Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista

C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista


Log-Analyse und Auswertung: C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 1 von 2 1 2
Alt 27.03.2013, 12:37   #1
theres
 
C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista - Standard

C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista


Hallo!
Ich habe folgendes Problem. Zufällig und mehr aus Interesse habe ich mir in den letzten Tagen "Malwarebytes Anti Malware" heruntergeladen um zu schauen ob mein Laptop infiziert ist. Bis dato hatte ich keine Auffälligkeiten oder offensichtliche Probleme damit.
Nach dem Scan wurde mir angezeigt, dass 2 Registrierungsschlüssel und 1 Datei infiziert sind. Nach dem Entfernen/Quarantäne stecken und dem Herunterfahren und Neustarten des PCs besitze ich nur mehr das klassische Windows-Design anstatt der Vista-Version. Weiters ist mir aufgefallen, dass ich seit dem nur mehr ServicePack 1 besitze. Jetzt hab ich mir wieder SP2 geholt aber das Designproblem hab ich noch.
Wie kann ich meinen PC wieder bereinigen? Jetzt weiß ich leider nicht mehr weiter und bitte darum euch um Hilfe! Vielen Danke im Voraus!


Logfiles Malwarebytes
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2012.12.14.11

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
Theres :: THERES-PC [Administrator]

21.03.2013 10:13:12
MBAM-log-2013-03-21 (10-24-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 215295
Laufzeit: 9 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PDRV (Worm.KoobFace) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\PDRV (Worm.KoobFace) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\System32\drivers\PDRV.sys (Worm.KoobFace) -> Keine Aktion durchgeführt.

(Ende)
Logfiles "OTL" (es ist mir nur ein Logfile ausgegeben worden?!)
Code:
ATTFilter
OTL logfile created on: 27.03.2013 11:57:27 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Theres\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 67,70% Memory free
6,19 Gb Paging File | 5,26 Gb Available in Paging File | 84,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,77 Gb Total Space | 137,98 Gb Free Space | 61,38% Space Free | Partition Type: NTFS
 
Computer Name: THERES-PC | User Name: Theres | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Theres\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Users\Theres\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Stickies\stickies.exe (Zhorn Software)
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Users\Theres\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Users\Theres\AppData\Local\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\27b0a88bfa56a9390f516b0fa55f3dcb\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49431ce6d568de0bafdb1b25d3942723\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll ()
MOD - C:\Programme\Stickies\shook70.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3020.36958__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3020.36966__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3020.36925__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3020.36980__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3020.37156__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3020.37121__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3020.37076__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3020.36945__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3020.37184__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3020.37129__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3020.37190__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3020.37135__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3020.36939__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3020.37128__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3020.37085__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3020.36992__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3020.36947__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3020.37148__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3020.36985__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3020.37100__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3020.37084__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3020.36997__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3020.37100__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3020.37078__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3020.37114__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3020.36998__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3020.37077__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3020.37084__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3020.37114__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3020.37169_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3020.36952__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3020.37169__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3020.37176__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3020.37175__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3020.37200__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3020.37210__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3020.36917__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3020.36918__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3020.36932__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3020.37176__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3020.36918__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3020.36916__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3020.36917__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (0252211232277384mcinstcleanup) -- C:\Users\Theres\AppData\Local\Temp\025221~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (NSUService) -- C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VCFw) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Programme\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Programme\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Programme\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (igfx) -- system32\DRIVERS\igdkmd32.sys File not found
DRV - (PDRV) -- C:\Windows\System32\drivers\PDRV.sys (Your Corporation)
DRV - (usbkey) -- C:\Windows\System32\drivers\Usbkey.sys ()
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (NBSPortDriver) -- C:\Windows\System32\drivers\NBSPortDriver.sys (Neurobehavioral Systems (www.neurobs.com))
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (NBSREG) -- C:\Windows\System32\drivers\nbsreg.sys (Neurobehavioral Systems)
DRV - (DLPortIO) -- C:\Windows\System32\drivers\DLPORTIO.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\..\URLSearchHook: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Programme\WhiteSmoke_US_New\prxtbWhi0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6C46687A-47DF-4C56-9E42-77258AB738EB}
IE - HKLM\..\SearchScopes\{6C46687A-47DF-4C56-9E42-77258AB738EB}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.sonystyle-europe.comht [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3244149
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Programme\WhiteSmoke_US_New\prxtbWhi0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6C46687A-47DF-4C56-9E42-77258AB738EB}
IE - HKCU\..\SearchScopes\{6C46687A-47DF-4C56-9E42-77258AB738EB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=Pu69Z5OlUsetKQ_wdVjPH3B9MqM?q={searchTerms}
IE - HKCU\..\SearchScopes\{8832180A-C76B-4537-98B0-7AA474E99BA8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10263&src=crm&q={searchTerms}&locale=de_AT&apn_ptnrs=^AGU&apn_dtid=^YYYYYY^YY^AT&apn_uid=26221291-3d97-4a53-a077-9ed9d3fd099f&apn_sauid=28DEE4EC-0D20-485B-84DF-F2E0AF4B6597
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Theres\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.22 15:40:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Theres\Program Files\DNA
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.22 15:40:29 | 000,000,000 | ---D | M]
 
[2012.10.20 09:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (WhiteSmoke US New Toolbar) - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Programme\WhiteSmoke_US_New\prxtbWhi0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Programme\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (WhiteSmoke US New Toolbar) - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Programme\WhiteSmoke_US_New\prxtbWhi0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programme\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com)
O3 - HKCU\..\Toolbar\WebBrowser: (WhiteSmoke US New Toolbar) - {462BE121-2B54-4218-BF00-B9BF8135B23F} - C:\Programme\WhiteSmoke_US_New\prxtbWhi0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] C:\Users\Theres\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Theres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Theres\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Theres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Programme\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Theres\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FF9E66F-9D0A-408E-8B29-31348A9B2ED0}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Axonic\click.to\skype4com.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Theres\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Theres\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0593eec5-5120-11df-a5d4-edde15192eed}\Shell\AutoRun\command - "" = VIRTUAL_OPTICIAN.exe
O33 - MountPoints2\{1cb5dd25-d665-11dd-a71a-001dba835f2f}\Shell - "" = AutoRun
O33 - MountPoints2\{1cb5dd25-d665-11dd-a71a-001dba835f2f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{58b26ff3-f704-11de-a679-8931fa7e32b5}\Shell - "" = AutoRun
O33 - MountPoints2\{58b26ff3-f704-11de-a679-8931fa7e32b5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{58b26ff7-f704-11de-a679-8931fa7e32b5}\Shell - "" = AutoRun
O33 - MountPoints2\{58b26ff7-f704-11de-a679-8931fa7e32b5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{9d85f9fe-739d-11de-8ba7-9a0aec029cb3}\Shell\AutoRun\command - "" = G:\VIRTUAL_OPTICIAN.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.27 10:37:47 | 000,045,628 | ---- | C] (Your Corporation) -- C:\Windows\System32\drivers\PDRV.sys
[2013.03.26 15:47:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2013.03.26 15:47:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2013.03.26 15:47:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2013.03.26 15:36:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013.03.21 19:11:50 | 000,000,000 | ---D | C] -- C:\Logfiles_Version3
[2013.03.21 11:12:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.21 10:49:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013.03.21 10:12:44 | 000,000,000 | ---D | C] -- C:\Users\Theres\AppData\Roaming\Malwarebytes
[2013.03.21 10:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.21 10:12:16 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.21 10:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.19 21:51:31 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\Bücher
[2013.03.19 16:14:04 | 000,000,000 | ---D | C] -- C:\Users\Theres\AppData\Local\click.to
[2013.03.19 16:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\click.to
[2013.03.19 16:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Axonic
[2013.03.18 19:06:41 | 000,000,000 | ---D | C] -- C:\Users\Theres\AppData\Roaming\Audacity
[2013.03.18 18:10:10 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\3.Version
[2013.03.13 14:17:04 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\Auswertung_Vortest
[2013.03.12 18:51:25 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\2.Version
[2013.03.08 10:01:47 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\USB
[2013.02.27 21:46:00 | 000,000,000 | ---D | C] -- C:\Users\Theres\AppData\Roaming\XMedia Recode
[2013.02.27 21:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2013.02.27 21:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\XMedia Recode
[2013.02.27 14:22:58 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\DA_Presention
[2013.02.27 14:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NBS
[2013.02.27 12:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013.02.27 12:34:41 | 000,176,128 | ---- | C] (KEYLOK) -- C:\Windows\System32\NWKL2_32.DLL
[2013.02.27 12:34:41 | 000,163,840 | ---- | C] (KEYLOK) -- C:\Windows\System32\KL2DLL32.DLL
[2013.02.27 12:32:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Presentation Packages
[2013.02.27 12:26:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2013.02.25 16:13:04 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\Geschl
[2013.02.25 13:45:32 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\Entwicklung u Beratung Landerl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.27 11:53:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.27 11:51:05 | 000,679,088 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.27 11:51:05 | 000,636,966 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.27 11:51:05 | 000,147,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.27 11:51:05 | 000,119,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.27 11:49:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.27 11:46:57 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2013.03.27 11:46:42 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.27 11:46:42 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.27 11:46:40 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.27 11:46:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.27 11:45:39 | 3218,116,608 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.27 10:37:47 | 000,045,628 | ---- | M] (Your Corporation) -- C:\Windows\System32\drivers\PDRV.sys
[2013.03.26 15:52:47 | 000,391,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.26 15:44:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013.03.26 10:53:58 | 000,094,364 | ---- | M] () -- C:\Users\Theres\Desktop\549908_222244381251964_487270598_n.jpg
[2013.03.26 10:52:26 | 000,146,271 | ---- | M] () -- C:\Users\Theres\Desktop\197099_222690207874048_178572494_n.jpg
[2013.03.21 10:12:19 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.19 16:13:58 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\click.to.lnk
[2013.03.17 18:54:03 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.03.01 20:36:35 | 000,006,529 | ---- | M] () -- C:\survey_84648_SPSS_data_file (2).dat
[2013.03.01 20:16:51 | 000,012,516 | ---- | M] () -- C:\Users\Theres\Desktop\ub-diplomandenstatus.pdf
[2013.02.28 22:04:33 | 000,096,695 | ---- | M] () -- C:\Users\Theres\Desktop\WIEN_TEAP_ÖBB.pdf
[2013.02.28 19:52:26 | 000,000,602 | ---- | M] () -- C:\Users\Theres\Documents\survey_84648_SPSS_data_file (1).dat
[2013.02.27 12:34:55 | 000,003,802 | ---- | M] () -- C:\kl2log.htm
[2013.02.27 12:34:41 | 000,176,128 | ---- | M] (KEYLOK) -- C:\Windows\System32\NWKL2_32.DLL
[2013.02.27 12:34:41 | 000,163,840 | ---- | M] (KEYLOK) -- C:\Windows\System32\KL2DLL32.DLL
[2013.02.27 12:34:41 | 000,041,176 | ---- | M] () -- C:\Windows\System32\drivers\Usbkey.sys
[2013.02.27 12:34:41 | 000,024,136 | ---- | M] () -- C:\Windows\System32\ppmon.exe
[2013.02.27 12:34:41 | 000,012,480 | ---- | M] () -- C:\Windows\System32\KL2N.DLL
[2013.02.27 12:34:41 | 000,007,440 | ---- | M] () -- C:\Windows\System32\ppmon.dll
[2013.02.27 09:27:55 | 002,547,613 | ---- | M] () -- C:\Users\Theres\Desktop\Arbeiten mit LimeSurvey.pdf
[2013.02.25 14:52:09 | 002,722,594 | ---- | M] () -- C:\Users\Theres\Desktop\interrail.pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.26 15:44:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013.03.26 15:16:52 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2013.03.26 15:16:51 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2013.03.26 15:16:27 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2013.03.26 15:16:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013.03.26 15:16:24 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2013.03.26 15:14:22 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013.03.26 15:13:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013.03.26 15:13:21 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2013.03.26 15:13:20 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2013.03.26 15:13:16 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2013.03.26 10:53:57 | 000,094,364 | ---- | C] () -- C:\Users\Theres\Desktop\549908_222244381251964_487270598_n.jpg
[2013.03.26 10:52:25 | 000,146,271 | ---- | C] () -- C:\Users\Theres\Desktop\197099_222690207874048_178572494_n.jpg
[2013.03.21 10:48:39 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2013.03.21 10:12:19 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.19 16:13:58 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\click.to.lnk
[2013.03.01 20:39:52 | 000,006,529 | ---- | C] () -- C:\survey_84648_SPSS_data_file (2).dat
[2013.03.01 20:16:50 | 000,012,516 | ---- | C] () -- C:\Users\Theres\Desktop\ub-diplomandenstatus.pdf
[2013.02.28 22:04:33 | 000,096,695 | ---- | C] () -- C:\Users\Theres\Desktop\WIEN_TEAP_ÖBB.pdf
[2013.02.28 19:55:27 | 000,000,602 | ---- | C] () -- C:\Users\Theres\Documents\survey_84648_SPSS_data_file (1).dat
[2013.02.27 12:34:54 | 000,041,176 | ---- | C] () -- C:\Windows\System32\drivers\Usbkey.sys
[2013.02.27 12:34:41 | 000,024,136 | ---- | C] () -- C:\Windows\System32\ppmon.exe
[2013.02.27 12:34:41 | 000,012,480 | ---- | C] () -- C:\Windows\System32\KL2N.DLL
[2013.02.27 12:34:41 | 000,007,440 | ---- | C] () -- C:\Windows\System32\ppmon.dll
[2013.02.27 12:34:41 | 000,003,802 | ---- | C] () -- C:\kl2log.htm
[2013.02.27 10:40:20 | 000,002,318 | ---- | C] () -- C:\Users\Theres\Desktop\sound.exp
[2013.02.27 10:40:19 | 000,004,714 | ---- | C] () -- C:\Users\Theres\Desktop\sound.pcl
[2013.02.27 10:40:19 | 000,002,771 | ---- | C] () -- C:\Users\Theres\Desktop\sound.sce
[2013.02.27 09:27:53 | 002,547,613 | ---- | C] () -- C:\Users\Theres\Desktop\Arbeiten mit LimeSurvey.pdf
[2013.02.25 14:52:05 | 002,722,594 | ---- | C] () -- C:\Users\Theres\Desktop\interrail.pdf
[2012.11.04 21:17:24 | 000,002,575 | ---- | C] () -- C:\Program Files\Presentation 0.71 09.24.03.lnk
[2012.11.04 21:16:40 | 000,002,635 | ---- | C] () -- C:\ProgramData\Presentation 0.71 09.24.03.lnk
[2012.10.11 21:02:09 | 000,361,895 | ---- | C] () -- C:\Users\Theres\KIN-214.pdf
[2012.10.08 10:23:14 | 000,163,328 | ---- | C] () -- C:\Windows\System32\OpenPresentationFiles.exe
[2011.11.30 13:26:48 | 000,129,904 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.10.11 14:00:36 | 000,025,773 | ---- | C] () -- C:\Users\Theres\AppData\Roaming\UserTile.png
[2011.08.31 21:33:50 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.01.18 16:11:17 | 001,064,549 | ---- | C] () -- C:\Users\Theres\haut diät.pdf
[2009.10.12 17:04:39 | 000,333,727 | ---- | C] () -- C:\Users\Theres\bilf.JPG
[2008.12.30 18:15:47 | 000,066,048 | ---- | C] () -- C:\Users\Theres\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.30 13:37:12 | 000,002,032 | ---- | C] () -- C:\Users\Theres\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2009.05.29 07:55:55 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1234123350-1742015166-1920242133-1003\$IR43SBU.N
[2009.05.29 07:55:21 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1234123350-1742015166-1920242133-1003\$RR43SBU.N
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.01.01 20:24:41 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\3DataManager
[2010.05.21 21:09:11 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\ASCON Installer
[2013.03.21 19:36:28 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\Audacity
[2009.12.23 00:07:11 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\BitTorrent
[2012.07.28 18:31:31 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\DirektFotoSystem3
[2009.05.16 22:34:52 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\DNA
[2013.03.27 11:49:18 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\Dropbox
[2010.08.24 15:59:11 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.28 17:56:28 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\Freemium
[2010.12.22 11:38:50 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\ICAClient
[2009.03.18 13:52:26 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\IDX Imagecast iPACS Viewer
[2010.05.20 08:21:29 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\Image Zone Express
[2009.02.28 16:26:38 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\InterVideo
[2011.09.06 12:19:02 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\Jens Lorek
[2009.12.19 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\Lernkartei
[2010.08.19 08:22:32 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\Peace Craft
[2011.10.11 14:00:36 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\PeerNetworking
[2012.06.15 18:55:58 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\Philipp Winterberg
[2010.05.20 08:21:28 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\Printer Info Cache
[2010.09.15 10:45:05 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\Samsung
[2012.04.17 21:35:25 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\ScaleTrans
[2013.03.26 16:01:14 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\stickies
[2012.10.29 15:11:49 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\Swiss Academic Software
[2010.11.03 14:49:51 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\TubeBox
[2009.01.31 21:50:44 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\uTorrent
[2011.09.07 19:14:11 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\WindSolutions
[2013.02.27 21:46:00 | 000,000,000 | ---D | M] -- C:\Users\Theres\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >
Einen Scan mit GMER habe ich auch durchgeführt, jedoch hat sich der mitten drinnen aufgehängt und ich hab meinen PC neustarten müssen?!

