directory under the name '5994603f.qua'!


End of the scan: Dienstag, 5. Februar 2013  09:25
Used time:  2:00:12 Hour(s)

The scan has been done completely.

  30097 Scanned directories
 1715783 Files were scanned
     12 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      1 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 1715771 Files not concerned
  21395 Archives were scanned
     12 Warnings
      1 Notes
 876334 Objects were scanned with rootkit scan
      0 Hidden objects were found
         

Wie gesagt, der Avira Suchdurchlauf von gestern hat nichts ergeben.

Bevor ich den (positiven) Avira Scan durchlaufen lassen hab, hab ich noch nen Quick Scan mit Malwarebytes gemacht. Da wurde nichts gefunden. In dem kompletten Scan von Malwarebytes, den ich gestern durchlaufen lassen hab, wurde auch nichts gefunden.
Die Logs sind wahrscheinlich sinnlos, aber ich poste sie trotzdem mal.

Quick Scan:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.06.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Yoshi :: LAPTOPKERSI [limited]

05.02.2013 00:00:17
mbam-log-2013-02-05 (00-00-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 175334
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
kompletter Scan

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.06.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Yoshi :: LAPTOPKERSI [limited]

05.02.2013 00:00:17
mbam-log-2013-02-05 (00-00-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 175334
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         


Habe mir Malwarebytes Anti-Rootkit heruntergeladen und einen Scan durchlaufen lassen. Aber auch hier wurde nichts gefunden.
Der Log dazu:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kersi :: LAPTOPKERSI [administrator]

06.02.2013 12:56:54
mbar-log-2013-02-06 (12-56-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29574
Time elapsed: 12 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Kann das sein, dass das in Quarantäne setzen des einen JAVA-Virus' alle anderen deaktiviert hat oder warum finden die Scanner plötzlich nichts mehr?

Gerade ist mein Laptop wieder normal, was das Anzeigen der Fenster etc. angeht. Muss das überhaupt durch Viren o.Ä. zustande gekommen sein oder kann das auch auf Probleme mit der Graphikkarte oder sowas in der Art hindeuten?

LG
__________________

Geändert von Gizmo_ (06.02.2013 um 13:43 Uhr)

Alt 06.02.2013, 14:27   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java Viren seit Java Deinstallation - Standard

Java Viren seit Java Deinstallation



Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.02.2013, 19:00   #5
Gizmo_
 
Java Viren seit Java Deinstallation - Standard

Java Viren seit Java Deinstallation



Hi,

Das ist mein ganz normaler Laptop. Professional ist drauf, weil das bei dem Laptop, als ich ihn gekauft hab, drauf war... Wusste nicht, dass es Unsinn ist Professional für den Heimgebrauch zu verwenden.


Alt 06.02.2013, 21:35   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java Viren seit Java Deinstallation - Standard

Java Viren seit Java Deinstallation



Naja, manche nehmen diese Edititon für den XP-Mode, aber wenn ich eine Pro sehe vermute ich auch immer gewerbliche Nutzung

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
--> Java Viren seit Java Deinstallation

Alt 06.02.2013, 23:47   #7
Gizmo_
 
Java Viren seit Java Deinstallation - Standard

Java Viren seit Java Deinstallation



Hi,

hier der Log von aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-06 22:57:40
-----------------------------
22:57:40.780    OS Version: Windows x64 6.1.7601 Service Pack 1
22:57:40.781    Number of processors: 4 586 0x2A07
22:57:40.783    ComputerName: LAPTOPKERSI  UserName: Kersi
22:57:41.746    Initialize success
22:59:16.174    AVAST engine defs: 13020600
22:59:51.394    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:59:51.409    Disk 0 Vendor: ST320LT0 0001 Size: 305245MB BusType: 3
22:59:51.440    Disk 0 MBR read successfully
22:59:51.440    Disk 0 MBR scan
22:59:51.456    Disk 0 Windows VISTA default MBR code
22:59:51.456    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0      101 MB offset 63
22:59:51.472    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        21900 MB offset 208896
22:59:51.487    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       283242 MB offset 45060096
22:59:51.550    Disk 0 scanning C:\Windows\system32\drivers
23:00:05.806    Service scanning
23:00:32.486    Modules scanning
23:00:32.504    Disk 0 trace - called modules:
23:00:32.522    ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll 
23:00:32.527    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006612060]
23:00:32.531    3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa80064c0cb0]
23:00:32.534    5 stdcfltn.sys[fffff88001b53c52] -> nt!IofCallDriver -> [0xfffffa8004b0b3d0]
23:00:32.538    7 ACPI.sys[fffff88000f0a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b11050]
23:00:33.671    AVAST engine scan C:\Windows
23:00:36.877    AVAST engine scan C:\Windows\system32
23:04:01.712    AVAST engine scan C:\Windows\system32\drivers
23:04:18.294    AVAST engine scan C:\Users\Kersi
23:07:57.642    AVAST engine scan C:\ProgramData
23:12:15.314    Scan finished successfully
23:14:13.687    Disk 0 MBR has been saved successfully to "C:\Users\Kersi\Desktop\MBR.dat"
23:14:13.703    The log file has been saved successfully to "C:\Users\Kersi\Desktop\aswMBR.txt"
23:15:44.989    Disk 0 MBR has been saved successfully to "C:\Users\Kersi\Desktop\MBR.dat"
23:15:44.993    The log file has been saved successfully to "C:\Users\Kersi\Desktop\aswMBR.txt"
23:16:35.710    Disk 0 MBR has been saved successfully to "C:\Users\Kersi\Desktop\MBR.dat"
23:16:35.710    The log file has been saved successfully to "C:\Users\Kersi\Desktop\aswMBR.txt"
23:17:06.525    Disk 0 MBR has been saved successfully to "C:\Users\Kersi\Documents\MBR.dat"
23:17:06.525    The log file has been saved successfully to "C:\Users\Kersi\Documents\aswMBR.txt"
23:18:16.846    Disk 0 MBR has been saved successfully to "C:\Users\Kersi\Desktop\MBR.dat"
23:18:16.846    The log file has been saved successfully to "C:\Users\Kersi\Desktop\aswMBR2.txt"
23:19:08.408    Disk 0 MBR has been saved successfully to "C:\Users\Kersi\Desktop\MBR.dat"
23:19:08.408    The log file has been saved successfully to "C:\Users\Kersi\Desktop\aswMBR.txt"
23:20:58.616    Disk 0 MBR has been saved successfully to "C:\MBR.dat"
23:20:58.632    The log file has been saved successfully to "C:\aswMBR.txt"
         
Ich hab die Datei blöderweise die ersten Male nach dem abspeichern nicht gefunden. Ein paar Anläufe waren dazu nötig, deswegen kann man die letzten ~10 Zeilen wohl ignorieren^^


Hier der Log von TDSS-Killer:

Code:
ATTFilter
23:31:29.0287 2456  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:31:29.0489 2456  ============================================================
23:31:29.0489 2456  Current date / time: 2013/02/06 23:31:29.0489
23:31:29.0489 2456  SystemInfo:
23:31:29.0489 2456  
23:31:29.0489 2456  OS Version: 6.1.7601 ServicePack: 1.0
23:31:29.0490 2456  Product type: Workstation
23:31:29.0490 2456  ComputerName: LAPTOPKERSI
23:31:29.0490 2456  UserName: Kersi
23:31:29.0490 2456  Windows directory: C:\Windows
23:31:29.0490 2456  System windows directory: C:\Windows
23:31:29.0490 2456  Running under WOW64
23:31:29.0490 2456  Processor architecture: Intel x64
23:31:29.0490 2456  Number of processors: 4
23:31:29.0490 2456  Page size: 0x1000
23:31:29.0490 2456  Boot type: Normal boot
23:31:29.0490 2456  ============================================================
23:31:30.0419 2456  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 

0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 

0x00000040
23:31:30.0435 2456  Drive \Device\Harddisk1\DR1 - Size: 0xE8B51B6000 (930.83 Gb), SectorSize: 

0x1000, Cylinders: 0x3B55, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:31:30.0766 2456  ============================================================
23:31:30.0766 2456  \Device\Harddisk0\DR0:
23:31:30.0766 2456  MBR partitions:
23:31:30.0766 2456  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33000, 

BlocksNum 0x2AC6000
23:31:30.0766 2456  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2AF9000, 

BlocksNum 0x229352B0
23:31:30.0766 2456  \Device\Harddisk1\DR1:
23:31:30.0766 2456  MBR partitions:
23:31:30.0766 2456  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x100, BlocksNum 

0xE8B4F00
23:31:30.0766 2456  ============================================================
23:31:30.0813 2456  C: <-> \Device\Harddisk0\DR0\Partition2
23:31:30.0829 2456  G: <-> \Device\Harddisk1\DR1\Partition1
23:31:30.0829 2456  ============================================================
23:31:30.0829 2456  Initialize success
23:31:30.0829 2456  ============================================================
23:33:42.0366 6160  ============================================================
23:33:42.0366 6160  Scan started
23:33:42.0366 6160  Mode: Manual; SigCheck; TDLFS; 
23:33:42.0366 6160  ============================================================
23:33:43.0400 6160  ================ Scan system memory ========================
23:33:43.0400 6160  System memory - ok
23:33:43.0400 6160  ================ Scan services =============================
23:33:43.0540 6160  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows

\system32\drivers\1394ohci.sys
23:33:43.0774 6160  1394ohci - ok
23:33:43.0805 6160  [ AEDB94A49236F5FF060C90E09E70281F ] Acceler         C:\Windows

\system32\DRIVERS\Accelern.sys
23:33:43.0899 6160  Acceler - ok
23:33:43.0946 6160  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows

\system32\drivers\ACPI.sys
23:33:43.0977 6160  ACPI - ok
23:33:43.0992 6160  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows

\system32\drivers\acpipmi.sys
23:33:44.0119 6160  AcpiPmi - ok
23:33:44.0235 6160  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files 

(x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:33:44.0260 6160  AdobeARMservice - ok
23:33:44.0423 6160  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows

\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:33:44.0454 6160  AdobeFlashPlayerUpdateSvc - ok
23:33:44.0501 6160  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows

\system32\drivers\adp94xx.sys
23:33:44.0547 6160  adp94xx - ok
23:33:44.0579 6160  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows

\system32\drivers\adpahci.sys
23:33:44.0610 6160  adpahci - ok
23:33:44.0610 6160  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows

\system32\drivers\adpu320.sys
23:33:44.0625 6160  adpu320 - ok
23:33:44.0641 6160  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows

\System32\aelupsvc.dll
23:33:44.0766 6160  AeLookupSvc - ok
23:33:44.0828 6160  [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files

\Realtek\Audio\HDA\AERTSr64.exe
23:33:44.0859 6160  AERTFilters - ok
23:33:44.0891 6160  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows

\system32\drivers\afd.sys
23:33:45.0015 6160  AFD - ok
23:33:45.0047 6160  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows

\system32\drivers\agp440.sys
23:33:45.0082 6160  agp440 - ok
23:33:45.0114 6160  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows

\System32\alg.exe
23:33:45.0216 6160  ALG - ok
23:33:45.0235 6160  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows

\system32\drivers\aliide.sys
23:33:45.0243 6160  aliide - ok
23:33:45.0277 6160  [ EC9904687265F3274583258AA435B405 ] AMD External Events Utility C:

\Windows\system32\atiesrxx.exe
23:33:45.0397 6160  AMD External Events Utility - ok
23:33:45.0397 6160  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows

\system32\drivers\amdide.sys
23:33:45.0412 6160  amdide - ok
23:33:45.0428 6160  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows

\system32\drivers\amdk8.sys
23:33:45.0475 6160  AmdK8 - ok
23:33:45.0646 6160  [ 1E04097AC7637F11257003D5DB8780D6 ] amdkmdag        C:\Windows

\system32\DRIVERS\atikmdag.sys
23:33:45.0865 6160  amdkmdag - ok
23:33:45.0896 6160  [ 3796C675884092141D5ECE9B2689D113 ] amdkmdap        C:\Windows

\system32\DRIVERS\atikmpag.sys
23:33:45.0943 6160  amdkmdap - ok
23:33:45.0943 6160  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows

\system32\drivers\amdppm.sys
23:33:45.0974 6160  AmdPPM - ok
23:33:46.0036 6160  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows

\system32\drivers\amdsata.sys
23:33:46.0052 6160  amdsata - ok
23:33:46.0079 6160  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows

\system32\drivers\amdsbs.sys
23:33:46.0092 6160  amdsbs - ok
23:33:46.0112 6160  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows

\system32\drivers\amdxata.sys
23:33:46.0119 6160  amdxata - ok
23:33:46.0194 6160  [ D89562A6AE8E07A457452E5B5560EB43 ] AntiVirSchedulerService C:\Program 

Files (x86)\Avira\AntiVir Desktop\sched.exe
23:33:46.0209 6160  AntiVirSchedulerService - ok
23:33:46.0245 6160  [ E953EB70B3C4F0BA108C35D45420B86B ] AntiVirService  C:\Program Files 

(x86)\Avira\AntiVir Desktop\avguard.exe
23:33:46.0252 6160  AntiVirService - ok
23:33:46.0287 6160  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows

\system32\drivers\appid.sys
23:33:46.0466 6160  AppID - ok
23:33:46.0497 6160  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows

\System32\appidsvc.dll
23:33:46.0591 6160  AppIDSvc - ok
23:33:46.0653 6160  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows

\System32\appinfo.dll
23:33:46.0747 6160  Appinfo - ok
23:33:46.0794 6160  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows

\System32\appmgmts.dll
23:33:46.0887 6160  AppMgmt - ok
23:33:46.0919 6160  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows

\system32\drivers\arc.sys
23:33:46.0934 6160  arc - ok
23:33:46.0965 6160  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows

\system32\drivers\arcsas.sys
23:33:46.0965 6160  arcsas - ok
23:33:47.0059 6160  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows

\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:33:47.0090 6160  aspnet_state - ok
23:33:47.0090 6160  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows

\system32\DRIVERS\asyncmac.sys
23:33:47.0184 6160  AsyncMac - ok
23:33:47.0231 6160  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows

\system32\drivers\atapi.sys
23:33:47.0246 6160  atapi - ok
23:33:47.0293 6160  [ CBE61B4494165F458BD87E37181EE934 ] AthBTPort       C:\Windows

\system32\DRIVERS\btath_flt.sys
23:33:47.0309 6160  AthBTPort - ok
23:33:47.0340 6160  [ 4119870B90E1B5E7797D6433D21F9216 ] AthDfu          C:\Windows

\System32\Drivers\AthDfu.sys
23:33:47.0355 6160  AthDfu - ok
23:33:47.0402 6160  [ 67B8BD46E8626C348688930244761DAB ] Atheros Bt&Wlan Coex Agent C:\Program 

Files (x86)\Dell Wireless\Ath_CoexAgent.exe
23:33:47.0449 6160  Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - warning
23:33:47.0449 6160  Atheros Bt&Wlan Coex Agent - detected UnsignedFile.Multi.Generic (1)
23:33:47.0480 6160  [ 8430ED17CEF0D7878B25776E02508957 ] AtherosSvc      C:\Program Files 

(x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
23:33:47.0511 6160  AtherosSvc - ok
23:33:47.0605 6160  [ 782D36BAD8DDBF008D02E055DBE70F82 ] athr            C:\Windows

\system32\DRIVERS\athrx.sys
23:33:47.0761 6160  athr - ok
23:33:47.0839 6160  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows

\System32\Audiosrv.dll
23:33:47.0964 6160  AudioEndpointBuilder - ok
23:33:48.0011 6160  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows

\System32\Audiosrv.dll
23:33:48.0042 6160  AudioSrv - ok
23:33:48.0073 6160  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows

\system32\DRIVERS\avgntflt.sys
23:33:48.0130 6160  avgntflt - ok
23:33:48.0151 6160  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows

\system32\DRIVERS\avipbb.sys
23:33:48.0185 6160  avipbb - ok
23:33:48.0212 6160  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows

\system32\DRIVERS\avkmgr.sys
23:33:48.0257 6160  avkmgr - ok
23:33:48.0309 6160  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows

\System32\AxInstSV.dll
23:33:48.0423 6160  AxInstSV - ok
23:33:48.0454 6160  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows

\system32\drivers\bxvbda.sys
23:33:48.0563 6160  b06bdrv - ok
23:33:48.0595 6160  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows

\system32\DRIVERS\b57nd60a.sys
23:33:48.0673 6160  b57nd60a - ok
23:33:48.0766 6160  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows

\System32\bdesvc.dll
23:33:48.0844 6160  BDESVC - ok
23:33:48.0860 6160  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows

\system32\drivers\Beep.sys
23:33:48.0922 6160  Beep - ok
23:33:49.0000 6160  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows

\System32\bfe.dll
23:33:49.0118 6160  BFE - ok
23:33:49.0172 6160  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows

\System32\qmgr.dll
23:33:49.0255 6160  BITS - ok
23:33:49.0300 6160  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows

\system32\DRIVERS\blbdrive.sys
23:33:49.0357 6160  blbdrive - ok
23:33:49.0394 6160  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows

\system32\DRIVERS\bowser.sys
23:33:49.0472 6160  bowser - ok
23:33:49.0503 6160  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows

\system32\drivers\BrFiltLo.sys
23:33:49.0550 6160  BrFiltLo - ok
23:33:49.0550 6160  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows

\system32\drivers\BrFiltUp.sys
23:33:49.0566 6160  BrFiltUp - ok
23:33:49.0612 6160  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows

\System32\browser.dll
23:33:49.0722 6160  Browser - ok
23:33:49.0753 6160  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows

\System32\Drivers\Brserid.sys
23:33:49.0846 6160  Brserid - ok
23:33:49.0846 6160  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows

\System32\Drivers\BrSerWdm.sys
23:33:49.0893 6160  BrSerWdm - ok
23:33:49.0893 6160  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows

\System32\Drivers\BrUsbMdm.sys
23:33:49.0924 6160  BrUsbMdm - ok
23:33:49.0924 6160  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows

\System32\Drivers\BrUsbSer.sys
23:33:49.0940 6160  BrUsbSer - ok
23:33:50.0002 6160  [ 227C8F308DE4AF4808E587465CEAB838 ] BTATH_A2DP      C:\Windows

\system32\drivers\btath_a2dp.sys
23:33:50.0034 6160  BTATH_A2DP - ok
23:33:50.0080 6160  [ A83A91D07D1FE6BBE7A9DB46CA00434B ] BTATH_BUS       C:\Windows

\system32\DRIVERS\btath_bus.sys
23:33:50.0098 6160  BTATH_BUS - ok
23:33:50.0111 6160  [ C864FF85EE16D61C2BDD5EF76824625F ] BTATH_HCRP      C:\Windows

\system32\DRIVERS\btath_hcrp.sys
23:33:50.0119 6160  BTATH_HCRP - ok
23:33:50.0140 6160  [ 0DEA505EFB5D771826D177EF8B8A208F ] BTATH_LWFLT     C:\Windows

\system32\DRIVERS\btath_lwflt.sys
23:33:50.0146 6160  BTATH_LWFLT - ok
23:33:50.0157 6160  [ 724C8088C96EFE7A3E63FEC21D4681C0 ] BTATH_RCP       C:\Windows

\system32\DRIVERS\btath_rcp.sys
23:33:50.0165 6160  BTATH_RCP - ok
23:33:50.0178 6160  [ 486720DA2B3BB13D1080C83140C18B56 ] BtFilter        C:\Windows

\system32\DRIVERS\btfilter.sys
23:33:50.0187 6160  BtFilter - ok
23:33:50.0265 6160  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows

\system32\drivers\BthEnum.sys
23:33:50.0344 6160  BthEnum - ok
23:33:50.0367 6160  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows

\system32\drivers\bthmodem.sys
23:33:50.0429 6160  BTHMODEM - ok
23:33:50.0461 6160  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows

\system32\DRIVERS\bthpan.sys
23:33:50.0523 6160  BthPan - ok
23:33:50.0585 6160  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows

\System32\Drivers\BTHport.sys
23:33:50.0663 6160  BTHPORT - ok
23:33:50.0726 6160  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows

\system32\bthserv.dll
23:33:50.0773 6160  bthserv - ok
23:33:50.0835 6160  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows

\System32\Drivers\BTHUSB.sys
23:33:50.0897 6160  BTHUSB - ok
23:33:50.0944 6160  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows

\system32\DRIVERS\cdfs.sys
23:33:51.0022 6160  cdfs - ok
23:33:51.0128 6160  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows

\system32\DRIVERS\cdrom.sys
23:33:51.0156 6160  cdrom - ok
23:33:51.0176 6160  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows

\System32\certprop.dll
23:33:51.0272 6160  CertPropSvc - ok
23:33:51.0308 6160  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows

\system32\drivers\circlass.sys
23:33:51.0353 6160  circlass - ok
23:33:51.0373 6160  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows

\system32\CLFS.sys
23:33:51.0420 6160  CLFS - ok
23:33:51.0482 6160  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:

\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:33:51.0498 6160  clr_optimization_v2.0.50727_32 - ok
23:33:51.0545 6160  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:

\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:33:51.0576 6160  clr_optimization_v2.0.50727_64 - ok
23:33:51.0638 6160  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:

\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:33:51.0654 6160  clr_optimization_v4.0.30319_32 - ok
23:33:51.0685 6160  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:

\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:33:51.0716 6160  clr_optimization_v4.0.30319_64 - ok
23:33:51.0732 6160  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows

\system32\DRIVERS\CmBatt.sys
23:33:51.0794 6160  CmBatt - ok
23:33:51.0810 6160  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows

\system32\drivers\cmdide.sys
23:33:51.0826 6160  cmdide - ok
23:33:51.0919 6160  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows

\system32\Drivers\cng.sys
23:33:51.0950 6160  CNG - ok
23:33:51.0997 6160  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows

\system32\DRIVERS\compbatt.sys
23:33:51.0997 6160  Compbatt - ok
23:33:52.0028 6160  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows

\system32\DRIVERS\CompositeBus.sys
23:33:52.0075 6160  CompositeBus - ok
23:33:52.0106 6160  COMSysApp - ok
23:33:52.0138 6160  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows

\system32\drivers\crcdisk.sys
23:33:52.0169 6160  crcdisk - ok
23:33:52.0231 6160  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows

\system32\cryptsvc.dll
23:33:52.0325 6160  CryptSvc - ok
23:33:52.0356 6160  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows

\system32\drivers\csc.sys
23:33:52.0434 6160  CSC - ok
23:33:52.0465 6160  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows

\System32\cscsvc.dll
23:33:52.0543 6160  CscService - ok
23:33:52.0684 6160  [ DF214BFF646880D0EB31BDC86136B29B ] CtClsFlt        C:\Windows

\system32\DRIVERS\CtClsFlt.sys
23:33:52.0730 6160  CtClsFlt - ok
23:33:52.0777 6160  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows

\system32\DRIVERS\CVirtA64.sys
23:33:52.0840 6160  CVirtA - ok
23:33:52.0902 6160  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND           C:\Program Files 

(x86)\Cisco Systems\VPN Client\cvpnd.exe
23:33:52.0949 6160  CVPND - ok
23:33:52.0996 6160  [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA        C:\Windows

\system32\Drivers\CVPNDRVA.sys
23:33:53.0058 6160  CVPNDRVA - ok
23:33:53.0105 6160  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows

\system32\rpcss.dll
23:33:53.0195 6160  DcomLaunch - ok
23:33:53.0285 6160  [ CC8B5C964B777F4EC3E89F13B4B5FF0F ] DCService.exe   C:\ProgramData

\DatacardService\DCService.exe
23:33:53.0328 6160  DCService.exe ( UnsignedFile.Multi.Generic ) - warning
23:33:53.0328 6160  DCService.exe - detected UnsignedFile.Multi.Generic (1)
23:33:53.0384 6160  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows

\System32\defragsvc.dll
23:33:53.0466 6160  defragsvc - ok
23:33:53.0498 6160  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows

\system32\Drivers\dfsc.sys
23:33:53.0576 6160  DfsC - ok
23:33:53.0622 6160  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows

\system32\dhcpcore.dll
23:33:53.0700 6160  Dhcp - ok
23:33:53.0732 6160  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows

\system32\drivers\discache.sys
23:33:53.0810 6160  discache - ok
23:33:53.0903 6160  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows

\system32\drivers\disk.sys
23:33:53.0934 6160  Disk - ok
23:33:53.0966 6160  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows

\system32\drivers\dmvsc.sys
23:33:54.0012 6160  dmvsc - ok
23:33:54.0044 6160  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows

\system32\DRIVERS\dne64x.sys
23:33:54.0044 6160  DNE - ok
23:33:54.0075 6160  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows

\System32\dnsrslvr.dll
23:33:54.0159 6160  Dnscache - ok
23:33:54.0192 6160  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows

\System32\dot3svc.dll
23:33:54.0273 6160  dot3svc - ok
23:33:54.0375 6160  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows

\system32\DRIVERS\Dot4.sys
23:33:54.0409 6160  Dot4 - ok
23:33:54.0503 6160  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows

\system32\DRIVERS\Dot4Prt.sys
23:33:54.0565 6160  Dot4Print - ok
23:33:54.0596 6160  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows

\system32\DRIVERS\dot4usb.sys
23:33:54.0659 6160  dot4usb - ok
23:33:54.0721 6160  [ C43618154FC0C8480F53B04BA7A2F371 ] DpHost          C:\Program Files

\DigitalPersona\Bin\DpHostW.exe
23:33:54.0752 6160  DpHost - ok
23:33:54.0784 6160  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows

\system32\dps.dll
23:33:54.0862 6160  DPS - ok
23:33:54.0893 6160  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows

\system32\drivers\drmkaud.sys
23:33:54.0955 6160  drmkaud - ok
23:33:55.0018 6160  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows

\System32\drivers\dxgkrnl.sys
23:33:55.0049 6160  DXGKrnl - ok
23:33:55.0064 6160  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows

\System32\eapsvc.dll
23:33:55.0142 6160  EapHost - ok
23:33:55.0246 6160  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows

\system32\drivers\evbda.sys
23:33:55.0373 6160  ebdrv - ok
23:33:55.0463 6160  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows

\System32\lsass.exe
23:33:55.0494 6160  EFS - ok
23:33:55.0541 6160  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome

\ehRecvr.exe
23:33:55.0666 6160  ehRecvr - ok
23:33:55.0728 6160  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome

\ehsched.exe
23:33:55.0775 6160  ehSched - ok
23:33:55.0853 6160  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows

\system32\drivers\elxstor.sys
23:33:55.0915 6160  elxstor - ok
23:33:56.0071 6160  [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program 

Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
23:33:56.0102 6160  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
23:33:56.0102 6160  EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
23:33:56.0118 6160  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows

\system32\drivers\errdev.sys
23:33:56.0134 6160  ErrDev - ok
23:33:56.0201 6160  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows

\system32\es.dll
23:33:56.0287 6160  EventSystem - ok
23:33:56.0343 6160  [ 23B79B19F49A037EBA4A9A3BB03ED91D ] ewusbnet        C:\Windows

\system32\DRIVERS\ewusbnet.sys
23:33:56.0427 6160  ewusbnet - ok
23:33:56.0458 6160  [ E2CBB821C7CAE0EF8B56DE28ED85C740 ] ew_hwusbdev     C:\Windows

\system32\DRIVERS\ew_hwusbdev.sys
23:33:56.0505 6160  ew_hwusbdev - ok
23:33:56.0521 6160  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows

\system32\drivers\exfat.sys
23:33:56.0552 6160  exfat - ok
23:33:56.0583 6160  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows

\system32\drivers\fastfat.sys
23:33:56.0661 6160  fastfat - ok
23:33:56.0724 6160  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows

\system32\fxssvc.exe
23:33:56.0833 6160  Fax - ok
23:33:56.0864 6160  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows

\system32\drivers\fdc.sys
23:33:56.0911 6160  fdc - ok
23:33:56.0942 6160  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows

\system32\fdPHost.dll
23:33:56.0973 6160  fdPHost - ok
23:33:56.0989 6160  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows

\system32\fdrespub.dll
23:33:57.0051 6160  FDResPub - ok
23:33:57.0098 6160  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows

\system32\drivers\fileinfo.sys
23:33:57.0098 6160  FileInfo - ok
23:33:57.0114 6160  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows

\system32\drivers\filetrace.sys
23:33:57.0200 6160  Filetrace - ok
23:33:57.0221 6160  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows

\system32\drivers\flpydisk.sys
23:33:57.0232 6160  flpydisk - ok
23:33:57.0254 6160  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows

\system32\drivers\fltmgr.sys
23:33:57.0268 6160  FltMgr - ok
23:33:57.0311 6160  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows

\system32\FntCache.dll
23:33:57.0431 6160  FontCache - ok
23:33:57.0463 6160  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows

\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:33:57.0494 6160  FontCache3.0.0.0 - ok
23:33:57.0509 6160  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows

\system32\drivers\FsDepends.sys
23:33:57.0525 6160  FsDepends - ok
23:33:57.0587 6160  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows

\system32\drivers\Fs_Rec.sys
23:33:57.0603 6160  Fs_Rec - ok
23:33:57.0619 6160  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows

\system32\DRIVERS\fvevol.sys
23:33:57.0634 6160  fvevol - ok
23:33:57.0650 6160  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows

\system32\drivers\gagp30kx.sys
23:33:57.0665 6160  gagp30kx - ok
23:33:57.0697 6160  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows

\System32\gpsvc.dll
23:33:57.0759 6160  gpsvc - ok
23:33:57.0775 6160  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows

\system32\drivers\hcw85cir.sys
23:33:57.0837 6160  hcw85cir - ok
23:33:57.0884 6160  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows

\system32\drivers\HdAudio.sys
23:33:57.0946 6160  HdAudAddService - ok
23:33:57.0977 6160  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows

\system32\DRIVERS\HDAudBus.sys
23:33:58.0024 6160  HDAudBus - ok
23:33:58.0055 6160  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows

\system32\drivers\HidBatt.sys
23:33:58.0102 6160  HidBatt - ok
23:33:58.0133 6160  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows

\system32\drivers\hidbth.sys
23:33:58.0194 6160  HidBth - ok
23:33:58.0224 6160  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows

\system32\drivers\hidir.sys
23:33:58.0236 6160  HidIr - ok
23:33:58.0249 6160  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows

\system32\hidserv.dll
23:33:58.0277 6160  hidserv - ok
23:33:58.0301 6160  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows

\system32\DRIVERS\hidusb.sys
23:33:58.0311 6160  HidUsb - ok
23:33:58.0328 6160  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows

\system32\kmsvc.dll
23:33:58.0383 6160  hkmsvc - ok
23:33:58.0415 6160  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows

\system32\ListSvc.dll
23:33:58.0442 6160  HomeGroupListener - ok
23:33:58.0473 6160  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows

\system32\provsvc.dll
23:33:58.0504 6160  HomeGroupProvider - ok
23:33:58.0520 6160  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows

\system32\drivers\HpSAMD.sys
23:33:58.0535 6160  HpSAMD - ok
23:33:58.0738 6160  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Users\Kersi

\AppData\Local\Temp\7zS6025\hpslpsvc64.dll
23:33:58.0832 6160  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
23:33:58.0832 6160  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
23:33:58.0925 6160  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\Windows

\system32\Drivers\ANDROIDUSB.sys
23:33:59.0003 6160  HTCAND64 - ok
23:33:59.0159 6160  [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService C:\Program Files 

(x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
23:33:59.0179 6160  HTCMonitorService - ok
23:33:59.0256 6160  [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot        C:\Windows

\system32\DRIVERS\htcnprot.sys
23:33:59.0294 6160  htcnprot - ok
23:33:59.0329 6160  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows

\system32\drivers\HTTP.sys
23:33:59.0408 6160  HTTP - ok
23:33:59.0440 6160  [ 08B1A06A55F068A17A51BA26618CF50F ] huawei_enumerator C:\Windows

\system32\DRIVERS\ew_jubusenum.sys
23:33:59.0503 6160  huawei_enumerator - ok
23:33:59.0535 6160  [ 6E5CD3984742A922D0C183C7E82C3C94 ] hwdatacard      C:\Windows

\system32\DRIVERS\ewusbmdm.sys
23:33:59.0628 6160  hwdatacard - ok
23:33:59.0644 6160  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows

\system32\drivers\hwpolicy.sys
23:33:59.0675 6160  hwpolicy - ok
23:33:59.0722 6160  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows

\system32\DRIVERS\i8042prt.sys
23:33:59.0753 6160  i8042prt - ok
23:33:59.0815 6160  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows

\system32\drivers\iaStor.sys
23:33:59.0862 6160  iaStor - ok
23:33:59.0893 6160  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows

\system32\drivers\iaStorV.sys
23:33:59.0909 6160  iaStorV - ok
23:33:59.0956 6160  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows

\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:34:00.0003 6160  idsvc - ok
23:34:00.0018 6160  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows

\system32\drivers\iirsp.sys
23:34:00.0018 6160  iirsp - ok
23:34:00.0065 6160  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows

\System32\ikeext.dll
23:34:00.0174 6160  IKEEXT - ok
23:34:00.0264 6160  [ 8FED6428FDE53D7F4C105095F22524BE ] IntcAzAudAddService C:\Windows

\system32\drivers\RTKVHD64.sys
23:34:00.0331 6160  IntcAzAudAddService - ok
23:34:00.0356 6160  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows

\system32\DRIVERS\IntcDAud.sys
23:34:00.0380 6160  IntcDAud - ok
23:34:00.0399 6160  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows

\system32\drivers\intelide.sys
23:34:00.0407 6160  intelide - ok
23:34:00.0622 6160  [ 795C99DC4F574C97C03D0BB39CF099EE ] intelkmd        C:\Windows

\system32\DRIVERS\igdpmd64.sys
23:34:00.0949 6160  intelkmd - ok
23:34:00.0981 6160  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows

\system32\DRIVERS\intelppm.sys
23:34:01.0027 6160  intelppm - ok
23:34:01.0074 6160  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows

\system32\ipbusenum.dll
23:34:01.0168 6160  IPBusEnum - ok
23:34:01.0199 6160  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows

\system32\DRIVERS\ipfltdrv.sys
23:34:01.0231 6160  IpFilterDriver - ok
23:34:01.0311 6160  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows

\System32\iphlpsvc.dll
23:34:01.0400 6160  iphlpsvc - ok
23:34:01.0418 6160  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows

\system32\drivers\IPMIDrv.sys
23:34:01.0451 6160  IPMIDRV - ok
23:34:01.0457 6160  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows

\system32\drivers\ipnat.sys
23:34:01.0490 6160  IPNAT - ok
23:34:01.0522 6160  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows

\system32\drivers\irenum.sys
23:34:01.0584 6160  IRENUM - ok
23:34:01.0600 6160  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows

\system32\drivers\isapnp.sys
23:34:01.0615 6160  isapnp - ok
23:34:01.0615 6160  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows

\system32\drivers\msiscsi.sys
23:34:01.0631 6160  iScsiPrt - ok
23:34:01.0662 6160  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows

\system32\DRIVERS\kbdclass.sys
23:34:01.0678 6160  kbdclass - ok
23:34:01.0693 6160  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows

\system32\drivers\kbdhid.sys
23:34:01.0756 6160  kbdhid - ok
23:34:01.0787 6160  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows

\system32\lsass.exe
23:34:01.0787 6160  KeyIso - ok
23:34:01.0865 6160  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows

\system32\Drivers\ksecdd.sys
23:34:01.0896 6160  KSecDD - ok
23:34:01.0912 6160  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows

\system32\Drivers\ksecpkg.sys
23:34:01.0927 6160  KSecPkg - ok
23:34:01.0943 6160  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows

\system32\drivers\ksthunk.sys
23:34:02.0005 6160  ksthunk - ok
23:34:02.0052 6160  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows

\system32\msdtckrm.dll
23:34:02.0130 6160  KtmRm - ok
23:34:02.0177 6160  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows

\system32\srvsvc.dll
23:34:02.0259 6160  LanmanServer - ok
23:34:02.0286 6160  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows

\System32\wkssvc.dll
23:34:02.0365 6160  LanmanWorkstation - ok
23:34:02.0405 6160  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows

\system32\DRIVERS\lltdio.sys
23:34:02.0467 6160  lltdio - ok
23:34:02.0510 6160  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows

\System32\lltdsvc.dll
23:34:02.0557 6160  lltdsvc - ok
23:34:02.0588 6160  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows

\System32\lmhsvc.dll
23:34:02.0666 6160  lmhosts - ok
23:34:02.0729 6160  [ 7F32D4C47A50E7223491E8FB9359907D ] LMS             C:\Program Files 

(x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:34:02.0776 6160  LMS - ok
23:34:02.0822 6160  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows

\system32\drivers\lsi_fc.sys
23:34:02.0854 6160  LSI_FC - ok
23:34:02.0854 6160  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows

\system32\drivers\lsi_sas.sys
23:34:02.0869 6160  LSI_SAS - ok
23:34:02.0869 6160  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows

\system32\drivers\lsi_sas2.sys
23:34:02.0869 6160  LSI_SAS2 - ok
23:34:02.0885 6160  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows

\system32\drivers\lsi_scsi.sys
23:34:02.0900 6160  LSI_SCSI - ok
23:34:02.0916 6160  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows

\system32\drivers\luafv.sys
23:34:02.0994 6160  luafv - ok
23:34:03.0010 6160  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows

\system32\Mcx2Svc.dll
23:34:03.0072 6160  Mcx2Svc - ok
23:34:03.0103 6160  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows

\system32\drivers\megasas.sys
23:34:03.0103 6160  megasas - ok
23:34:03.0119 6160  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows

\system32\drivers\MegaSR.sys
23:34:03.0134 6160  MegaSR - ok
23:34:03.0166 6160  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows

\system32\DRIVERS\HECIx64.sys
23:34:03.0212 6160  MEIx64 - ok
23:34:03.0245 6160  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows

\system32\mmcss.dll
23:34:03.0274 6160  MMCSS - ok
23:34:03.0289 6160  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows

\system32\drivers\modem.sys
23:34:03.0370 6160  Modem - ok
23:34:03.0400 6160  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows

\system32\DRIVERS\monitor.sys
23:34:03.0449 6160  monitor - ok
23:34:03.0478 6160  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows

\system32\DRIVERS\mouclass.sys
23:34:03.0487 6160  mouclass - ok
23:34:03.0501 6160  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows

\system32\DRIVERS\mouhid.sys
23:34:03.0517 6160  mouhid - ok
23:34:03.0532 6160  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows

\system32\drivers\mountmgr.sys
23:34:03.0563 6160  mountmgr - ok
23:34:03.0579 6160  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows

\system32\drivers\mpio.sys
23:34:03.0595 6160  mpio - ok
23:34:03.0626 6160  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows

\system32\drivers\mpsdrv.sys
23:34:03.0673 6160  mpsdrv - ok
23:34:03.0688 6160  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows

\system32\mpssvc.dll
23:34:03.0735 6160  MpsSvc - ok
23:34:03.0735 6160  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows

\system32\drivers\mrxdav.sys
23:34:03.0797 6160  MRxDAV - ok
23:34:03.0844 6160  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows

\system32\DRIVERS\mrxsmb.sys
23:34:03.0922 6160  mrxsmb - ok
23:34:03.0953 6160  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows

\system32\DRIVERS\mrxsmb10.sys
23:34:03.0985 6160  mrxsmb10 - ok
23:34:04.0000 6160  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows

\system32\DRIVERS\mrxsmb20.sys
23:34:04.0000 6160  mrxsmb20 - ok
23:34:04.0031 6160  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows

\system32\drivers\msahci.sys
23:34:04.0063 6160  msahci - ok
23:34:04.0078 6160  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows

\system32\drivers\msdsm.sys
23:34:04.0094 6160  msdsm - ok
23:34:04.0109 6160  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows

\System32\msdtc.exe
23:34:04.0156 6160  MSDTC - ok
23:34:04.0203 6160  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows

\system32\drivers\Msfs.sys
23:34:04.0272 6160  Msfs - ok
23:34:04.0311 6160  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows

\System32\drivers\mshidkmdf.sys
23:34:04.0380 6160  mshidkmdf - ok
23:34:04.0421 6160  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows

\system32\drivers\msisadrv.sys
23:34:04.0429 6160  msisadrv - ok
23:34:04.0461 6160  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows

\system32\iscsiexe.dll
23:34:04.0494 6160  MSiSCSI - ok
23:34:04.0497 6160  msiserver - ok
23:34:04.0524 6160  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows

\system32\drivers\MSKSSRV.sys
23:34:04.0586 6160  MSKSSRV - ok
23:34:04.0617 6160  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows

\system32\drivers\MSPCLOCK.sys
23:34:04.0695 6160  MSPCLOCK - ok
23:34:04.0711 6160  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows

\system32\drivers\MSPQM.sys
23:34:04.0742 6160  MSPQM - ok
23:34:04.0773 6160  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows

\system32\drivers\MsRPC.sys
23:34:04.0789 6160  MsRPC - ok
23:34:04.0805 6160  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows

\system32\DRIVERS\mssmbios.sys
23:34:04.0805 6160  mssmbios - ok
23:34:04.0820 6160  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows

\system32\drivers\MSTEE.sys
23:34:04.0851 6160  MSTEE - ok
23:34:04.0851 6160  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows

\system32\drivers\MTConfig.sys
23:34:04.0867 6160  MTConfig - ok
23:34:04.0883 6160  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows

\system32\Drivers\mup.sys
23:34:04.0898 6160  Mup - ok
23:34:04.0914 6160  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows

\system32\qagentRT.dll
23:34:04.0945 6160  napagent - ok
23:34:04.0976 6160  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows

\system32\DRIVERS\nwifi.sys
23:34:05.0054 6160  NativeWifiP - ok
23:34:05.0195 6160  [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate        C:\Program Files 

(x86)\Nero\Update\NASvc.exe
23:34:05.0210 6160  NAUpdate - ok
23:34:05.0305 6160  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows

\system32\drivers\ndis.sys
23:34:05.0341 6160  NDIS - ok
23:34:05.0364 6160  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows

\system32\DRIVERS\ndiscap.sys
23:34:05.0393 6160  NdisCap - ok
23:34:05.0412 6160  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows

\system32\DRIVERS\ndistapi.sys
23:34:05.0440 6160  NdisTapi - ok
23:34:05.0460 6160  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows

\system32\DRIVERS\ndisuio.sys
23:34:05.0516 6160  Ndisuio - ok
23:34:05.0531 6160  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows

\system32\DRIVERS\ndiswan.sys
23:34:05.0609 6160  NdisWan - ok
23:34:05.0656 6160  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows

\system32\drivers\NDProxy.sys
23:34:05.0734 6160  NDProxy - ok
23:34:05.0781 6160  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows

\system32\HPZinw12.dll
23:34:05.0796 6160  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:34:05.0796 6160  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:34:05.0796 6160  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows

\system32\DRIVERS\netbios.sys
23:34:05.0874 6160  NetBIOS - ok
23:34:05.0921 6160  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows

\system32\DRIVERS\netbt.sys
23:34:05.0968 6160  NetBT - ok
23:34:05.0983 6160  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows

\system32\lsass.exe
23:34:05.0999 6160  Netlogon - ok
23:34:06.0030 6160  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows

\System32\netman.dll
23:34:06.0124 6160  Netman - ok
23:34:06.0186 6160  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows

\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:34:06.0202 6160  NetMsmqActivator - ok
23:34:06.0217 6160  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows

\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:34:06.0233 6160  NetPipeActivator - ok
23:34:06.0250 6160  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows

\System32\netprofm.dll
23:34:06.0337 6160  netprofm - ok
23:34:06.0438 6160  [ F3A1D8B7317939813568992D1BFDDE37 ] netr7364        C:\Windows

\system32\DRIVERS\netr7364.sys
23:34:06.0479 6160  netr7364 - ok
23:34:06.0486 6160  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows

\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:34:06.0494 6160  NetTcpActivator - ok
23:34:06.0498 6160  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows

\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:34:06.0506 6160  NetTcpPortSharing - ok
23:34:06.0549 6160  [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc          C:\Windows

\system32\DRIVERS\netvsc60.sys
23:34:06.0587 6160  netvsc - ok
23:34:06.0634 6160  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows

\system32\drivers\nfrd960.sys
23:34:06.0665 6160  nfrd960 - ok
23:34:06.0743 6160  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows

\System32\nlasvc.dll
23:34:06.0790 6160  NlaSvc - ok
23:34:06.0868 6160  [ 060DAF68493AD7ADF104413E5A62AFA8 ] NMIndexingService C:\Program Files 

(x86)\Common Files\Ahead\Lib\NMIndexingService.exe
23:34:06.0899 6160  NMIndexingService - ok
23:34:06.0915 6160  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows

\system32\drivers\Npfs.sys
23:34:06.0931 6160  Npfs - ok
23:34:06.0962 6160  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows

\system32\nsisvc.dll
23:34:07.0040 6160  nsi - ok
23:34:07.0055 6160  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows

\system32\drivers\nsiproxy.sys
23:34:07.0133 6160  nsiproxy - ok
23:34:07.0227 6160  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows

\system32\drivers\Ntfs.sys
23:34:07.0274 6160  Ntfs - ok
23:34:07.0289 6160  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows

\system32\drivers\Null.sys
23:34:07.0353 6160  Null - ok
23:34:07.0402 6160  [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub        C:\Windows

\system32\DRIVERS\nusb3hub.sys
23:34:07.0433 6160  nusb3hub - ok
23:34:07.0456 6160  [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc        C:\Windows

\system32\DRIVERS\nusb3xhc.sys
23:34:07.0526 6160  nusb3xhc - ok
23:34:07.0561 6160  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows

\system32\drivers\nvraid.sys
23:34:07.0561 6160  nvraid - ok
23:34:07.0592 6160  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows

\system32\drivers\nvstor.sys
23:34:07.0623 6160  nvstor - ok
23:34:07.0639 6160  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows

\system32\drivers\nv_agp.sys
23:34:07.0639 6160  nv_agp - ok
23:34:07.0655 6160  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows

\system32\drivers\ohci1394.sys
23:34:07.0701 6160  ohci1394 - ok
23:34:07.0811 6160  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files 

(x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:34:07.0842 6160  ose - ok
23:34:07.0935 6160  [ DAF5D6B1696D42140839CD557336EFC8 ] OXSDIDRV_x64    C:\Windows

\system32\DRIVERS\OXSDIDRV_x64.sys
23:34:07.0998 6160  OXSDIDRV_x64 - ok
23:34:08.0029 6160  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows

\system32\pnrpsvc.dll
23:34:08.0107 6160  p2pimsvc - ok
23:34:08.0138 6160  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows

\system32\p2psvc.dll
23:34:08.0154 6160  p2psvc - ok
23:34:08.0169 6160  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows

\system32\drivers\parport.sys
23:34:08.0201 6160  Parport - ok
23:34:08.0263 6160  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows

\system32\drivers\partmgr.sys
23:34:08.0279 6160  partmgr - ok
23:34:08.0362 6160  [ 9987ABA0E5DD0D46C95076B157B38C06 ] PassThru Service C:\Program Files 

(x86)\HTC\Internet Pass-Through\PassThruSvr.exe
23:34:08.0373 6160  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
23:34:08.0374 6160  PassThru Service - detected UnsignedFile.Multi.Generic (1)
23:34:08.0395 6160  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows

\System32\pcasvc.dll
23:34:08.0468 6160  PcaSvc - ok
23:34:08.0524 6160  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows

\system32\drivers\pci.sys
23:34:08.0545 6160  pci - ok
23:34:08.0564 6160  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows

\system32\drivers\pciide.sys
23:34:08.0566 6160  pciide - ok
23:34:08.0582 6160  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows

\system32\drivers\pcmcia.sys
23:34:08.0597 6160  pcmcia - ok
23:34:08.0613 6160  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows

\system32\drivers\pcw.sys
23:34:08.0613 6160  pcw - ok
23:34:08.0644 6160  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows

\system32\drivers\peauth.sys
23:34:08.0753 6160  PEAUTH - ok
23:34:08.0816 6160  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows

\system32\peerdistsvc.dll
23:34:08.0941 6160  PeerDistSvc - ok
23:34:09.0034 6160  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows

\SysWow64\perfhost.exe
23:34:09.0081 6160  PerfHost - ok
23:34:09.0175 6160  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows

\system32\pla.dll
23:34:09.0268 6160  pla - ok
23:34:09.0345 6160  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows

\system32\umpnpmgr.dll
23:34:09.0432 6160  PlugPlay - ok
23:34:09.0477 6160  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows

\system32\HPZipm12.dll
23:34:09.0515 6160  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:34:09.0515 6160  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:34:09.0543 6160  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows

\system32\pnrpauto.dll
23:34:09.0591 6160  PNRPAutoReg - ok
23:34:09.0669 6160  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows

\system32\pnrpsvc.dll
23:34:09.0685 6160  PNRPsvc - ok
23:34:09.0700 6160  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows

\System32\ipsecsvc.dll
23:34:09.0778 6160  PolicyAgent - ok
23:34:09.0810 6160  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows

\system32\umpo.dll
23:34:09.0888 6160  Power - ok
23:34:09.0919 6160  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows

\system32\DRIVERS\raspptp.sys
23:34:09.0981 6160  PptpMiniport - ok
23:34:10.0012 6160  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows

\system32\drivers\processr.sys
23:34:10.0059 6160  Processor - ok
23:34:10.0122 6160  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows

\system32\profsvc.dll
23:34:10.0215 6160  ProfSvc - ok
23:34:10.0215 6160  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows

\system32\lsass.exe
23:34:10.0231 6160  ProtectedStorage - ok
23:34:10.0262 6160  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows

\system32\DRIVERS\pacer.sys
23:34:10.0329 6160  Psched - ok
23:34:10.0392 6160  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\Windows

\system32\DRIVERS\psi_mf.sys
23:34:10.0424 6160  PSI - ok
23:34:10.0464 6160  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows

\system32\Drivers\PxHlpa64.sys
23:34:10.0512 6160  PxHlpa64 - ok
23:34:10.0581 6160  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows

\system32\drivers\ql2300.sys
23:34:10.0643 6160  ql2300 - ok
23:34:10.0659 6160  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows

\system32\drivers\ql40xx.sys
23:34:10.0659 6160  ql40xx - ok
23:34:10.0706 6160  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows

\system32\qwave.dll
23:34:10.0768 6160  QWAVE - ok
23:34:10.0784 6160  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows

\system32\drivers\qwavedrv.sys
23:34:10.0830 6160  QWAVEdrv - ok
23:34:10.0830 6160  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows

\system32\DRIVERS\rasacd.sys
23:34:10.0862 6160  RasAcd - ok
23:34:10.0893 6160  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows

\system32\DRIVERS\AgileVpn.sys
23:34:10.0940 6160  RasAgileVpn - ok
23:34:10.0955 6160  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows

\System32\rasauto.dll
23:34:11.0002 6160  RasAuto - ok
23:34:11.0033 6160  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows

\system32\DRIVERS\rasl2tp.sys
23:34:11.0080 6160  Rasl2tp - ok
23:34:11.0127 6160  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows

\System32\rasmans.dll
23:34:11.0205 6160  RasMan - ok
23:34:11.0205 6160  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows

\system32\DRIVERS\raspppoe.sys
23:34:11.0283 6160  RasPppoe - ok
23:34:11.0314 6160  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows

\system32\DRIVERS\rassstp.sys
23:34:11.0403 6160  RasSstp - ok
23:34:11.0434 6160  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows

\system32\DRIVERS\rdbss.sys
23:34:11.0468 6160  rdbss - ok
23:34:11.0477 6160  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows

\system32\DRIVERS\rdpbus.sys
23:34:11.0490 6160  rdpbus - ok
23:34:11.0517 6160  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows

\system32\DRIVERS\RDPCDD.sys
23:34:11.0545 6160  RDPCDD - ok
23:34:11.0576 6160  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows

\system32\drivers\rdpdr.sys
23:34:11.0601 6160  RDPDR - ok
23:34:11.0616 6160  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows

\system32\drivers\rdpencdd.sys
23:34:11.0682 6160  RDPENCDD - ok
23:34:11.0713 6160  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows

\system32\drivers\rdprefmp.sys
23:34:11.0744 6160  RDPREFMP - ok
23:34:11.0806 6160  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows

\system32\drivers\RDPWD.sys
23:34:11.0884 6160  RDPWD - ok
23:34:11.0900 6160  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows

\system32\drivers\rdyboost.sys
23:34:11.0916 6160  rdyboost - ok
23:34:11.0947 6160  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows

\System32\mprdim.dll
23:34:11.0994 6160  RemoteAccess - ok
23:34:12.0025 6160  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows

\system32\regsvc.dll
23:34:12.0103 6160  RemoteRegistry - ok
23:34:12.0150 6160  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows

\system32\DRIVERS\rfcomm.sys
23:34:12.0212 6160  RFCOMM - ok
23:34:12.0337 6160  [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files 

(x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
23:34:12.0408 6160  RoxMediaDB12OEM - ok
23:34:12.0438 6160  [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12      C:\Program Files 

(x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
23:34:12.0493 6160  RoxWatch12 - ok
23:34:12.0516 6160  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows

\System32\RpcEpMap.dll
23:34:12.0597 6160  RpcEptMapper - ok
23:34:12.0626 6160  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows

\system32\locator.exe
23:34:12.0689 6160  RpcLocator - ok
23:34:12.0720 6160  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows

\system32\rpcss.dll
23:34:12.0767 6160  RpcSs - ok
23:34:12.0798 6160  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows

\system32\DRIVERS\rspndr.sys
23:34:12.0814 6160  rspndr - ok
23:34:12.0860 6160  [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR       C:\Windows

\system32\Drivers\RtsUStor.sys
23:34:12.0907 6160  RSUSBSTOR - ok
23:34:12.0938 6160  [ A73ED14670220307874AD6BC2F279349 ] RTL8167         C:\Windows

\system32\DRIVERS\Rt64win7.sys
23:34:12.0985 6160  RTL8167 - ok
23:34:13.0016 6160  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows

\system32\drivers\vms3cap.sys
23:34:13.0063 6160  s3cap - ok
23:34:13.0094 6160  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows

\system32\lsass.exe
23:34:13.0094 6160  SamSs - ok
23:34:13.0110 6160  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows

\system32\drivers\sbp2port.sys
23:34:13.0126 6160  sbp2port - ok
23:34:13.0141 6160  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows

\System32\SCardSvr.dll
23:34:13.0219 6160  SCardSvr - ok
23:34:13.0250 6160  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows

\system32\DRIVERS\scfilter.sys
23:34:13.0647 6160  scfilter - ok
23:34:13.0710 6160  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows

\system32\schedsvc.dll
23:34:13.0834 6160  Schedule - ok
23:34:13.0881 6160  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows

\System32\certprop.dll
23:34:13.0928 6160  SCPolicySvc - ok
23:34:13.0944 6160  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows

\System32\SDRSVC.dll
23:34:13.0959 6160  SDRSVC - ok
23:34:13.0990 6160  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows

\system32\drivers\secdrv.sys
23:34:14.0068 6160  secdrv - ok
23:34:14.0100 6160  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows

\system32\seclogon.dll
23:34:14.0131 6160  seclogon - ok
23:34:14.0193 6160  [ 2D0599DD0124764FC939C59985C860DE ] Secunia PSI Agent C:\Program Files 

(x86)\Secunia\PSI\PSIA.exe
23:34:14.0271 6160  Secunia PSI Agent - ok
23:34:14.0271 6160  [ 20B9E1ADBC58958B480933E4DA005DFB ] Secunia Update Agent C:\Program Files 

(x86)\Secunia\PSI\sua.exe
23:34:14.0302 6160  Secunia Update Agent - ok
23:34:14.0334 6160  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows

\System32\sens.dll
23:34:14.0409 6160  SENS - ok
23:34:14.0436 6160  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows

\system32\sensrsvc.dll
23:34:14.0494 6160  SensrSvc - ok
23:34:14.0519 6160  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows

\system32\drivers\serenum.sys
23:34:14.0570 6160  Serenum - ok
23:34:14.0612 6160  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows

\system32\drivers\serial.sys
23:34:14.0655 6160  Serial - ok
23:34:14.0687 6160  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows

\system32\drivers\sermouse.sys
23:34:14.0749 6160  sermouse - ok
23:34:14.0796 6160  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows

\system32\sessenv.dll
23:34:14.0874 6160  SessionEnv - ok
23:34:14.0874 6160  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows

\system32\drivers\sffdisk.sys
23:34:14.0889 6160  sffdisk - ok
23:34:14.0889 6160  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows

\system32\drivers\sffp_mmc.sys
23:34:14.0905 6160  sffp_mmc - ok
23:34:14.0952 6160  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows

\system32\drivers\sffp_sd.sys
23:34:15.0014 6160  sffp_sd - ok
23:34:15.0014 6160  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows

\system32\drivers\sfloppy.sys
23:34:15.0030 6160  sfloppy - ok
23:34:15.0077 6160  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows

\System32\ipnathlp.dll
23:34:15.0170 6160  SharedAccess - ok
23:34:15.0201 6160  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows

\System32\shsvcs.dll
23:34:15.0248 6160  ShellHWDetection - ok
23:34:15.0264 6160  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows

\system32\drivers\SiSRaid2.sys
23:34:15.0264 6160  SiSRaid2 - ok
23:34:15.0279 6160  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows

\system32\drivers\sisraid4.sys
23:34:15.0295 6160  SiSRaid4 - ok
23:34:15.0382 6160  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files 

(x86)\Skype\Updater\Updater.exe
23:34:15.0397 6160  SkypeUpdate - ok
23:34:15.0428 6160  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows

\system32\DRIVERS\smb.sys
23:34:15.0458 6160  Smb - ok
23:34:15.0486 6160  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows

\System32\snmptrap.exe
23:34:15.0531 6160  SNMPTRAP - ok
23:34:15.0561 6160  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows

\system32\drivers\spldr.sys
23:34:15.0589 6160  spldr - ok
23:34:15.0677 6160  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows

\System32\spoolsv.exe
23:34:15.0724 6160  Spooler - ok
23:34:15.0802 6160  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows

\system32\sppsvc.exe
23:34:15.0958 6160  sppsvc - ok
23:34:15.0974 6160  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows

\system32\sppuinotify.dll
23:34:16.0005 6160  sppuinotify - ok
23:34:16.0036 6160  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows

\system32\DRIVERS\srv.sys
23:34:16.0114 6160  srv - ok
23:34:16.0145 6160  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows

\system32\DRIVERS\srv2.sys
23:34:16.0192 6160  srv2 - ok
23:34:16.0223 6160  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows

\system32\DRIVERS\srvnet.sys
23:34:16.0239 6160  srvnet - ok
23:34:16.0270 6160  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows

\System32\ssdpsrv.dll
23:34:16.0332 6160  SSDPSRV - ok
23:34:16.0332 6160  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows

\system32\sstpsvc.dll
23:34:16.0364 6160  SstpSvc - ok
23:34:16.0401 6160  [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn        C:\Windows

\system32\DRIVERS\stdcfltn.sys
23:34:16.0430 6160  stdcfltn - ok
23:34:16.0465 6160  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows

\system32\drivers\stexstor.sys
23:34:16.0475 6160  stexstor - ok
23:34:16.0508 6160  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows

\System32\wiaservc.dll
23:34:16.0562 6160  stisvc - ok
23:34:16.0616 6160  [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr        C:\Program Files 

(x86)\Common Files\SureThing Shared\stllssvr.exe
23:34:16.0642 6160  stllssvr - ok
23:34:16.0670 6160  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows

\system32\storsvc.dll
23:34:16.0732 6160  StorSvc - ok
23:34:16.0779 6160  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows

\system32\drivers\storvsc.sys
23:34:16.0795 6160  storvsc - ok
23:34:16.0810 6160  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows

\system32\DRIVERS\swenum.sys
23:34:16.0810 6160  swenum - ok
23:34:16.0826 6160  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows

\System32\swprv.dll
23:34:16.0873 6160  swprv - ok
23:34:16.0888 6160  [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid        C:\Windows

\system32\DRIVERS\VMBusVideoM.sys
23:34:16.0935 6160  SynthVid - ok
23:34:17.0029 6160  [ BCD5B4AB94DA436F083FCD0C636D00F3 ] SynTP           C:\Windows

\system32\DRIVERS\SynTP.sys
23:34:17.0075 6160  SynTP - ok
23:34:17.0107 6160  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows

\system32\sysmain.dll
23:34:17.0200 6160  SysMain - ok
23:34:17.0231 6160  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows

\System32\TabSvc.dll
23:34:17.0247 6160  TabletInputService - ok
23:34:17.0263 6160  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows

\System32\tapisrv.dll
23:34:17.0341 6160  TapiSrv - ok
23:34:17.0372 6160  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows

\System32\tbssvc.dll
23:34:17.0402 6160  TBS - ok
23:34:17.0497 6160  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows

\system32\drivers\tcpip.sys
23:34:17.0555 6160  Tcpip - ok
23:34:17.0598 6160  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows

\system32\DRIVERS\tcpip.sys
23:34:17.0631 6160  TCPIP6 - ok
23:34:17.0690 6160  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows

\system32\drivers\tcpipreg.sys
23:34:17.0721 6160  tcpipreg - ok
23:34:17.0736 6160  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows

\system32\drivers\tdpipe.sys
23:34:17.0814 6160  TDPIPE - ok
23:34:17.0877 6160  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows

\system32\drivers\tdtcp.sys
23:34:17.0908 6160  TDTCP - ok
23:34:17.0955 6160  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows

\system32\DRIVERS\tdx.sys
23:34:18.0002 6160  tdx - ok
23:34:18.0017 6160  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows

\system32\DRIVERS\termdd.sys
23:34:18.0017 6160  TermDD - ok
23:34:18.0048 6160  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows

\System32\termsrv.dll
23:34:18.0111 6160  TermService - ok
23:34:18.0142 6160  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows

\system32\themeservice.dll
23:34:18.0158 6160  Themes - ok
23:34:18.0173 6160  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows

\system32\mmcss.dll
23:34:18.0204 6160  THREADORDER - ok
23:34:18.0204 6160  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows

\System32\trkwks.dll
23:34:18.0267 6160  TrkWks - ok
23:34:18.0314 6160  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows

\servicing\TrustedInstaller.exe
23:34:18.0376 6160  TrustedInstaller - ok
23:34:18.0376 6160  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows

\system32\DRIVERS\tssecsrv.sys
23:34:18.0454 6160  tssecsrv - ok
23:34:18.0476 6160  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows

\system32\drivers\tsusbflt.sys
23:34:18.0504 6160  TsUsbFlt - ok
23:34:18.0529 6160  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows

\system32\drivers\TsUsbGD.sys
23:34:18.0540 6160  TsUsbGD - ok
23:34:18.0576 6160  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows

\system32\DRIVERS\tunnel.sys
23:34:18.0651 6160  tunnel - ok
23:34:18.0701 6160  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows

\system32\DRIVERS\TurboB.sys
23:34:18.0763 6160  TurboB - ok
23:34:18.0810 6160  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files

\Intel\TurboBoost\TurboBoost.exe
23:34:18.0826 6160  TurboBoost - ok
23:34:18.0857 6160  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows

\system32\drivers\uagp35.sys
23:34:18.0888 6160  uagp35 - ok
23:34:18.0904 6160  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows

\system32\DRIVERS\udfs.sys
23:34:18.0982 6160  udfs - ok
23:34:19.0028 6160  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows

\system32\UI0Detect.exe
23:34:19.0075 6160  UI0Detect - ok
23:34:19.0106 6160  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows

\system32\drivers\uliagpkx.sys
23:34:19.0138 6160  uliagpkx - ok
23:34:19.0138 6160  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows

\system32\DRIVERS\umbus.sys
23:34:19.0184 6160  umbus - ok
23:34:19.0184 6160  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows

\system32\drivers\umpass.sys
23:34:19.0200 6160  UmPass - ok
23:34:19.0247 6160  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows

\System32\umrdp.dll
23:34:19.0294 6160  UmRdpService - ok
23:34:19.0418 6160  [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS             C:\Program Files 

(x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:34:19.0517 6160  UNS - ok
23:34:19.0530 6160  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows

\System32\upnphost.dll
23:34:19.0595 6160  upnphost - ok
23:34:19.0654 6160  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\Windows

\system32\DRIVERS\usbccgp.sys
23:34:19.0720 6160  usbccgp - ok
23:34:19.0751 6160  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows

\system32\drivers\usbcir.sys
23:34:19.0798 6160  usbcir - ok
23:34:19.0814 6160  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows

\system32\drivers\usbehci.sys
23:34:19.0861 6160  usbehci - ok
23:34:19.0923 6160  [ 8B892002D7B79312821169A14317AB86 ] usbhub          C:\Windows

\system32\DRIVERS\usbhub.sys
23:34:19.0985 6160  usbhub - ok
23:34:20.0017 6160  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows

\system32\drivers\usbohci.sys
23:34:20.0063 6160  usbohci - ok
23:34:20.0110 6160  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows

\system32\DRIVERS\usbprint.sys
23:34:20.0173 6160  usbprint - ok
23:34:20.0266 6160  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows

\system32\DRIVERS\usbscan.sys
23:34:20.0297 6160  usbscan - ok
23:34:20.0313 6160  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows

\system32\DRIVERS\USBSTOR.SYS
23:34:20.0391 6160  USBSTOR - ok
23:34:20.0407 6160  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows

\system32\drivers\usbuhci.sys
23:34:20.0438 6160  usbuhci - ok
23:34:20.0505 6160  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows

\system32\Drivers\usbvideo.sys
23:34:20.0569 6160  usbvideo - ok
23:34:20.0603 6160  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows

\System32\uxsms.dll
23:34:20.0668 6160  UxSms - ok
23:34:20.0698 6160  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows

\system32\lsass.exe
23:34:20.0708 6160  VaultSvc - ok
23:34:20.0794 6160  [ 20BF96C13DB4BA085D98F4700F3B05FE ] vcsFPService    C:\Windows

\system32\vcsFPService.exe
23:34:20.0856 6160  vcsFPService - ok
23:34:20.0872 6160  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows

\system32\drivers\vdrvroot.sys
23:34:20.0887 6160  vdrvroot - ok
23:34:20.0903 6160  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows

\System32\vds.exe
23:34:20.0997 6160  vds - ok
23:34:21.0028 6160  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows

\system32\DRIVERS\vgapnp.sys
23:34:21.0043 6160  vga - ok
23:34:21.0059 6160  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows

\System32\drivers\vga.sys
23:34:21.0153 6160  VgaSave - ok
23:34:21.0184 6160  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows

\system32\drivers\vhdmp.sys
23:34:21.0199 6160  vhdmp - ok
23:34:21.0199 6160  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows

\system32\drivers\viaide.sys
23:34:21.0199 6160  viaide - ok
23:34:21.0246 6160  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows

\system32\drivers\VMBusHID.sys
23:34:21.0293 6160  VMBusHID - ok
23:34:21.0324 6160  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows

\system32\drivers\volmgr.sys
23:34:21.0355 6160  volmgr - ok
23:34:21.0371 6160  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows

\system32\drivers\volmgrx.sys
23:34:21.0387 6160  volmgrx - ok
23:34:21.0449 6160  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows

\system32\drivers\volsnap.sys
23:34:21.0470 6160  volsnap - ok
23:34:21.0497 6160  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows

\system32\drivers\vsmraid.sys
23:34:21.0508 6160  vsmraid - ok
23:34:21.0550 6160  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows

\system32\vssvc.exe
23:34:21.0654 6160  VSS - ok
23:34:21.0679 6160  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows

\system32\DRIVERS\vwifibus.sys
23:34:21.0731 6160  vwifibus - ok
23:34:21.0765 6160  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows

\system32\DRIVERS\vwififlt.sys
23:34:21.0827 6160  vwififlt - ok
23:34:21.0874 6160  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows

\system32\DRIVERS\vwifimp.sys
23:34:21.0952 6160  vwifimp - ok
23:34:21.0983 6160  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows

\system32\w32time.dll
23:34:22.0061 6160  W32Time - ok
23:34:22.0061 6160  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows

\system32\drivers\wacompen.sys
23:34:22.0093 6160  WacomPen - ok
23:34:22.0139 6160  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows

\system32\DRIVERS\wanarp.sys
23:34:22.0217 6160  WANARP - ok
23:34:22.0217 6160  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows

\system32\DRIVERS\wanarp.sys
23:34:22.0233 6160  Wanarpv6 - ok
23:34:22.0311 6160  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows

\system32\wbengine.exe
23:34:22.0373 6160  wbengine - ok
23:34:22.0389 6160  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows

\System32\wbiosrvc.dll
23:34:22.0405 6160  WbioSrvc - ok
23:34:22.0436 6160  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows

\System32\wcncsvc.dll
23:34:22.0497 6160  wcncsvc - ok
23:34:22.0521 6160  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows

\System32\WcsPlugInService.dll
23:34:22.0585 6160  WcsPlugInService - ok
23:34:22.0601 6160  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows

\system32\drivers\wd.sys
23:34:22.0611 6160  Wd - ok
23:34:22.0698 6160  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows

\system32\drivers\Wdf01000.sys
23:34:22.0730 6160  Wdf01000 - ok
23:34:22.0741 6160  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows

\system32\wdi.dll
23:34:22.0866 6160  WdiServiceHost - ok
23:34:22.0881 6160  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows

\system32\wdi.dll
23:34:22.0897 6160  WdiSystemHost - ok
23:34:22.0913 6160  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows

\System32\webclnt.dll
23:34:22.0975 6160  WebClient - ok
23:34:22.0991 6160  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows

\system32\wecsvc.dll
23:34:23.0037 6160  Wecsvc - ok
23:34:23.0069 6160  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows

\System32\wercplsupport.dll
23:34:23.0131 6160  wercplsupport - ok
23:34:23.0178 6160  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows

\System32\WerSvc.dll
23:34:23.0225 6160  WerSvc - ok
23:34:23.0240 6160  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows

\system32\DRIVERS\wfplwf.sys
23:34:23.0271 6160  WfpLwf - ok
23:34:23.0287 6160  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows

\system32\drivers\wimmount.sys
23:34:23.0287 6160  WIMMount - ok
23:34:23.0303 6160  WinDefend - ok
23:34:23.0318 6160  WinHttpAutoProxySvc - ok
23:34:23.0365 6160  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows

\system32\wbem\WMIsvc.dll
23:34:23.0427 6160  Winmgmt - ok
23:34:23.0474 6160  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows

\system32\WsmSvc.dll
23:34:23.0572 6160  WinRM - ok
23:34:23.0610 6160  [ FE88B288356E7B47B74B13372ADD906D ] WinUSB          C:\Windows

\system32\DRIVERS\WinUSB.sys
23:34:23.0661 6160  WinUSB - ok
23:34:23.0684 6160  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows

\System32\wlansvc.dll
23:34:23.0745 6160  Wlansvc - ok
23:34:23.0811 6160  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files

\Windows Live\Mesh\wlcrasvc.exe
23:34:23.0842 6160  wlcrasvc - ok
23:34:23.0967 6160  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files

\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:34:24.0013 6160  wlidsvc - ok
23:34:24.0045 6160  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows

\system32\DRIVERS\wmiacpi.sys
23:34:24.0107 6160  WmiAcpi - ok
23:34:24.0154 6160  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows

\system32\wbem\WmiApSrv.exe
23:34:24.0185 6160  wmiApSrv - ok
23:34:24.0216 6160  WMPNetworkSvc - ok
23:34:24.0247 6160  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows

\System32\wpcsvc.dll
23:34:24.0279 6160  WPCSvc - ok
23:34:24.0294 6160  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows

\system32\wpdbusenum.dll
23:34:24.0310 6160  WPDBusEnum - ok
23:34:24.0325 6160  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows

\system32\drivers\ws2ifsl.sys
23:34:24.0341 6160  ws2ifsl - ok
23:34:24.0357 6160  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows

\System32\wscsvc.dll
23:34:24.0419 6160  wscsvc - ok
23:34:24.0466 6160  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows

\system32\DRIVERS\WSDPrint.sys
23:34:24.0513 6160  WSDPrintDevice - ok
23:34:24.0575 6160  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows

\system32\DRIVERS\WSDScan.sys
23:34:24.0606 6160  WSDScan - ok
23:34:24.0622 6160  WSearch - ok
23:34:24.0747 6160  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows

\system32\wuaueng.dll
23:34:24.0825 6160  wuauserv - ok
23:34:24.0887 6160  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows

\system32\drivers\WudfPf.sys
23:34:24.0965 6160  WudfPf - ok
23:34:25.0012 6160  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows

\system32\DRIVERS\WUDFRd.sys
23:34:25.0074 6160  WUDFRd - ok
23:34:25.0121 6160  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows

\System32\WUDFSvc.dll
23:34:25.0152 6160  wudfsvc - ok
23:34:25.0183 6160  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows

\System32\wwansvc.dll
23:34:25.0261 6160  WwanSvc - ok
23:34:25.0324 6160  ================ Scan global ===============================
23:34:25.0355 6160  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:34:25.0433 6160  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
23:34:25.0449 6160  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
23:34:25.0464 6160  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:34:25.0480 6160  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:34:25.0495 6160  [Global] - ok
23:34:25.0495 6160  ================ Scan MBR ==================================
23:34:25.0495 6160  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:34:25.0840 6160  \Device\Harddisk0\DR0 - ok
23:34:26.0168 6160  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
23:34:26.0293 6160  \Device\Harddisk1\DR1 - ok
23:34:26.0293 6160  ================ Scan VBR ==================================
23:34:26.0324 6160  [ 2138501B28259826A55D66BFB8E7DA6E ] \Device\Harddisk0\DR0\Partition1
23:34:26.0340 6160  \Device\Harddisk0\DR0\Partition1 - ok
23:34:26.0355 6160  [ E4A3D06F99E279D0E8B6D7A4FDCBC53D ] \Device\Harddisk0\DR0\Partition2
23:34:26.0355 6160  \Device\Harddisk0\DR0\Partition2 - ok
23:34:26.0386 6160  [ 1FE9AD2C9FAF0B103E9111E53D3B150B ] \Device\Harddisk1\DR1\Partition1
23:34:26.0386 6160  \Device\Harddisk1\DR1\Partition1 - ok
23:34:26.0386 6160  ============================================================
23:34:26.0386 6160  Scan finished
23:34:26.0386 6160  ============================================================
23:34:26.0418 7084  Detected object count: 7
23:34:26.0418 7084  Actual detected object count: 7
23:36:37.0804 7084  Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - skipped by 

user
23:36:37.0804 7084  Atheros Bt&Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - User select 

action: Skip 
23:36:37.0804 7084  DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
23:36:37.0804 7084  DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:36:37.0804 7084  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
23:36:37.0804 7084  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select 

action: Skip 
23:36:37.0804 7084  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
23:36:37.0804 7084  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:36:37.0804 7084  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:36:37.0804 7084  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:36:37.0804 7084  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:36:37.0804 7084  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:36:37.0804 7084  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:36:37.0804 7084  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
LG

Alt 07.02.2013, 00:30   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java Viren seit Java Deinstallation - Standard

Java Viren seit Java Deinstallation



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.02.2013, 12:09   #9
Gizmo_
 
Java Viren seit Java Deinstallation - Standard

Java Viren seit Java Deinstallation



oje, irgendwas stimmt nicht hab combofix durchlaufrn lassen. Avira hatte ich gedacht komplett deaktiviert zu haben, aber es kamen währenddessen Fehlermeldungen von avira, dass der registry blocked worden wäre... Am Ende hat cf nen Neustart durchgeführt und seit Windows wieser hocjgefahren ist öffnet und schließt sich sich im milisekundentakt die cf-console was soll ich tun?
In einer Stunde muss ich aus dem Haus, was soll ich mit dem Laptop machen??

Alt 07.02.2013, 12:53   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java Viren seit Java Deinstallation - Standard

Java Viren seit Java Deinstallation



Warte noch etwas ab
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.02.2013, 12:59   #11
Gizmo_
 
Java Viren seit Java Deinstallation - Standard

Java Viren seit Java Deinstallation



Kann ich den Laptop an lassen, solange ich aus dem Haus bin? Komme in 2 1/2h wieder...

Alt 07.02.2013, 13:02   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java Viren seit Java Deinstallation - Standard

Java Viren seit Java Deinstallation



Ja, dann lass ihn einfach an
Sorge aber dafür, dass niemand da rangeht und draufrum tippert!!!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.02.2013, 16:12   #13
Gizmo_
 
Java Viren seit Java Deinstallation - Standard

Java Viren seit Java Deinstallation



Combofix öffnet und schließt sich immer noch das ist nicht normal, oder?

Alt 07.02.2013, 16:14   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Java Viren seit Java Deinstallation - Standard

Java Viren seit Java Deinstallation



Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.02.2013, 16:21   #15
Gizmo_
 
Java Viren seit Java Deinstallation - Standard

Java Viren seit Java Deinstallation



Nach dem Neustart hat es wieder angefangen sich zu öffnen und zu schließen. Kann ich den Prozess irgendwie stoppen? Oder soll ich es radikal über die Systemsteuerung versuchen, das Programm zu deinstallieren? Wenn.sich n.neues Fenster von cf öffnet,kann ich währenddessen halt.nichts anderes drücken.
(bei den Programmen in der Systemsteuerung ist es nicht zu finden), soll ich die .exe vom Desktop löschen?

Antwort

Themen zu Java Viren seit Java Deinstallation
antivir, autorun, avira, bho, clipgrab, dell computer, desktop, error, excel, failed, firefox, flash player, format, igdpmd64.sys, install.exe, internet, javavirus, logfile, panda usb vaccine, plug-in, realtek, registry, rundll, scan, secunia psi, security, server, software, svchost.exe, usb, viren, windows, wscript.exe, zeitlupe




Ähnliche Themen: Java Viren seit Java Deinstallation


  1. Win Vista seit GVU-Trojaner-Angriff infiziert mit JAVA-Viren + Exploit EXP in Laufwerk C:\
    Log-Analyse und Auswertung - 28.08.2013 (15)
  2. Virenfund EXP/JAVA.Ternub.Gen, entfernt nach Deinstallation von Java?
    Log-Analyse und Auswertung - 22.07.2013 (13)
  3. Java-Virus (JAVA/Lamar.RI ; JAVA/Jogek.WK usw.)
    Log-Analyse und Auswertung - 18.06.2013 (12)
  4. Avira meldet JAVA/Agent-Viren sowie EXP/Dldr.Java.O und EXP/2012-4681.AD
    Plagegeister aller Art und deren Bekämpfung - 11.06.2013 (8)
  5. Nach Verschlüsselungstrojaner viele Virenfunde (JAVA/Jogek.CT; rus JAVA/Agent.MH; JAVA/Dldr.Pesur.BH; W32/Idele.2219; VBS/Fluenza.B; u.a...
    Log-Analyse und Auswertung - 28.01.2013 (1)
  6. BSI empfiehlt Deinstallation von Java
    Nachrichten - 11.01.2013 (0)
  7. GVU Trojaner seit dem 31.12.2012 und Java Viren
    Plagegeister aller Art und deren Bekämpfung - 10.01.2013 (13)
  8. JAVA/Dermit.EM, JAVA/Dldr.Lamar.FW, JAVA/Dldr.Themo.F.2, TR/Spy.ZBot.dynb und noch mehr
    Plagegeister aller Art und deren Bekämpfung - 30.11.2012 (22)
  9. Anhaltendes Virenproblem: JAVA/Agent.MN, TR/Spy.ZBot.gfbr.1, EXP/Dldr.Java.D-G, JAVA/Dldr.Rilly.A
    Plagegeister aller Art und deren Bekämpfung - 09.11.2012 (25)
  10. Java-Virus JAVA/Dldr.Dermit.C, JAVA/Dldr.Kara.AB.1, JAVA/Dldr.Karame.AI
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (1)
  11. AVSCAN hat mehrere Java-Viren JAVA/Agent.M* und Exploits EXP/CVE-2011-3544 gefunden
    Log-Analyse und Auswertung - 15.10.2012 (24)
  12. Mehrere Funde! EXP/JAVA.Ternub.Gen - JAVA/Dldr.Small.CI - JAVA/Dldr.OpenC.A - EXP/08-5353.AI.5.A
    Plagegeister aller Art und deren Bekämpfung - 08.08.2012 (29)
  13. #Java/Dldr.OpenS.P # Js/Dldr.Expack.N.2 --- Viren oder doch nur Java Dateien ?
    Log-Analyse und Auswertung - 25.04.2012 (9)
  14. Internet langsam (Java-Virus JAVA/ClassLoader.AV und Java-Virus JAVA/Exdoer.O)
    Log-Analyse und Auswertung - 01.03.2012 (1)
  15. Massig Viren: JS/Agent.DZ, JAVA/Exdoer.UW, JAVA/Agent.10515
    Plagegeister aller Art und deren Bekämpfung - 04.04.2011 (4)
  16. Brauche Hilfe zur Deinstallation von Java RE nach fehlgeschlagenem Sicherheitsupdate
    Alles rund um Windows - 18.04.2010 (0)
  17. Deinstallation Opera und Java Web
    Antiviren-, Firewall- und andere Schutzprogramme - 26.06.2003 (16)

Zum Thema Java Viren seit Java Deinstallation - Hallo liebes TB-Team, habe gestern im Internet gelesen, dass Java erhebliche Sicherheitsmängel aufweist und daraufhin Java von meinem Laptop deinstalliert. Danach war mein Laptop sehr langsam. Fenster, die ich geöffnet - Java Viren seit Java Deinstallation...
Archiv
Du betrachtest: Java Viren seit Java Deinstallation auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.