Alt 28.03.2013, 15:06   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista - Standard

C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista


Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________

__________________
Alt 01.04.2013, 10:05   #3
theres
 
C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista - Standard

C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista


Danke schon mal für deine Unterstützung!! Hier die OTL Logfiles..

Code:
ATTFilter
OTL logfile created on: 01.04.2013 10:13:02 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Theres\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 34,55% Memory free
6,19 Gb Paging File | 4,25 Gb Available in Paging File | 68,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,77 Gb Total Space | 134,88 Gb Free Space | 60,01% Space Free | Partition Type: NTFS
Drive G: | 7,44 Gb Total Space | 0,36 Gb Free Space | 4,86% Space Free | Partition Type: FAT32
 
Computer Name: THERES-PC | User Name: Theres | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Theres\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Theres\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Stickies\stickies.exe (Zhorn Software)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Users\Theres\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Users\Theres\AppData\Local\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\27b0a88bfa56a9390f516b0fa55f3dcb\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49431ce6d568de0bafdb1b25d3942723\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll ()
MOD - C:\Programme\Google\Chrome\Application\26.0.1410.43\ppgooglenaclpluginchrome.dll ()
MOD - C:\Programme\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll ()
MOD - C:\Programme\Google\Chrome\Application\26.0.1410.43\pdf.dll ()
MOD - C:\Programme\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll ()
MOD - C:\Programme\Stickies\shook70.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3020.36958__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3020.36966__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3020.36925__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3020.36980__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3020.37156__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3020.37121__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3020.37076__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3020.36945__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3020.37184__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3020.37129__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3020.37190__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3020.37135__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3020.36939__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3020.37128__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3020.37085__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3020.36992__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3020.36947__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3020.37148__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3020.36985__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3020.37100__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3020.37084__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3020.36997__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3020.37100__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3020.37078__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3020.37114__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3020.36998__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3020.37077__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3020.37084__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3020.37114__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3020.37169_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3020.36952__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3020.37169__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3020.37176__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3020.37175__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3020.37200__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3020.37210__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3020.36917__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3020.36918__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3020.36932__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3020.37176__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3020.36918__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3020.36916__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3020.36917__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Programme\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV - (0252211232277384mcinstcleanup) -- C:\Users\Theres\AppData\Local\Temp\025221~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (NSUService) -- C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VCFw) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Programme\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Programme\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Programme\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (igfx) -- system32\DRIVERS\igdkmd32.sys File not found
DRV - (PDRV) -- C:\Windows\System32\drivers\PDRV.sys (Your Corporation)
DRV - (usbkey) -- C:\Windows\System32\drivers\Usbkey.sys ()
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (NBSPortDriver) -- C:\Windows\System32\drivers\NBSPortDriver.sys (Neurobehavioral Systems (www.neurobs.com))
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (NBSREG) -- C:\Windows\System32\drivers\nbsreg.sys (Neurobehavioral Systems)
DRV - (DLPortIO) -- C:\Windows\System32\drivers\DLPORTIO.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\..\URLSearchHook: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Programme\WhiteSmoke_US_New\prxtbWhi0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6C46687A-47DF-4C56-9E42-77258AB738EB}
IE - HKLM\..\SearchScopes\{6C46687A-47DF-4C56-9E42-77258AB738EB}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.sonystyle-europe.comht [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3244149
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\..\URLSearchHook: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Programme\WhiteSmoke_US_New\prxtbWhi0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\..\SearchScopes,DefaultScope = {6C46687A-47DF-4C56-9E42-77258AB738EB}
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\..\SearchScopes\{6C46687A-47DF-4C56-9E42-77258AB738EB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=Pu69Z5OlUsetKQ_wdVjPH3B9MqM?q={searchTerms}
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\..\SearchScopes\{8832180A-C76B-4537-98B0-7AA474E99BA8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10263&src=crm&q={searchTerms}&locale=de_AT&apn_ptnrs=^AGU&apn_dtid=^YYYYYY^YY^AT&apn_uid=26221291-3d97-4a53-a077-9ed9d3fd099f&apn_sauid=28DEE4EC-0D20-485B-84DF-F2E0AF4B6597
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3244149
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Theres\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.22 16:40:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Theres\Program Files\DNA
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.22 16:40:29 | 000,000,000 | ---D | M]
 
[2012.10.20 10:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (WhiteSmoke US New Toolbar) - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Programme\WhiteSmoke_US_New\prxtbWhi0.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Programme\Softonic\Softonic\1.6.7.4\bh\Softonic.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (WhiteSmoke US New Toolbar) - {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Programme\WhiteSmoke_US_New\prxtbWhi0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programme\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll (Softonic.com)
O3 - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\..\Toolbar\WebBrowser: (WhiteSmoke US New Toolbar) - {462BE121-2B54-4218-BF00-B9BF8135B23F} - C:\Programme\WhiteSmoke_US_New\prxtbWhi0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] C:\Users\Theres\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Theres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Theres\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Theres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Programme\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Theres\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FF9E66F-9D0A-408E-8B29-31348A9B2ED0}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Axonic\click.to\skype4com.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Theres\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Theres\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0593eec5-5120-11df-a5d4-edde15192eed}\Shell\AutoRun\command - "" = VIRTUAL_OPTICIAN.exe
O33 - MountPoints2\{1cb5dd25-d665-11dd-a71a-001dba835f2f}\Shell - "" = AutoRun
O33 - MountPoints2\{1cb5dd25-d665-11dd-a71a-001dba835f2f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{58b26ff3-f704-11de-a679-8931fa7e32b5}\Shell - "" = AutoRun
O33 - MountPoints2\{58b26ff3-f704-11de-a679-8931fa7e32b5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{58b26ff7-f704-11de-a679-8931fa7e32b5}\Shell - "" = AutoRun
O33 - MountPoints2\{58b26ff7-f704-11de-a679-8931fa7e32b5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{9d85f9fe-739d-11de-8ba7-9a0aec029cb3}\Shell\AutoRun\command - "" = G:\VIRTUAL_OPTICIAN.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.28 20:15:57 | 000,000,000 | ---D | C] -- C:\Version_4
[2013.03.27 11:37:47 | 000,045,628 | ---- | C] (Your Corporation) -- C:\Windows\System32\drivers\PDRV.sys
[2013.03.27 11:32:07 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013.03.27 11:32:07 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013.03.27 11:31:22 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013.03.27 11:31:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013.03.26 16:47:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2013.03.26 16:47:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2013.03.26 16:47:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2013.03.26 16:36:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013.03.26 16:18:31 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2013.03.26 16:18:17 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2013.03.26 16:17:02 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2013.03.26 16:17:01 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2013.03.26 16:17:01 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2013.03.26 16:17:01 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2013.03.26 16:17:01 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2013.03.26 16:17:00 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2013.03.26 16:17:00 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2013.03.26 16:17:00 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2013.03.26 16:17:00 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2013.03.26 16:17:00 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2013.03.26 16:17:00 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2013.03.26 16:17:00 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2013.03.26 16:17:00 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2013.03.26 16:16:59 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2013.03.26 16:16:59 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2013.03.26 16:16:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2013.03.26 16:16:56 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2013.03.26 16:16:56 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2013.03.26 16:16:55 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2013.03.26 16:16:55 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2013.03.26 16:16:55 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2013.03.26 16:16:55 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2013.03.26 16:16:55 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2013.03.26 16:16:55 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2013.03.26 16:16:55 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2013.03.26 16:16:55 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013.03.26 16:16:55 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2013.03.26 16:16:55 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2013.03.26 16:16:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2013.03.26 16:16:55 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2013.03.26 16:16:55 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2013.03.26 16:16:54 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2013.03.26 16:16:54 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2013.03.26 16:16:54 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2013.03.26 16:16:54 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2013.03.26 16:16:54 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2013.03.26 16:16:54 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2013.03.26 16:16:53 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2013.03.26 16:16:53 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2013.03.26 16:16:53 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2013.03.26 16:16:53 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2013.03.26 16:16:52 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2013.03.26 16:16:52 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2013.03.26 16:16:52 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2013.03.26 16:16:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2013.03.26 16:16:52 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2013.03.26 16:16:52 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2013.03.26 16:16:52 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2013.03.26 16:16:51 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2013.03.26 16:16:51 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2013.03.26 16:16:51 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013.03.26 16:16:51 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2013.03.26 16:16:51 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2013.03.26 16:16:51 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2013.03.26 16:16:51 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2013.03.26 16:16:51 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2013.03.26 16:16:51 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2013.03.26 16:16:51 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2013.03.26 16:16:51 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2013.03.26 16:16:50 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2013.03.26 16:16:50 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2013.03.26 16:16:50 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2013.03.26 16:16:50 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2013.03.26 16:16:50 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2013.03.26 16:16:50 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2013.03.26 16:16:50 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013.03.26 16:16:50 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2013.03.26 16:16:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2013.03.26 16:16:49 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013.03.26 16:16:49 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2013.03.26 16:16:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2013.03.26 16:16:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2013.03.26 16:16:48 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2013.03.26 16:16:48 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2013.03.26 16:16:44 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2013.03.26 16:16:28 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2013.03.26 16:16:28 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2013.03.26 16:16:27 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2013.03.26 16:16:27 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2013.03.26 16:16:27 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2013.03.26 16:16:27 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2013.03.26 16:16:27 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2013.03.26 16:16:26 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013.03.26 16:16:26 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2013.03.26 16:16:26 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2013.03.26 16:16:26 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2013.03.26 16:16:26 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2013.03.26 16:16:26 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2013.03.26 16:16:26 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2013.03.26 16:16:25 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2013.03.26 16:16:25 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2013.03.26 16:16:25 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2013.03.26 16:16:25 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2013.03.26 16:16:25 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2013.03.26 16:16:25 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2013.03.26 16:16:25 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2013.03.26 16:16:24 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2013.03.26 16:16:24 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2013.03.26 16:16:24 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2013.03.26 16:16:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2013.03.26 16:16:24 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2013.03.26 16:16:24 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2013.03.26 16:16:24 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2013.03.26 16:16:24 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2013.03.26 16:16:24 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2013.03.26 16:16:24 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2013.03.26 16:16:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2013.03.26 16:16:23 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2013.03.26 16:16:23 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2013.03.26 16:16:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2013.03.26 16:16:23 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2013.03.26 16:16:23 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2013.03.26 16:16:23 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2013.03.26 16:16:23 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2013.03.26 16:16:23 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2013.03.26 16:16:23 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013.03.26 16:16:23 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2013.03.26 16:16:22 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2013.03.26 16:16:22 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2013.03.26 16:16:22 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2013.03.26 16:16:22 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2013.03.26 16:16:22 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2013.03.26 16:16:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2013.03.26 16:16:22 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2013.03.26 16:16:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2013.03.26 16:16:22 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2013.03.26 16:16:22 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2013.03.26 16:16:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2013.03.26 16:16:22 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2013.03.26 16:16:21 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2013.03.26 16:16:21 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2013.03.26 16:16:20 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2013.03.26 16:16:20 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2013.03.26 16:16:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2013.03.26 16:16:19 | 001,696,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013.03.26 16:16:18 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.03.26 16:16:18 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2013.03.26 16:16:18 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2013.03.26 16:16:18 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2013.03.26 16:16:18 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013.03.26 16:16:18 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2013.03.26 16:16:18 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2013.03.26 16:16:18 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2013.03.26 16:16:18 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2013.03.26 16:16:18 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.03.26 16:16:18 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2013.03.26 16:16:17 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2013.03.26 16:16:17 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2013.03.26 16:16:17 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2013.03.26 16:16:16 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2013.03.26 16:16:16 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2013.03.26 16:16:16 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2013.03.26 16:16:16 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2013.03.26 16:16:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2013.03.26 16:16:15 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2013.03.26 16:16:15 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2013.03.26 16:16:15 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2013.03.26 16:16:15 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2013.03.26 16:16:15 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2013.03.26 16:16:15 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2013.03.26 16:16:15 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2013.03.26 16:16:15 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2013.03.26 16:16:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2013.03.26 16:16:14 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2013.03.26 16:16:14 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2013.03.26 16:16:14 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2013.03.26 16:16:14 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2013.03.26 16:16:14 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013.03.26 16:16:14 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2013.03.26 16:16:14 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2013.03.26 16:16:14 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2013.03.26 16:16:14 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2013.03.26 16:16:14 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2013.03.26 16:16:14 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.03.26 16:16:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2013.03.26 16:16:13 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2013.03.26 16:16:13 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2013.03.26 16:16:13 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2013.03.26 16:16:13 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2013.03.26 16:16:13 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2013.03.26 16:16:13 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2013.03.26 16:16:13 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2013.03.26 16:16:13 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2013.03.26 16:16:13 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2013.03.26 16:16:13 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2013.03.26 16:16:12 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2013.03.26 16:16:12 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2013.03.26 16:16:12 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.03.26 16:16:12 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2013.03.26 16:16:12 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2013.03.26 16:16:12 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2013.03.26 16:16:12 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2013.03.26 16:16:12 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2013.03.26 16:16:12 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2013.03.26 16:16:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2013.03.26 16:16:11 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2013.03.26 16:16:11 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2013.03.26 16:16:11 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2013.03.26 16:16:11 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2013.03.26 16:16:10 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2013.03.26 16:16:09 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2013.03.26 16:16:09 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2013.03.26 16:16:07 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2013.03.26 16:16:06 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2013.03.26 16:16:06 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2013.03.26 16:16:06 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2013.03.26 16:16:06 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2013.03.26 16:16:06 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.03.26 16:16:06 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2013.03.26 16:16:06 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2013.03.26 16:16:05 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2013.03.26 16:16:04 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2013.03.26 16:16:04 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2013.03.26 16:16:03 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2013.03.26 16:16:02 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2013.03.26 16:16:02 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2013.03.26 16:16:02 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2013.03.26 16:16:02 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2013.03.26 16:16:02 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2013.03.26 16:16:02 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2013.03.26 16:16:02 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2013.03.26 16:16:02 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2013.03.26 16:16:02 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2013.03.26 16:16:02 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2013.03.26 16:16:02 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2013.03.26 16:16:02 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2013.03.26 16:16:02 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2013.03.26 16:16:02 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2013.03.26 16:16:02 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2013.03.26 16:16:02 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2013.03.26 16:16:02 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2013.03.26 16:16:02 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2013.03.26 16:16:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2013.03.26 16:16:02 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2013.03.26 16:16:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2013.03.26 16:16:02 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2013.03.26 16:16:02 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2013.03.26 16:16:02 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2013.03.26 16:16:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2013.03.26 16:16:01 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2013.03.26 16:16:01 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2013.03.26 16:16:01 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2013.03.26 16:16:01 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2013.03.26 16:16:01 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2013.03.26 16:16:01 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2013.03.26 16:16:01 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2013.03.26 16:16:01 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2013.03.26 16:16:01 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2013.03.26 16:16:01 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2013.03.26 16:16:01 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2013.03.26 16:16:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2013.03.26 16:16:01 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2013.03.26 16:16:00 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2013.03.26 16:15:59 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2013.03.26 16:15:59 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2013.03.26 16:15:59 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2013.03.26 16:15:59 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2013.03.26 16:15:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2013.03.26 16:15:58 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2013.03.26 16:15:58 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2013.03.26 16:15:58 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2013.03.26 16:15:58 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2013.03.26 16:15:58 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2013.03.26 16:15:58 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2013.03.26 16:15:58 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2013.03.26 16:15:58 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2013.03.26 16:15:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2013.03.26 16:15:58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2013.03.26 16:15:58 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2013.03.26 16:15:57 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2013.03.26 16:15:57 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2013.03.26 16:15:56 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2013.03.26 16:15:54 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2013.03.26 16:15:52 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2013.03.26 16:15:52 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2013.03.26 16:15:52 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2013.03.26 16:15:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2013.03.26 16:15:52 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2013.03.26 16:15:51 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2013.03.26 16:15:51 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2013.03.26 16:15:50 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2013.03.26 16:15:50 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2013.03.26 16:15:48 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2013.03.26 16:15:48 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2013.03.26 16:15:48 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2013.03.26 16:15:48 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2013.03.26 16:15:48 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2013.03.26 16:15:48 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2013.03.26 16:15:47 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2013.03.26 16:15:47 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2013.03.26 16:15:47 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2013.03.26 16:15:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2013.03.26 16:15:35 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2013.03.26 16:15:30 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2013.03.26 16:15:20 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2013.03.26 16:15:19 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2013.03.26 16:15:18 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2013.03.26 16:15:17 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2013.03.26 16:15:12 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.03.26 16:14:38 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2013.03.26 16:14:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2013.03.26 16:14:10 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2013.03.26 16:13:49 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2013.03.26 16:13:48 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2013.03.26 16:13:48 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2013.03.26 16:13:37 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2013.03.26 16:13:36 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2013.03.26 16:13:36 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2013.03.26 16:13:36 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2013.03.26 16:13:32 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2013.03.26 16:13:32 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2013.03.26 16:13:32 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013.03.26 16:13:31 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2013.03.26 16:13:31 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2013.03.26 16:13:31 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2013.03.26 16:13:31 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2013.03.26 16:13:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2013.03.26 16:13:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2013.03.26 16:13:30 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2013.03.26 16:13:30 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2013.03.26 16:13:30 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2013.03.26 16:13:30 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2013.03.26 16:13:30 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2013.03.26 16:13:30 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2013.03.26 16:13:30 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2013.03.26 16:13:30 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2013.03.26 16:13:30 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2013.03.26 16:13:30 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2013.03.26 16:13:30 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2013.03.26 16:13:29 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2013.03.26 16:13:29 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2013.03.26 16:13:29 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2013.03.26 16:13:28 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2013.03.26 16:13:28 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2013.03.26 16:13:28 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2013.03.26 16:13:28 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDPrPxy.dll
[2013.03.26 16:13:28 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2013.03.26 16:13:27 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2013.03.26 16:13:27 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2013.03.26 16:13:27 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2013.03.26 16:13:27 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2013.03.26 16:13:26 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2013.03.26 16:13:26 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.03.26 16:13:26 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2013.03.26 16:13:25 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2013.03.26 16:13:24 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2013.03.26 16:13:24 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2013.03.26 16:13:24 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2013.03.26 16:13:24 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2013.03.26 16:13:23 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2013.03.26 16:13:23 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2013.03.26 16:13:21 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2013.03.26 16:13:21 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2013.03.26 16:13:21 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2013.03.26 16:13:21 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2013.03.26 16:13:21 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2013.03.26 16:13:21 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2013.03.26 16:13:21 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013.03.26 16:13:21 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2013.03.26 16:13:21 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2013.03.26 16:13:21 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2013.03.26 16:13:21 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2013.03.26 16:13:20 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2013.03.26 16:13:20 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2013.03.26 16:13:20 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2013.03.26 16:13:20 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2013.03.26 16:13:20 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2013.03.26 16:13:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2013.03.26 16:13:20 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2013.03.26 16:13:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2013.03.26 16:13:20 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2013.03.26 16:13:19 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2013.03.26 16:13:19 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2013.03.26 16:13:19 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2013.03.26 16:13:19 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2013.03.26 16:13:19 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2013.03.26 16:13:19 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2013.03.26 16:13:19 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2013.03.26 16:13:19 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2013.03.26 16:13:17 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2013.03.26 16:13:17 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2013.03.26 16:13:17 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2013.03.26 16:13:17 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2013.03.26 16:13:17 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2013.03.26 16:13:17 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.26 16:13:16 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2013.03.26 16:13:15 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2013.03.26 16:13:15 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2013.03.26 16:13:15 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2013.03.26 16:13:15 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2013.03.26 16:13:14 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2013.03.26 16:13:14 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2013.03.21 20:11:50 | 000,000,000 | ---D | C] -- C:\Logfiles_Version3
[2013.03.21 12:12:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.21 11:49:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013.03.21 11:12:44 | 000,000,000 | ---D | C] -- C:\Users\Theres\AppData\Roaming\Malwarebytes
[2013.03.21 11:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.21 11:12:16 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.21 11:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.19 22:51:31 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\Bücher
[2013.03.19 17:14:04 | 000,000,000 | ---D | C] -- C:\Users\Theres\AppData\Local\click.to
[2013.03.19 17:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\click.to
[2013.03.19 17:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Axonic
[2013.03.18 20:06:41 | 000,000,000 | ---D | C] -- C:\Users\Theres\AppData\Roaming\Audacity
[2013.03.18 19:10:10 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\3.Version
[2013.03.13 15:17:04 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\Auswertung_Vortest
[2013.03.12 19:51:25 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\2.Version
[2013.03.08 11:01:47 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\USB
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.01 10:09:19 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.01 10:03:02 | 000,000,952 | ---- | M] () -- C:\Users\Theres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.01 10:02:42 | 000,000,922 | ---- | M] () -- C:\Users\Theres\Desktop\Dropbox.lnk
[2013.04.01 10:00:34 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.01 10:00:29 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.01 09:57:23 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.01 09:56:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.01 09:56:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 09:56:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.28 14:58:18 | 000,005,709 | ---- | M] () -- C:\sound_auswertung.m
[2013.03.28 10:32:42 | 000,679,088 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.28 10:32:42 | 000,636,966 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.28 10:32:42 | 000,147,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.28 10:32:42 | 000,119,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.28 10:27:26 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2013.03.28 10:26:39 | 3216,031,744 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.27 11:37:47 | 000,045,628 | ---- | M] (Your Corporation) -- C:\Windows\System32\drivers\PDRV.sys
[2013.03.26 16:52:47 | 000,391,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.03.26 16:44:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013.03.26 11:53:58 | 000,094,364 | ---- | M] () -- C:\Users\Theres\Desktop\549908_222244381251964_487270598_n.jpg
[2013.03.26 11:52:26 | 000,146,271 | ---- | M] () -- C:\Users\Theres\Desktop\197099_222690207874048_178572494_n.jpg
[2013.03.21 11:12:19 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.19 17:13:58 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\click.to.lnk
[2013.03.13 12:53:33 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 12:53:33 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.06 13:22:30 | 000,005,909 | ---- | M] () -- C:\read_logfile.m
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.28 22:27:38 | 000,005,909 | ---- | C] () -- C:\read_logfile.m
[2013.03.28 22:27:38 | 000,005,709 | ---- | C] () -- C:\sound_auswertung.m
[2013.03.26 16:44:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013.03.26 16:16:52 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2013.03.26 16:16:51 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2013.03.26 16:16:27 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2013.03.26 16:16:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013.03.26 16:16:24 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2013.03.26 16:14:22 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013.03.26 16:13:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013.03.26 16:13:21 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2013.03.26 16:13:20 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2013.03.26 16:13:16 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2013.03.26 11:53:57 | 000,094,364 | ---- | C] () -- C:\Users\Theres\Desktop\549908_222244381251964_487270598_n.jpg
[2013.03.26 11:52:25 | 000,146,271 | ---- | C] () -- C:\Users\Theres\Desktop\197099_222690207874048_178572494_n.jpg
[2013.03.21 11:48:39 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2013.03.21 11:12:19 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.19 17:13:58 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\click.to.lnk
[2013.02.27 13:34:54 | 000,041,176 | ---- | C] () -- C:\Windows\System32\drivers\Usbkey.sys
[2013.02.27 13:34:41 | 000,024,136 | ---- | C] () -- C:\Windows\System32\ppmon.exe
[2013.02.27 13:34:41 | 000,012,480 | ---- | C] () -- C:\Windows\System32\KL2N.DLL
[2013.02.27 13:34:41 | 000,007,440 | ---- | C] () -- C:\Windows\System32\ppmon.dll
[2012.11.04 22:17:24 | 000,002,575 | ---- | C] () -- C:\Program Files\Presentation 0.71 09.24.03.lnk
[2012.11.04 22:16:40 | 000,002,635 | ---- | C] () -- C:\ProgramData\Presentation 0.71 09.24.03.lnk
[2012.10.11 22:02:09 | 000,361,895 | ---- | C] () -- C:\Users\Theres\KIN-214.pdf
[2012.10.08 11:23:14 | 000,163,328 | ---- | C] () -- C:\Windows\System32\OpenPresentationFiles.exe
[2011.11.30 14:26:48 | 000,129,904 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.10.11 15:00:36 | 000,025,773 | ---- | C] () -- C:\Users\Theres\AppData\Roaming\UserTile.png
[2011.08.31 22:33:50 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.01.18 17:11:17 | 001,064,549 | ---- | C] () -- C:\Users\Theres\haut diät.pdf
[2009.10.12 18:04:39 | 000,333,727 | ---- | C] () -- C:\Users\Theres\bilf.JPG
[2008.12.30 19:15:47 | 000,066,048 | ---- | C] () -- C:\Users\Theres\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.30 14:37:12 | 000,002,032 | ---- | C] () -- C:\Users\Theres\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2009.05.29 08:55:55 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1234123350-1742015166-1920242133-1003\$IR43SBU.N
[2009.05.29 08:55:21 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1234123350-1742015166-1920242133-1003\$RR43SBU.N
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 18:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
__________________
Alt 01.04.2013, 10:06   #4
theres
 
C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista - Standard

C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista


Code:
ATTFilter
OTL Extras logfile created on: 01.04.2013 10:13:02 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Theres\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 34,55% Memory free
6,19 Gb Paging File | 4,25 Gb Available in Paging File | 68,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,77 Gb Total Space | 134,88 Gb Free Space | 60,01% Space Free | Partition Type: NTFS
Drive G: | 7,44 Gb Total Space | 0,36 Gb Free Space | 4,86% Space Free | Partition Type: FAT32
 
Computer Name: THERES-PC | User Name: Theres | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1234123350-1742015166-1920242133-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [BIPA FotoShop] -- "C:\Program Files\BIPA\BIPA FotoShop\BIPA FotoShop.exe" "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\BIPA\BIPA FotoShop\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1299789A-C5AA-4BF9-8EA3-763D36B77514}" = lport=139 | protocol=6 | dir=in | app=system | 
"{17F8A144-9AF7-403D-BB8B-8BC5E64E46D6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{20F74D13-2119-462B-9B26-FA58444D730D}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{2E54C539-075E-4F0D-B704-B3EF11266EF1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{323AF5BF-280A-4E9F-9D2E-52F4966E0F6D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7E682CF6-D077-4EE5-A6A3-FD39D1713ECD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B0F66CA7-1C73-477A-8ED4-88936892008B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B331613C-9B4B-4C8C-A736-C83FA25FB17D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B39F45CF-B2B5-4E3B-8B68-A715CAF26E11}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C681F28B-346D-4722-93F5-8EE874B0EF86}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DA7FF96A-ABC6-49AB-BD6C-53B8C8C4000A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EAD48191-F733-4CA2-BF0E-F159591C0C95}" = lport=445 | protocol=6 | dir=in | app=system | 
"{EC52C57F-506E-488B-9D98-A37BB73F0BB4}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033879CF-8B9A-40DD-9440-CFE21202F292}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{08916985-71CB-4A97-A8BE-EDC6899E2970}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{0A5E62F3-D4AC-4955-9819-A6E1E426A262}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\sohds.exe | 
"{0DF143EE-1051-4EBB-AC48-71A1A29F116C}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{0F32488A-ABFA-472C-812A-9CCAB2BE3182}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{16192954-C4A5-44B0-A1EC-71740FA6C6E1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1BD9A27F-EEB8-4071-BA55-AE438CCA306A}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{25C3C462-2D08-4D88-930C-2FFEA0038601}" = dir=in | app=f:\setup\hpznui01.exe | 
"{2981A9A5-E2BA-49C3-B703-A8CDDBA105F3}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{30188473-2844-4208-8C0C-A19E53F4CA9B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{3557944B-5B78-432C-9E5A-EEA8B5C8E369}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\sohcimp.exe | 
"{3663614C-874A-4143-BCB1-7BCA808B9900}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{37446B58-DA40-48C5-A41E-6720CF9DD58C}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe | 
"{3AE4430B-8D85-41E6-AF18-F25FEBDA2F6C}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{3FE44383-3BC2-43FB-AE5A-8390E0D9F0DC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{4439D7FA-73CE-4999-A719-98101672700C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{4955F22B-F571-4E52-AF82-B472BC63A758}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{5AFD4B23-1E59-4247-AE27-ADFCC0A87625}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{6E44D15E-B402-48C0-94ED-C037E810AC9D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6FC325D2-9B28-4B2A-B014-C72E30716858}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\sohdms.exe | 
"{73FC46AF-320B-47BE-A524-8F89785417DB}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\sohds.exe | 
"{76BFDB99-369D-4285-B34F-9EB94ABF1737}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{7A0ED2DD-D433-4389-A295-AFEE009BBC82}" = protocol=17 | dir=in | app=c:\users\theres\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7E70A1A9-5871-4267-AF13-4C3A61ACA14C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8491EBD7-BBE0-42A1-B454-137E3F0C96D5}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{84DB4B50-FB52-40AD-B0F7-FB295B7E5589}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{88482B36-4842-4B3D-B747-1485B0709AFA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{8CDA1223-0531-4AD8-967A-10E9067E8596}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8F01D5BA-A3F0-4D55-A2AD-98761005EFDE}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe | 
"{970105FF-3171-4B84-B0F8-D7113FCE3D60}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{A106B706-2FA9-4701-A9FC-98F5D36E82B8}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{A3B3DD64-355A-4192-BA23-275FB01E126D}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\sohdms.exe | 
"{A3CA26B3-FEF1-422C-A007-C926E8863352}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B1583992-1EA0-4283-8480-71E3B8D46F6C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{B4B6B58C-694B-4685-99B2-69E8B799E575}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{B7851038-E8C7-47E5-AE61-6F0DB16844E2}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{C994D5B4-883E-479C-8236-7BAF0EE25B33}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{D171E9F4-0117-49F5-BE8E-D37C8245822B}" = protocol=6 | dir=in | app=c:\users\theres\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D4AB05BD-01C0-4E1D-AB51-957704747AE1}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\sohcimp.exe | 
"{D4D9ED92-6304-4F83-BF10-70D9FC54A4BD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D83E3256-419C-429A-A21E-EE465D85BB7C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{DDEF33DA-58C3-47C8-B4B8-5859A058A5FD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{E5F801C1-2BDB-4AEC-AF12-612184BAD345}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{E856235D-CDEE-4785-9797-0092840D7C02}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{4AE0FBE5-756E-4954-BA4F-17AD078473D4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{09729F08-811C-42DA-9144-80FB0AE67F7F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{06F4E770-E63C-6619-A4BD-BA172E0AF143}" = CCC Help Korean
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08B785C1-3893-4154-B53B-F5D341D0AAAA}" = Cisco Systems VPN Client 5.0.06.0110
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B3935EA-0186-5B0B-88CB-DDBA93A95376}" = CCC Help Spanish
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix Online Plug-in (Web)
"{0BE45907-E708-995C-F327-49A11924E2B8}" = Catalyst Control Center Localization Portuguese
"{0D6C3F46-15B5-706E-D162-579F89D7A818}" = Skins
"{0ED4E0C1-2EF1-EE6E-F578-5C1407A3D047}" = ATI Catalyst Install Manager
"{0EEF7052-BE05-E623-2299-9AFE0F2B0CAE}" = Catalyst Control Center Graphics Full Existing
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F6939E1-6994-FBA0-34D6-C4CCC2B2DBD3}" = Catalyst Control Center Localization Korean
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{181AC4C7-B83C-4B5F-B566-E19BF2472429}" = HP Photosmart Premium C309g-m All-In-One Driver Software 13.0 Rel .6
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EDF22AA-2762-92FF-9A97-91A8504A1EB8}" = Catalyst Control Center Localization Greek
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{251769A5-1684-4289-9C01-EE963998A0A8}" = Presentation 16.3 10.07.12
"{2630832F-5E46-9746-5FC8-295C9B1AADA3}" = Catalyst Control Center Localization Chinese Traditional
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F0D8535-0F13-41FC-A227-101CD316CAB2}" = CCC Help Japanese
"{30D2B06E-12D1-70C3-4AE7-9942BD0736B0}" = Catalyst Control Center Core Implementation
"{314CE545-FF73-1AF2-AB7F-0B3C6F84C139}" = Catalyst Control Center Localization Danish
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide
"{35CCD624-A020-0EBE-3B04-1BE4D47A38E1}" = Catalyst Control Center Localization Czech
"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{425F56BE-2966-22A6-2123-FD4B5AC334D6}" = Catalyst Control Center Localization Thai
"{42AE4A8D-9941-5890-7D89-BA7563CD6C7B}" = CCC Help Finnish
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{49A75034-EE1D-9BD8-B33B-15E4DFA100C8}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4BCC3567-1875-C15C-9C12-818E27B6698D}" = Catalyst Control Center Graphics Full New
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{4F338231-AE58-7B54-963D-0C47A88ACC4D}" = ccc-core-static
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{53DBA3E6-8839-CEEE-C72A-91C8A19E3D92}" = CCC Help German
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix Online Plug-in (USB)
"{563CD8DC-4BE3-0DE2-18FC-3FA201BEE33D}" = Catalyst Control Center Localization Hungarian
"{57664BF2-4684-E828-4D29-66FC0343AD8A}" = Catalyst Control Center Localization Chinese Standard
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = 
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5E16077B-1373-5D40-2EC6-13A3885DE3D4}" = Catalyst Control Center Graphics Previews Common
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{5F5DD0C0-3F2A-8830-6FDB-105EDFD6B438}" = CCC Help Polish
"{6009F2FC-EC56-4e28-B91C-0BA5104D6419}" = SF_CDA_Software
"{601F42A9-8B4F-4650-A472-4CA8325E3E87}" = D6100
"{62CA24D9-F575-352C-F21C-EE45B183B9F8}" = CCC Help Czech
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64DF88D9-D30D-69F9-58EF-36ED63C7988D}" = Catalyst Control Center Localization Swedish
"{66E164AC-632D-D5A1-95D0-279191FDCDF5}" = Catalyst Control Center Localization Spanish
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6A905A05-964C-4F03-9A96-D34167807EC0}" = PS_AIO_06_C309g-m_SW_Min
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6EFAB4DC-730A-328F-15B3-16749C52507D}" = Catalyst Control Center Localization Finnish
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{706439E9-105B-B5FA-DF2C-A8E1CFE5CFD5}" = Catalyst Control Center Localization Japanese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714B6179-84C4-4FBE-B934-B6CF75ED37A5}" = D6100_D7100_D7300_Help
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76503EAD-A5A3-47BB-999A-CAD7C745D4A5}" = Presentation 0.71 09.24.03
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A27AAF5-1FD6-48B4-95C4-7354A1C35455}" = C309g-m
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix Online Plug-in (HDX)
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{87EBA91F-4366-246A-5231-C3DBAEE6E857}" = CCC Help Norwegian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A9ECC08-E50F-B36B-DECB-C2BC42CA8037}" = CCC Help Thai
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{8D0318A9-3C52-0EBC-C21C-349B16B25666}" = CCC Help Hungarian
"{8D574794-0933-ACFA-8F3E-E74741EA5D44}" = CCC Help English
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92F8BB8E-4DDA-5603-81FC-690A4E029EB2}" = CCC Help Danish
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{9718521B-A345-4ad9-A52B-74D1435FB708}" = SF_CDA_ProductContext
"{981DE354-9301-440f-AAFC-025AA2354A93}" = HP Deskjet & Photosmart Printer Driver Software 8.0.A
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A10E1547-A0DE-B7EE-712C-860E07F46AAC}" = Catalyst Control Center Localization Russian
"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB138669-2648-F7E6-17DC-0056602F0C1C}" = Catalyst Control Center Graphics Light
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B49D194C-4F11-C359-5CEB-BE235CDDD703}" = CCC Help Italian
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF8307DC-DD68-B2EC-FA47-9416406A0A0A}" = Catalyst Control Center Localization German
"{C0BBC0C2-7DDE-7416-23F6-EB20335DBC4D}" = Catalyst Control Center Localization Norwegian
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C15C4908-11B8-D34D-993F-0243F957A13C}" = CCC Help Turkish
"{C233101D-A379-FD7F-2754-5124CF1AA124}" = CCC Help Dutch
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C83D0710-17F9-3D2B-E7A2-58311242A4D6}" = Catalyst Control Center Localization Dutch
"{C85897A9-D7C5-8A9F-299E-998D8B3139B3}" = CCC Help Greek
"{C93F4E7C-1B31-449B-A304-EF277CF55E39}" = Catalyst Control Center - Branding
"{CA967022-3B55-F884-C803-0743A9084DF0}" = CCC Help Chinese Standard
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix Online Plug-in (DV)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DA093954-87E4-CE1B-F278-C73607C23A75}" = Catalyst Control Center Localization Italian
"{DB9C9AF5-FA37-DDB7-6A82-D62504958DA0}" = CCC Help Russian
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.4.8
"{DDCDF8EC-8D5C-3390-3D89-27C9AB2CDCAE}" = CCC Help Chinese Traditional
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E6059A2F-0DD4-53DB-007B-F5B910CB1AB8}" = CCC Help Swedish
"{E7182A1A-8E3D-FD52-7A8C-13DF92489494}" = Catalyst Control Center Localization Polish
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB233331-3AB8-8435-4924-B16C29AE0BFC}" = Catalyst Control Center Localization Turkish
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{EE6D5D1E-B638-BBDC-C6A3-2752F38EED42}" = CCC Help French
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F140EBF8-399F-78F1-73A7-542511649382}" = ccc-utility
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F488BCB2-6D0A-E804-B272-1FF37C34392A}" = Catalyst Control Center Graphics Previews Vista
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F68211B0-4E73-8D9D-B8ED-6B90762AB5D8}" = Catalyst Control Center Localization French
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"18BED8D1-0ECA-4ADA-889D-152A6FD11022_is1" = click.to version 0.9.8.1418
"3DataManager" = Mein 3DataManager
"9D6CCD738961373D843EB8F87CAF18EF31DECBE4" = Windows-Treiberpaket - Microcomputer Applications, Inc. (usbkey) USB  (01/19/2007 6.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Internet Security
"BIPA FotoShop" = BIPA FotoShop
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Direktfotosystem3_is1" = Direkt Foto System 3.x
"dt icon module" = 
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free RAR Extract Frog" = Free RAR Extract Frog
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"gtfirstboot Setting Request" = 
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Java Web Start" = Java Web Start
"Lernen durch Wiederholung_is1" = Lernen durch Wiederholung 6.2.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MarketingTools" = VAIO Marketing Tools
"MFU Module" = 
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"ScaleTrans" = ScaleTrans
"Shop for HP Supplies" = Shop for HP Supplies
"Softonic" = Softonic toolbar  on IE
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"VLC media player" = VLC media player 0.9.8a
"WhiteSmoke_US_New Toolbar" = WhiteSmoke US New Toolbar
"ZhornStickies" = Stickies 7.1c
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1234123350-1742015166-1920242133-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Dropbox" = Dropbox
"Keylok" = Keylok Driverte
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.03.2013 05:46:27 | Computer Name = Theres-PC | Source = VSS | ID = 8194
Description = 
 
Error - 21.03.2013 05:59:46 | Computer Name = Theres-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2013 14:00:55 | Computer Name = Theres-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.03.2013 14:24:54 | Computer Name = Theres-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung audacity.exe, Version 2.0.3.0, Zeitstempel 0x50f9bdca,
 fehlerhaftes Modul wxbase28u_vc_custom.dll, Version 6.0.6001.18538, Zeitstempel
 0x4cb733dc, Ausnahmecode 0xc0000135, Fehleroffset 0x00009cfc,  Prozess-ID 0x1284,
 Anwendungsstartzeit 01ce26615fa68949.
 
Error - 26.03.2013 10:53:52 | Computer Name = Theres-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.03.2013 10:56:02 | Computer Name = Theres-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.03.2013 11:00:20 | Computer Name = Theres-PC | Source = ESENT | ID = 215
Description = WinMail (2284) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 27.03.2013 06:47:04 | Computer Name = Theres-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.03.2013 04:28:16 | Computer Name = Theres-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.03.2013 14:25:53 | Computer Name = Theres-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Snipping_Tool_Plus_3.4.1.0.tmp, Version 51.1052.0.0,
 Zeitstempel 0x4ffadf8a, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel
 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x01b75f00,  Prozess-ID 0x MÀ  MÀ  
, Anwendungsstartzeit  MÀ  MÀ  .
 
[ System Events ]
Error - 05.02.2009 09:55:48 | Computer Name = Theres-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 05.02.2009 09:55:54 | Computer Name = Theres-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 05.02.2009 09:55:54 | Computer Name = Theres-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 06.02.2009 05:34:30 | Computer Name = Theres-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 05.02.2009 um 18:07:32 unerwartet heruntergefahren.
 
Error - 06.02.2009 05:34:42 | Computer Name = Theres-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 06.02.2009 05:34:48 | Computer Name = Theres-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 06.02.2009 05:34:48 | Computer Name = Theres-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 07.02.2009 19:18:38 | Computer Name = Theres-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 07.02.2009 19:18:46 | Computer Name = Theres-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.02.2009 19:18:46 | Computer Name = Theres-PC | Source = Service Control Manager | ID = 7024
Description = 
 
 
< End of report >
Dankeschön!!

Alt 01.04.2013, 20:19   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista - Standard

C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista


Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.04.2013, 16:57   #6
theres
 
C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista - Standard

C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista


Voila et Merci

1 Scan/Clean Up

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.02.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19088
Theres :: THERES-PC [administrator]

02.04.2013 17:01:39
mbar-log-2013-04-02 (17-01-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30946
Time elapsed: 29 minute(s), 

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PDRV (Worm.KoobFace) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Windows\System32\drivers\PDRV.sys (Unknown Rootkit Driver Infection) -> Delete on reboot.

(end)
2 Scan
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.02.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19088
Theres :: THERES-PC [administrator]

02.04.2013 17:48:44
mbar-log-2013-04-02 (17-48-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 30944
Time elapsed: 31 minute(s), 

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Alt 02.04.2013, 19:07   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista - Standard

C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista


Was ist mit GMER?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.04.2013, 20:20   #8
theres
 
C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista - Standard

C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista


Stimmt, da war ja noch was, tut mir leid! Ich hab "show all" unabsichtlich angeklickt statt weggeklickt. Ich hoffe es ist nicht zu tragisch... nur hab ich jetzt ein riesengroßes Logfile...

Alt 02.04.2013, 20:26   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista - Standard

C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.04.2013, 20:38   #10
theres
 
C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista - Standard

C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista


aswMBR Scan

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-02 22:54:29
-----------------------------
22:54:29.733    OS Version: Windows 6.0.6002 Service Pack 2
22:54:29.733    Number of processors: 2 586 0xF0D
22:54:29.733    ComputerName: THERES-PC  UserName: Theres
22:54:31.414    Initialize success
22:59:06.366    AVAST engine defs: 13040200
22:59:40.675    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:59:40.681    Disk 0 Vendor: ST925082 3.AA Size: 238475MB BusType: 3
22:59:40.688    Disk 1  \Device\Harddisk1\DR1 -> \Device\000000c5
22:59:40.696    Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
22:59:40.705    Disk 2  \Device\Harddisk2\DR2 -> \Device\000000c6
22:59:40.714    Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
22:59:40.843    Disk 0 MBR read successfully
22:59:40.853    Disk 0 MBR scan
22:59:40.868    Disk 0 Windows VISTA default MBR code
22:59:40.880    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         8304 MB offset 2048
22:59:40.902    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       230169 MB offset 17008640
22:59:40.933    Disk 0 scanning sectors +488395120
22:59:41.119    Disk 0 scanning C:\Windows\system32\drivers
22:59:56.805    Service scanning
23:00:38.463    Modules scanning
23:00:45.361    Disk 0 trace - called modules:
23:00:45.399    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
23:00:45.414    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86961480]
23:00:45.432    3 CLASSPNP.SYS[8b1af8b3] -> nt!IofCallDriver -> [0x85f3d898]
23:00:45.448    5 acpi.sys[8068f6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85f51028]
23:00:46.531    AVAST engine scan C:\Windows
23:00:50.212    AVAST engine scan C:\Windows\system32
23:05:15.481    AVAST engine scan C:\Windows\system32\drivers
23:05:38.564    AVAST engine scan C:\Users\Theres
00:13:43.852    AVAST engine scan C:\ProgramData
00:24:00.355    Scan finished successfully
08:34:35.721    Disk 0 MBR has been saved successfully to "C:\Users\Theres\Desktop\MBR.dat"
08:34:35.727    The log file has been saved successfully to "C:\Users\Theres\Desktop\aswMBR.txt"
TDSSKIller File
Code:
ATTFilter
21:34:26.0222 5852  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:34:28.0225 5852  ============================================================
21:34:28.0225 5852  Current date / time: 2013/04/03 21:34:28.0225
21:34:28.0225 5852  SystemInfo:
21:34:28.0225 5852  
21:34:28.0225 5852  OS Version: 6.0.6002 ServicePack: 2.0
21:34:28.0225 5852  Product type: Workstation
21:34:28.0225 5852  ComputerName: THERES-PC
21:34:28.0225 5852  UserName: Theres
21:34:28.0225 5852  Windows directory: C:\Windows
21:34:28.0225 5852  System windows directory: C:\Windows
21:34:28.0225 5852  Processor architecture: Intel x86
21:34:28.0225 5852  Number of processors: 2
21:34:28.0225 5852  Page size: 0x1000
21:34:28.0225 5852  Boot type: Normal boot
21:34:28.0225 5852  ============================================================
21:34:28.0774 5852  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:34:28.0778 5852  ============================================================
21:34:28.0778 5852  \Device\Harddisk0\DR0:
21:34:28.0778 5852  MBR partitions:
21:34:28.0778 5852  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1038800, BlocksNum 0x1C18C970
21:34:28.0778 5852  ============================================================
21:34:28.0815 5852  C: <-> \Device\Harddisk0\DR0\Partition1
21:34:28.0815 5852  ============================================================
21:34:28.0815 5852  Initialize success
21:34:28.0815 5852  ============================================================
21:34:53.0634 5048  ============================================================
21:34:53.0634 5048  Scan started
21:34:53.0634 5048  Mode: Manual; SigCheck; TDLFS; 
21:34:53.0634 5048  ============================================================
21:34:54.0700 5048  ================ Scan system memory ========================
21:34:54.0700 5048  System memory - ok
21:34:54.0701 5048  ================ Scan services =============================
21:34:56.0908 5048  0252211232277384mcinstcleanup - ok
21:34:57.0103 5048  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
21:34:57.0302 5048  ACPI - ok
21:34:57.0440 5048  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:34:57.0455 5048  AdobeARMservice - ok
21:34:57.0560 5048  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:34:57.0580 5048  AdobeFlashPlayerUpdateSvc - ok
21:34:57.0649 5048  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:34:57.0683 5048  adp94xx - ok
21:34:57.0709 5048  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:34:57.0743 5048  adpahci - ok
21:34:57.0771 5048  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
21:34:57.0790 5048  adpu160m - ok
21:34:57.0817 5048  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:34:57.0854 5048  adpu320 - ok
21:34:57.0915 5048  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:34:58.0115 5048  AeLookupSvc - ok
21:34:58.0218 5048  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
21:34:58.0367 5048  AFD - ok
21:34:58.0489 5048  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:34:58.0514 5048  agp440 - ok
21:34:58.0555 5048  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
21:34:58.0583 5048  aic78xx - ok
21:34:58.0624 5048  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
21:34:58.0826 5048  ALG - ok
21:34:58.0851 5048  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:34:58.0861 5048  aliide - ok
21:34:58.0911 5048  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:34:58.0941 5048  amdagp - ok
21:34:58.0963 5048  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:34:58.0972 5048  amdide - ok
21:34:59.0021 5048  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
21:34:59.0078 5048  AmdK7 - ok
21:34:59.0104 5048  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:34:59.0193 5048  AmdK8 - ok
21:34:59.0298 5048  [ BCD725206E7CBBF253F326202244A125 ] AntiVirFirewallService C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
21:34:59.0367 5048  AntiVirFirewallService - ok
21:34:59.0449 5048  [ FCAE7984609FD0662B48D64603D1DAFF ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
21:34:59.0486 5048  AntiVirMailService - ok
21:34:59.0557 5048  [ FBF39613CA267F851186F93180AE2ED4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:34:59.0577 5048  AntiVirSchedulerService - ok
21:34:59.0638 5048  [ 476750076D102DC5F5B45ECE3C676853 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:34:59.0673 5048  AntiVirService - ok
21:34:59.0721 5048  [ E95B3655198C4DD65A7031EF8358CEF8 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:34:59.0774 5048  AntiVirWebService - ok
21:34:59.0868 5048  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
21:35:00.0013 5048  Appinfo - ok
21:35:00.0170 5048  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:35:00.0195 5048  Apple Mobile Device - ok
21:35:00.0242 5048  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
21:35:00.0268 5048  arc - ok
21:35:00.0317 5048  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:35:00.0343 5048  arcsas - ok
21:35:00.0403 5048  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:35:00.0493 5048  AsyncMac - ok
21:35:00.0540 5048  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:35:00.0559 5048  atapi - ok
21:35:00.0655 5048  [ 600EFE56F37ADBD65A0FB076B50D1B8D ] athr            C:\Windows\system32\DRIVERS\athr.sys
21:35:00.0739 5048  athr - ok
21:35:00.0813 5048  [ 3C105AE4CC005AB67907ADD9DFF2E192 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
21:35:00.0980 5048  Ati External Event Utility - ok
21:35:01.0145 5048  [ A4E212F45B2457B39D59D4972A67AF47 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:35:01.0541 5048  atikmdag - ok
21:35:01.0635 5048  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:35:01.0706 5048  AudioEndpointBuilder - ok
21:35:01.0745 5048  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:35:01.0767 5048  Audiosrv - ok
21:35:01.0819 5048  [ 0CC858D7AC36411E786ED0E0E69A4301 ] avfwim          C:\Windows\system32\DRIVERS\avfwim.sys
21:35:01.0859 5048  avfwim - ok
21:35:01.0941 5048  [ 76AD8733C1AA8AEA4CD678DCE886D701 ] avfwot          C:\Windows\system32\DRIVERS\avfwot.sys
21:35:01.0952 5048  avfwot - ok
21:35:01.0969 5048  [ 2060DAAC61CC3F65B6517CE840E4F6DA ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:35:01.0978 5048  avgntflt - ok
21:35:02.0013 5048  [ F3AF2B17AE92A378979ADD8D6981E818 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:35:02.0024 5048  avipbb - ok
21:35:02.0037 5048  [ 793C820F0199C2964A908C9F0748E99D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:35:02.0047 5048  avkmgr - ok
21:35:02.0114 5048  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:35:02.0178 5048  Beep - ok
21:35:02.0250 5048  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
21:35:02.0319 5048  BFE - ok
21:35:02.0422 5048  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
21:35:02.0535 5048  BITS - ok
21:35:02.0562 5048  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
21:35:02.0621 5048  blbdrive - ok
21:35:02.0671 5048  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:35:02.0764 5048  bowser - ok
21:35:02.0824 5048  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
21:35:02.0895 5048  BrFiltLo - ok
21:35:02.0927 5048  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
21:35:02.0998 5048  BrFiltUp - ok
21:35:03.0049 5048  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
21:35:03.0146 5048  Browser - ok
21:35:03.0209 5048  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
21:35:03.0394 5048  Brserid - ok
21:35:03.0418 5048  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
21:35:03.0498 5048  BrSerWdm - ok
21:35:03.0525 5048  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
21:35:03.0614 5048  BrUsbMdm - ok
21:35:03.0656 5048  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
21:35:03.0765 5048  BrUsbSer - ok
21:35:03.0797 5048  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:35:03.0881 5048  BTHMODEM - ok
21:35:03.0937 5048  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:35:03.0977 5048  cdfs - ok
21:35:04.0037 5048  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:35:04.0089 5048  cdrom - ok
21:35:04.0141 5048  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:35:04.0220 5048  CertPropSvc - ok
21:35:04.0276 5048  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
21:35:04.0365 5048  circlass - ok
21:35:04.0426 5048  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
21:35:04.0453 5048  CLFS - ok
21:35:04.0528 5048  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:35:04.0538 5048  clr_optimization_v2.0.50727_32 - ok
21:35:04.0601 5048  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:35:04.0654 5048  CmBatt - ok
21:35:04.0680 5048  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:35:04.0692 5048  cmdide - ok
21:35:04.0714 5048  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:35:04.0726 5048  Compbatt - ok
21:35:04.0732 5048  COMSysApp - ok
21:35:04.0740 5048  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:35:04.0753 5048  crcdisk - ok
21:35:04.0775 5048  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
21:35:04.0815 5048  Crusoe - ok
21:35:04.0873 5048  [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:35:04.0923 5048  CryptSvc - ok
21:35:04.0999 5048  [ CB6FF7012BB5D59D7C12350DB795CE1F ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
21:35:05.0019 5048  ctxusbm - ok
21:35:05.0083 5048  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
21:35:05.0163 5048  CVirtA - ok
21:35:05.0298 5048  [ EA4300E53E5D4D1912AD04985F6264F0 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
21:35:05.0438 5048  CVPND - ok
21:35:05.0498 5048  [ 34C345AAF390C12AE6E51B75198E8564 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
21:35:05.0543 5048  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
21:35:05.0543 5048  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
21:35:05.0618 5048  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:35:05.0726 5048  DcomLaunch - ok
21:35:05.0785 5048  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:35:05.0874 5048  DfsC - ok
21:35:06.0023 5048  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
21:35:06.0243 5048  DFSR - ok
21:35:06.0307 5048  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
21:35:06.0393 5048  Dhcp - ok
21:35:06.0467 5048  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
21:35:06.0494 5048  disk - ok
21:35:06.0557 5048  [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall         C:\Windows\system32\DRIVERS\DMICall.sys
21:35:06.0574 5048  DMICall - ok
21:35:06.0640 5048  [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys
21:35:06.0681 5048  DNE - ok
21:35:06.0746 5048  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:35:06.0832 5048  Dnscache - ok
21:35:06.0861 5048  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:35:06.0955 5048  dot3svc - ok
21:35:06.0999 5048  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
21:35:07.0078 5048  Dot4 - ok
21:35:07.0112 5048  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:35:07.0402 5048  Dot4Print - ok
21:35:07.0426 5048  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
21:35:07.0470 5048  dot4usb - ok
21:35:07.0526 5048  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
21:35:07.0580 5048  DPS - ok
21:35:07.0652 5048  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:35:07.0726 5048  drmkaud - ok
21:35:07.0800 5048  [ FB85F7F69E9B109820409243F578CC4D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:35:08.0035 5048  DXGKrnl - ok
21:35:08.0091 5048  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
21:35:08.0181 5048  E1G60 - ok
21:35:08.0233 5048  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
21:35:08.0313 5048  EapHost - ok
21:35:08.0388 5048  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
21:35:08.0434 5048  Ecache - ok
21:35:08.0486 5048  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:35:08.0560 5048  ehRecvr - ok
21:35:08.0588 5048  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
21:35:08.0706 5048  ehSched - ok
21:35:08.0736 5048  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
21:35:08.0779 5048  ehstart - ok
21:35:08.0854 5048  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:35:08.0919 5048  elxstor - ok
21:35:08.0976 5048  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
21:35:09.0105 5048  EMDMgmt - ok
21:35:09.0159 5048  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:35:09.0243 5048  ErrDev - ok
21:35:09.0310 5048  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
21:35:09.0384 5048  EventSystem - ok
21:35:09.0489 5048  [ 306AC856622864C761CBDB5E816BB9D8 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:35:09.0571 5048  EvtEng ( UnsignedFile.Multi.Generic ) - warning
21:35:09.0571 5048  EvtEng - detected UnsignedFile.Multi.Generic (1)
21:35:09.0635 5048  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
21:35:09.0744 5048  exfat - ok
21:35:09.0788 5048  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:35:09.0854 5048  fastfat - ok
21:35:09.0907 5048  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:35:09.0989 5048  fdc - ok
21:35:10.0025 5048  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:35:10.0084 5048  fdPHost - ok
21:35:10.0097 5048  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:35:10.0175 5048  FDResPub - ok
21:35:10.0217 5048  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:35:10.0228 5048  FileInfo - ok
21:35:10.0257 5048  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:35:10.0304 5048  Filetrace - ok
21:35:10.0336 5048  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:35:10.0374 5048  flpydisk - ok
21:35:10.0417 5048  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:35:10.0431 5048  FltMgr - ok
21:35:10.0502 5048  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:35:10.0516 5048  FontCache3.0.0.0 - ok
21:35:10.0567 5048  [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk     C:\Windows\system32\FsUsbExDisk.SYS
21:35:10.0596 5048  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
21:35:10.0596 5048  FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
21:35:10.0671 5048  [ 96633419F4A1E37ACB89B45EBCCFE001 ] FsUsbExService  C:\Windows\system32\FsUsbExService.Exe
21:35:10.0715 5048  FsUsbExService - ok
21:35:10.0750 5048  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:35:10.0814 5048  Fs_Rec - ok
21:35:10.0861 5048  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:35:10.0885 5048  gagp30kx - ok
21:35:10.0948 5048  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:35:10.0967 5048  GEARAspiWDM - ok
21:35:11.0069 5048  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
21:35:11.0088 5048  GoogleDesktopManager-051210-111108 - ok
21:35:11.0145 5048  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:35:11.0249 5048  gpsvc - ok
21:35:11.0331 5048  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:35:11.0350 5048  gupdate - ok
21:35:11.0364 5048  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:35:11.0387 5048  gupdatem - ok
21:35:11.0455 5048  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:35:11.0491 5048  gusvc - ok
21:35:11.0617 5048  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:35:11.0727 5048  HdAudAddService - ok
21:35:11.0794 5048  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:35:11.0856 5048  HDAudBus - ok
21:35:11.0888 5048  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:35:11.0986 5048  HidBth - ok
21:35:12.0031 5048  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:35:12.0155 5048  HidIr - ok
21:35:12.0203 5048  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
21:35:12.0296 5048  hidserv - ok
21:35:12.0329 5048  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:35:12.0400 5048  HidUsb - ok
21:35:12.0442 5048  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:35:12.0535 5048  hkmsvc - ok
21:35:12.0579 5048  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
21:35:12.0602 5048  HpCISSs - ok
21:35:12.0735 5048  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:35:12.0768 5048  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:35:12.0768 5048  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:35:12.0791 5048  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:35:12.0804 5048  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:35:12.0804 5048  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:35:12.0888 5048  [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:35:12.0967 5048  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
21:35:12.0967 5048  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
21:35:13.0083 5048  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:35:13.0127 5048  HSFHWAZL - ok
21:35:13.0197 5048  [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:35:13.0316 5048  HSF_DPV - ok
21:35:13.0384 5048  [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:35:13.0436 5048  HSXHWAZL - ok
21:35:13.0483 5048  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:35:13.0588 5048  HTTP - ok
21:35:13.0634 5048  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
21:35:13.0657 5048  i2omp - ok
21:35:13.0714 5048  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:35:13.0771 5048  i8042prt - ok
21:35:13.0831 5048  [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:35:13.0842 5048  iaStor - ok
21:35:13.0876 5048  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
21:35:13.0894 5048  iaStorV - ok
21:35:13.0968 5048  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:35:14.0056 5048  idsvc - ok
21:35:14.0067 5048  igfx - ok
21:35:14.0094 5048  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:35:14.0116 5048  iirsp - ok
21:35:14.0168 5048  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:35:14.0253 5048  IKEEXT - ok
21:35:14.0390 5048  [ 4A0F260DF9A5333C07F4AB40CA9D4F4B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:35:14.0520 5048  IntcAzAudAddService - ok
21:35:14.0562 5048  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:35:14.0572 5048  intelide - ok
21:35:14.0626 5048  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:35:14.0652 5048  intelppm - ok
21:35:14.0709 5048  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:35:14.0741 5048  IPBusEnum - ok
21:35:14.0765 5048  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:35:14.0826 5048  IpFilterDriver - ok
21:35:14.0875 5048  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:35:14.0972 5048  iphlpsvc - ok
21:35:14.0982 5048  IpInIp - ok
21:35:15.0024 5048  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
21:35:15.0105 5048  IPMIDRV - ok
21:35:15.0142 5048  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
21:35:15.0203 5048  IPNAT - ok
21:35:15.0323 5048  [ CE004777B92DEA56FE14EC900D20BAA4 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:35:15.0395 5048  iPod Service - ok
21:35:15.0435 5048  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:35:15.0493 5048  IRENUM - ok
21:35:15.0518 5048  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:35:15.0543 5048  isapnp - ok
21:35:15.0618 5048  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
21:35:15.0652 5048  iScsiPrt - ok
21:35:15.0687 5048  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
21:35:15.0711 5048  iteatapi - ok
21:35:15.0751 5048  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
21:35:15.0761 5048  iteraid - ok
21:35:15.0809 5048  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr       C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:35:15.0820 5048  IviRegMgr - ok
21:35:15.0833 5048  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:35:15.0844 5048  kbdclass - ok
21:35:15.0896 5048  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:35:15.0934 5048  kbdhid - ok
21:35:15.0973 5048  [ 3978F3540329E16C0AC3BCF677E5669F ] KeyIso          C:\Windows\system32\lsass.exe
21:35:16.0070 5048  KeyIso - ok
21:35:16.0107 5048  [ 86165728AF9BF72D6442A894FDFB4F8B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:35:16.0140 5048  KSecDD - ok
21:35:16.0211 5048  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:35:16.0300 5048  KtmRm - ok
21:35:16.0352 5048  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:35:16.0453 5048  LanmanServer - ok
21:35:16.0512 5048  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:35:16.0587 5048  LanmanWorkstation - ok
21:35:16.0635 5048  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:35:16.0721 5048  lltdio - ok
21:35:16.0773 5048  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:35:16.0843 5048  lltdsvc - ok
21:35:16.0868 5048  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:35:16.0996 5048  lmhosts - ok
21:35:17.0060 5048  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:35:17.0078 5048  LSI_FC - ok
21:35:17.0100 5048  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:35:17.0117 5048  LSI_SAS - ok
21:35:17.0147 5048  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:35:17.0159 5048  LSI_SCSI - ok
21:35:17.0185 5048  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
21:35:17.0210 5048  luafv - ok
21:35:17.0245 5048  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:35:17.0280 5048  Mcx2Svc - ok
21:35:17.0390 5048  [ 409BFA40D47E10D26E91153D912D325F ] mdf16           C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys
21:35:17.0400 5048  mdf16 - ok
21:35:17.0427 5048  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:35:17.0436 5048  mdmxsdk - ok
21:35:17.0498 5048  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
21:35:17.0521 5048  megasas - ok
21:35:17.0566 5048  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
21:35:17.0607 5048  MegaSR - ok
21:35:17.0642 5048  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
21:35:17.0720 5048  MMCSS - ok
21:35:17.0759 5048  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
21:35:17.0840 5048  Modem - ok
21:35:17.0887 5048  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:35:17.0927 5048  monitor - ok
21:35:17.0943 5048  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:35:17.0958 5048  mouclass - ok
21:35:17.0972 5048  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:35:18.0030 5048  mouhid - ok
21:35:18.0062 5048  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
21:35:18.0086 5048  MountMgr - ok
21:35:18.0110 5048  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:35:18.0136 5048  mpio - ok
21:35:18.0159 5048  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:35:18.0231 5048  mpsdrv - ok
21:35:18.0284 5048  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:35:18.0349 5048  MpsSvc - ok
21:35:18.0423 5048  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
21:35:18.0446 5048  Mraid35x - ok
21:35:18.0489 5048  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:35:18.0547 5048  MRxDAV - ok
21:35:18.0599 5048  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:35:18.0658 5048  mrxsmb - ok
21:35:18.0698 5048  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:35:18.0723 5048  mrxsmb10 - ok
21:35:18.0749 5048  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:35:18.0775 5048  mrxsmb20 - ok
21:35:18.0837 5048  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
21:35:18.0853 5048  msahci - ok
21:35:18.0942 5048  [ A99D2C7E30AD63EF920A894131CAF5F7 ] MSCSPTISRV      C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
21:35:18.0954 5048  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
21:35:18.0954 5048  MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
21:35:18.0990 5048  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:35:19.0016 5048  msdsm - ok
21:35:19.0036 5048  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
21:35:19.0100 5048  MSDTC - ok
21:35:19.0117 5048  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:35:19.0199 5048  Msfs - ok
21:35:19.0251 5048  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:35:19.0273 5048  msisadrv - ok
21:35:19.0309 5048  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:35:19.0372 5048  MSiSCSI - ok
21:35:19.0382 5048  msiserver - ok
21:35:19.0450 5048  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:35:19.0526 5048  MSKSSRV - ok
21:35:19.0553 5048  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:35:19.0636 5048  MSPCLOCK - ok
21:35:19.0669 5048  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:35:19.0745 5048  MSPQM - ok
21:35:19.0801 5048  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:35:19.0834 5048  MsRPC - ok
21:35:19.0879 5048  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:35:19.0903 5048  mssmbios - ok
21:35:20.0002 5048  MSSQL$MSSMLBIZ - ok
21:35:20.0072 5048  [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:35:20.0095 5048  MSSQLServerADHelper - ok
21:35:20.0148 5048  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:35:20.0231 5048  MSTEE - ok
21:35:20.0292 5048  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
21:35:20.0322 5048  Mup - ok
21:35:20.0400 5048  [ DF308930DF337C3D0F0CDC7905BA58AF ] mvd23           C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys
21:35:20.0422 5048  mvd23 - ok
21:35:20.0475 5048  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
21:35:20.0555 5048  napagent - ok
21:35:20.0602 5048  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:35:20.0638 5048  NativeWifiP - ok
21:35:20.0680 5048  [ FC2239AAB7B5F4011A092940B7270759 ] NBSPortDriver   C:\Windows\system32\DRIVERS\NBSPortDriver.sys
21:35:20.0705 5048  NBSPortDriver - ok
21:35:20.0763 5048  [ C9A3EC17EDF7AA9E1BBB4B3F03BCF280 ] NBSREG          C:\Windows\system32\drivers\nbsreg.sys
21:35:20.0788 5048  NBSREG ( UnsignedFile.Multi.Generic ) - warning
21:35:20.0788 5048  NBSREG - detected UnsignedFile.Multi.Generic (1)
21:35:20.0850 5048  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:35:20.0910 5048  NDIS - ok
21:35:20.0957 5048  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:35:21.0023 5048  NdisTapi - ok
21:35:21.0053 5048  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:35:21.0112 5048  Ndisuio - ok
21:35:21.0158 5048  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:35:21.0206 5048  NdisWan - ok
21:35:21.0242 5048  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:35:21.0289 5048  NDProxy - ok
21:35:21.0381 5048  [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:35:21.0417 5048  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:35:21.0417 5048  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:35:21.0492 5048  [ 1352E1648213551923A0A822E441553C ] Netaapl         C:\Windows\system32\DRIVERS\netaapl.sys
21:35:21.0568 5048  Netaapl - ok
21:35:21.0593 5048  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:35:21.0654 5048  NetBIOS - ok
21:35:21.0687 5048  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
21:35:21.0727 5048  netbt - ok
21:35:21.0749 5048  [ 3978F3540329E16C0AC3BCF677E5669F ] Netlogon        C:\Windows\system32\lsass.exe
21:35:21.0762 5048  Netlogon - ok
21:35:21.0796 5048  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
21:35:21.0874 5048  Netman - ok
21:35:21.0907 5048  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
21:35:21.0989 5048  netprofm - ok
21:35:22.0030 5048  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:35:22.0054 5048  NetTcpPortSharing - ok
21:35:22.0228 5048  [ E559EA9138C77B5D1FDA8C558764A25F ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
21:35:22.0483 5048  NETw5v32 - ok
21:35:22.0524 5048  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:35:22.0546 5048  nfrd960 - ok
21:35:22.0581 5048  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:35:22.0650 5048  NlaSvc - ok
21:35:22.0689 5048  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:35:22.0756 5048  Npfs - ok
21:35:22.0792 5048  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
21:35:22.0862 5048  nsi - ok
21:35:22.0908 5048  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:35:22.0964 5048  nsiproxy - ok
21:35:23.0077 5048  [ FD141D19F1392920A6A517316910D770 ] NSUService      C:\Program Files\Sony\Network Utility\NSUService.exe
21:35:23.0090 5048  NSUService ( UnsignedFile.Multi.Generic ) - warning
21:35:23.0090 5048  NSUService - detected UnsignedFile.Multi.Generic (1)
21:35:23.0173 5048  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:35:23.0236 5048  Ntfs - ok
21:35:23.0312 5048  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
21:35:23.0384 5048  ntrigdigi - ok
21:35:23.0409 5048  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
21:35:23.0485 5048  Null - ok
21:35:23.0519 5048  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:35:23.0545 5048  nvraid - ok
21:35:23.0563 5048  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:35:23.0590 5048  nvstor - ok
21:35:23.0625 5048  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:35:23.0652 5048  nv_agp - ok
21:35:23.0664 5048  NwlnkFlt - ok
21:35:23.0676 5048  NwlnkFwd - ok
21:35:23.0729 5048  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
21:35:23.0792 5048  ohci1394 - ok
21:35:23.0868 5048  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:35:23.0891 5048  ose - ok
21:35:23.0961 5048  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
21:35:24.0074 5048  p2pimsvc - ok
21:35:24.0138 5048  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:35:24.0192 5048  p2psvc - ok
21:35:24.0249 5048  [ 41C33FB4FD929FED732A00D2DAEF5BE0 ] PACSPTISVR      C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
21:35:24.0298 5048  PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
21:35:24.0298 5048  PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
21:35:24.0352 5048  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
21:35:24.0450 5048  Parport - ok
21:35:24.0494 5048  [ 57389FA59A36D96B3EB09D0CB91E9CDC ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:35:24.0508 5048  partmgr - ok
21:35:24.0552 5048  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
21:35:24.0614 5048  Parvdm - ok
21:35:24.0651 5048  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:35:24.0737 5048  PcaSvc - ok
21:35:24.0776 5048  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
21:35:24.0806 5048  pci - ok
21:35:24.0856 5048  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
21:35:24.0892 5048  pciide - ok
21:35:24.0934 5048  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:35:24.0957 5048  pcmcia - ok
21:35:25.0017 5048  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:35:25.0153 5048  PEAUTH - ok
21:35:25.0234 5048  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
21:35:25.0350 5048  pla - ok
21:35:25.0423 5048  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:35:25.0493 5048  PlugPlay - ok
21:35:25.0570 5048  [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:35:25.0607 5048  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:35:25.0607 5048  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:35:25.0657 5048  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
21:35:25.0712 5048  PNRPAutoReg - ok
21:35:25.0764 5048  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
21:35:25.0789 5048  PNRPsvc - ok
21:35:25.0848 5048  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:35:25.0905 5048  PolicyAgent - ok
21:35:25.0951 5048  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:35:25.0994 5048  PptpMiniport - ok
21:35:26.0024 5048  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
21:35:26.0049 5048  Processor - ok
21:35:26.0093 5048  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:35:26.0117 5048  ProfSvc - ok
21:35:26.0140 5048  [ 3978F3540329E16C0AC3BCF677E5669F ] ProtectedStorage C:\Windows\system32\lsass.exe
21:35:26.0162 5048  ProtectedStorage - ok
21:35:26.0197 5048  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
21:35:26.0250 5048  PSched - ok
21:35:26.0299 5048  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
21:35:26.0318 5048  PxHelp20 - ok
21:35:26.0417 5048  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:35:26.0517 5048  ql2300 - ok
21:35:26.0546 5048  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:35:26.0560 5048  ql40xx - ok
21:35:26.0596 5048  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
21:35:26.0631 5048  QWAVE - ok
21:35:26.0661 5048  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:35:26.0676 5048  QWAVEdrv - ok
21:35:26.0688 5048  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:35:26.0736 5048  RasAcd - ok
21:35:26.0762 5048  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
21:35:26.0827 5048  RasAuto - ok
21:35:26.0867 5048  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:35:26.0956 5048  Rasl2tp - ok
21:35:27.0030 5048  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
21:35:27.0127 5048  RasMan - ok
21:35:27.0160 5048  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:35:27.0200 5048  RasPppoe - ok
21:35:27.0222 5048  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:35:27.0236 5048  RasSstp - ok
21:35:27.0266 5048  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:35:27.0329 5048  rdbss - ok
21:35:27.0373 5048  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:35:27.0425 5048  RDPCDD - ok
21:35:27.0459 5048  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
21:35:27.0494 5048  rdpdr - ok
21:35:27.0517 5048  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:35:27.0572 5048  RDPENCDD - ok
21:35:27.0619 5048  [ 30BFBDFB7F95559EDE971F9DDB9A00BA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:35:27.0663 5048  RDPWD - ok
21:35:27.0727 5048  [ 001B4278407F4303EFC902A2B16F2453 ] regi            C:\Windows\system32\drivers\regi.sys
21:35:27.0738 5048  regi - ok
21:35:27.0822 5048  [ B33C88DF3588ACF250B87A004526C31A ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:35:27.0853 5048  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
21:35:27.0853 5048  RegSrvc - detected UnsignedFile.Multi.Generic (1)
21:35:27.0910 5048  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:35:27.0973 5048  RemoteAccess - ok
21:35:28.0015 5048  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:35:28.0068 5048  RemoteRegistry - ok
21:35:28.0104 5048  [ D0C2A0CE1091E08EFB7CCBA6CEA4C3F9 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
21:35:28.0156 5048  rimsptsk - ok
21:35:28.0210 5048  [ C22E4E27CCDF9AA5FE8143104F28CDE3 ] risdptsk        C:\Windows\system32\DRIVERS\risdptsk.sys
21:35:28.0284 5048  risdptsk - ok
21:35:28.0323 5048  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
21:35:28.0395 5048  RpcLocator - ok
21:35:28.0452 5048  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
21:35:28.0480 5048  RpcSs - ok
21:35:28.0517 5048  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:35:28.0563 5048  rspndr - ok
21:35:28.0617 5048  [ 65330E78C17DB8A99A7FF1BA3C8824B6 ] RtkAudioService C:\Windows\RtkAudioService.exe
21:35:28.0628 5048  RtkAudioService - ok
21:35:28.0645 5048  [ 3978F3540329E16C0AC3BCF677E5669F ] SamSs           C:\Windows\system32\lsass.exe
21:35:28.0658 5048  SamSs - ok
21:35:28.0682 5048  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:35:28.0693 5048  sbp2port - ok
21:35:28.0744 5048  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:35:28.0785 5048  SCardSvr - ok
21:35:28.0827 5048  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
21:35:28.0938 5048  Schedule - ok
21:35:28.0953 5048  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:35:28.0999 5048  SCPolicySvc - ok
21:35:29.0038 5048  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
21:35:29.0117 5048  sdbus - ok
21:35:29.0169 5048  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:35:29.0312 5048  SDRSVC - ok
21:35:29.0344 5048  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:35:29.0472 5048  secdrv - ok
21:35:29.0519 5048  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
21:35:29.0582 5048  seclogon - ok
21:35:29.0630 5048  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
21:35:29.0694 5048  SENS - ok
21:35:29.0738 5048  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
21:35:29.0809 5048  Serenum - ok
21:35:29.0852 5048  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
21:35:29.0922 5048  Serial - ok
21:35:29.0952 5048  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:35:29.0987 5048  sermouse - ok
21:35:30.0031 5048  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:35:30.0059 5048  SessionEnv - ok
21:35:30.0117 5048  [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP            C:\Windows\system32\DRIVERS\SFEP.sys
21:35:30.0141 5048  SFEP - ok
21:35:30.0173 5048  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:35:30.0204 5048  sffdisk - ok
21:35:30.0219 5048  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:35:30.0286 5048  sffp_mmc - ok
21:35:30.0312 5048  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:35:30.0389 5048  sffp_sd - ok
21:35:30.0426 5048  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:35:30.0506 5048  sfloppy - ok
21:35:30.0567 5048  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:35:30.0663 5048  SharedAccess - ok
21:35:30.0719 5048  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:35:30.0800 5048  ShellHWDetection - ok
21:35:30.0842 5048  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:35:30.0868 5048  sisagp - ok
21:35:30.0895 5048  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
21:35:30.0919 5048  SiSRaid2 - ok
21:35:30.0947 5048  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:35:30.0972 5048  SiSRaid4 - ok
21:35:31.0136 5048  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
21:35:31.0359 5048  slsvc - ok
21:35:31.0387 5048  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
21:35:31.0425 5048  SLUINotify - ok
21:35:31.0448 5048  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:35:31.0472 5048  Smb - ok
21:35:31.0507 5048  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:35:31.0524 5048  SNMPTRAP - ok
21:35:31.0577 5048  [ DC826AFFA608F50C385BCA4C71EF1BDD ] SOHCImp         C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
21:35:31.0594 5048  SOHCImp - ok
21:35:31.0617 5048  [ 1EC739F65C51FA1C7AC4502464A3C3A8 ] SOHDms          C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
21:35:31.0642 5048  SOHDms - ok
21:35:31.0660 5048  [ EC8FAB4AC684445D6032AA5C6E77CA2E ] SOHDs           C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
21:35:31.0678 5048  SOHDs - ok
21:35:31.0710 5048  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
21:35:31.0732 5048  spldr - ok
21:35:31.0773 5048  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
21:35:31.0851 5048  Spooler - ok
21:35:31.0882 5048  [ F63102F289AE2039940B22E9B2A8E0BD ] SPTISRV         C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
21:35:31.0894 5048  SPTISRV ( UnsignedFile.Multi.Generic ) - warning
21:35:31.0894 5048  SPTISRV - detected UnsignedFile.Multi.Generic (1)
21:35:31.0925 5048  [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:35:31.0953 5048  SQLBrowser - ok
21:35:31.0984 5048  [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:35:32.0005 5048  SQLWriter - ok
21:35:32.0069 5048  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:35:32.0142 5048  srv - ok
21:35:32.0170 5048  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:35:32.0254 5048  srv2 - ok
21:35:32.0283 5048  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:35:32.0337 5048  srvnet - ok
21:35:32.0386 5048  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:35:32.0470 5048  SSDPSRV - ok
21:35:32.0532 5048  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
21:35:32.0550 5048  ssmdrv - ok
21:35:32.0602 5048  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:35:32.0646 5048  SstpSvc - ok
21:35:32.0695 5048  [ 3F0164FBC0BD1ADBD02DF9759181451A ] ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
21:35:32.0722 5048  ss_bbus - ok
21:35:32.0815 5048  [ B89D62206034E5FE573C80A24DD55675 ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
21:35:32.0836 5048  ss_bmdfl - ok
21:35:32.0893 5048  [ 1ED0FCEA586FE2A416EE15196E5631DD ] ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
21:35:32.0918 5048  ss_bmdm - ok
21:35:33.0002 5048  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
21:35:33.0073 5048  stisvc - ok
21:35:33.0121 5048  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:35:33.0145 5048  swenum - ok
21:35:33.0200 5048  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
21:35:33.0291 5048  swprv - ok
21:35:33.0314 5048  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
21:35:33.0337 5048  Symc8xx - ok
21:35:33.0375 5048  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
21:35:33.0398 5048  Sym_hi - ok
21:35:33.0431 5048  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
21:35:33.0453 5048  Sym_u3 - ok
21:35:33.0501 5048  [ 99DA94793332AADBB17BBB521AE56E21 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:35:33.0529 5048  SynTP - ok
21:35:33.0585 5048  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
21:35:33.0687 5048  SysMain - ok
21:35:33.0752 5048  [ 7B0E358988C1DF7B479D2A1E50F8CF41 ] SZDrvSvc        C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
21:35:33.0761 5048  SZDrvSvc ( UnsignedFile.Multi.Generic ) - warning
21:35:33.0761 5048  SZDrvSvc - detected UnsignedFile.Multi.Generic (1)
21:35:33.0789 5048  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:35:33.0874 5048  TabletInputService - ok
21:35:33.0922 5048  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:35:34.0012 5048  TapiSrv - ok
21:35:34.0056 5048  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
21:35:34.0148 5048  TBS - ok
21:35:34.0218 5048  [ A474879AFA4A596B3A531F3E69730DBF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:35:34.0303 5048  Tcpip - ok
21:35:34.0356 5048  [ A474879AFA4A596B3A531F3E69730DBF ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
21:35:34.0387 5048  Tcpip6 - ok
21:35:34.0433 5048  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:35:34.0481 5048  tcpipreg - ok
21:35:34.0512 5048  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:35:34.0560 5048  TDPIPE - ok
21:35:34.0588 5048  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:35:34.0612 5048  TDTCP - ok
21:35:34.0643 5048  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:35:34.0668 5048  tdx - ok
21:35:34.0706 5048  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:35:34.0720 5048  TermDD - ok
21:35:34.0744 5048  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
21:35:34.0825 5048  TermService - ok
21:35:34.0865 5048  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
21:35:34.0905 5048  Themes - ok
21:35:34.0937 5048  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
21:35:34.0997 5048  THREADORDER - ok
21:35:35.0035 5048  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
21:35:35.0100 5048  TrkWks - ok
21:35:35.0151 5048  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:35:35.0198 5048  TrustedInstaller - ok
21:35:35.0246 5048  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:35:35.0305 5048  tssecsrv - ok
21:35:35.0362 5048  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
21:35:35.0443 5048  tunmp - ok
21:35:35.0473 5048  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:35:35.0521 5048  tunnel - ok
21:35:35.0575 5048  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:35:35.0600 5048  uagp35 - ok
21:35:35.0646 5048  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:35:35.0712 5048  udfs - ok
21:35:35.0776 5048  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:35:35.0823 5048  UI0Detect - ok
21:35:35.0833 5048  UIUSys - ok
21:35:35.0887 5048  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:35:35.0898 5048  uliagpkx - ok
21:35:35.0931 5048  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
21:35:35.0946 5048  uliahci - ok
21:35:35.0970 5048  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
21:35:35.0985 5048  UlSata - ok
21:35:36.0017 5048  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
21:35:36.0030 5048  ulsata2 - ok
21:35:36.0047 5048  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:35:36.0107 5048  umbus - ok
21:35:36.0145 5048  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
21:35:36.0236 5048  upnphost - ok
21:35:36.0298 5048  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
21:35:36.0330 5048  USBAAPL - ok
21:35:36.0375 5048  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:35:36.0436 5048  usbccgp - ok
21:35:36.0484 5048  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:35:36.0596 5048  usbcir - ok
21:35:36.0645 5048  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:35:36.0712 5048  usbehci - ok
21:35:36.0769 5048  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:35:36.0825 5048  usbhub - ok
21:35:36.0867 5048  [ 739EA372279B0434BA26B624CE010D70 ] usbkey          C:\Windows\system32\DRIVERS\USBKey.sys
21:35:36.0885 5048  usbkey - ok
21:35:36.0928 5048  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:35:37.0034 5048  usbohci - ok
21:35:37.0082 5048  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:35:37.0107 5048  usbprint - ok
21:35:37.0168 5048  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:35:37.0192 5048  usbscan - ok
21:35:37.0227 5048  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:35:37.0266 5048  USBSTOR - ok
21:35:37.0310 5048  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:35:37.0329 5048  usbuhci - ok
21:35:37.0366 5048  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
21:35:37.0428 5048  usbvideo - ok
21:35:37.0466 5048  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
21:35:37.0518 5048  UxSms - ok
21:35:37.0588 5048  [ 2A640DC735CB0112AC1DCD1E1549B27E ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
21:35:37.0601 5048  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
21:35:37.0601 5048  VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
21:35:37.0656 5048  [ 693A3FDD279C345105FFF9DDE277849B ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
21:35:37.0682 5048  VAIO Event Service - ok
21:35:37.0714 5048  [ 43CEC9BF5A4F2917982AD01D92E0F44D ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
21:35:37.0763 5048  VAIO Power Management - ok
21:35:37.0863 5048  [ CBCBE2233D21E9B278F95F5CB28BC8AE ] VCFw            C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
21:35:37.0918 5048  VCFw ( UnsignedFile.Multi.Generic ) - warning
21:35:37.0918 5048  VCFw - detected UnsignedFile.Multi.Generic (1)
21:35:38.0034 5048  [ 27888F132D2EE0B72B28093A5F5F20EB ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
21:35:38.0069 5048  VcmIAlzMgr - ok
21:35:38.0145 5048  [ EE9ABFC2F8F2DCDC624B6A9D5CF3B19D ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
21:35:38.0166 5048  VcmXmlIfHelper - ok
21:35:38.0175 5048  Vcsw - ok
21:35:38.0238 5048  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
21:35:38.0312 5048  vds - ok
21:35:38.0372 5048  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:35:38.0410 5048  vga - ok
21:35:38.0441 5048  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:35:38.0466 5048  VgaSave - ok
21:35:38.0500 5048  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:35:38.0511 5048  viaagp - ok
21:35:38.0543 5048  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
21:35:38.0577 5048  ViaC7 - ok
21:35:38.0597 5048  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
21:35:38.0609 5048  viaide - ok
21:35:38.0624 5048  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:35:38.0637 5048  volmgr - ok
21:35:38.0679 5048  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:35:38.0706 5048  volmgrx - ok
21:35:38.0751 5048  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:35:38.0786 5048  volsnap - ok
21:35:38.0852 5048  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:35:38.0880 5048  vsmraid - ok
21:35:38.0966 5048  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
21:35:39.0109 5048  VSS - ok
21:35:39.0215 5048  [ AD137204D107A60D563030145C3BE695 ] VUAgent         C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
21:35:39.0270 5048  VUAgent - ok
21:35:39.0330 5048  [ 071634532066C2E29350D450C3412837 ] VzCdbSvc        C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
21:35:39.0347 5048  VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
21:35:39.0348 5048  VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
21:35:39.0395 5048  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
21:35:39.0466 5048  W32Time - ok
21:35:39.0524 5048  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:35:39.0644 5048  WacomPen - ok
21:35:39.0680 5048  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
21:35:39.0703 5048  Wanarp - ok
21:35:39.0725 5048  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:35:39.0744 5048  Wanarpv6 - ok
21:35:39.0781 5048  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:35:39.0807 5048  wcncsvc - ok
21:35:39.0835 5048  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:35:39.0877 5048  WcsPlugInService - ok
21:35:39.0936 5048  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
21:35:39.0946 5048  Wd - ok
21:35:39.0984 5048  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:35:40.0027 5048  Wdf01000 - ok
21:35:40.0055 5048  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:35:40.0144 5048  WdiServiceHost - ok
21:35:40.0152 5048  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:35:40.0220 5048  WdiSystemHost - ok
21:35:40.0266 5048  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
21:35:40.0319 5048  WebClient - ok
21:35:40.0355 5048  [ 905214925A88311FCE52F66153DE7610 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:35:40.0444 5048  Wecsvc - ok
21:35:40.0473 5048  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:35:40.0537 5048  wercplsupport - ok
21:35:40.0581 5048  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:35:40.0635 5048  WerSvc - ok
21:35:40.0687 5048  [ 090A2B8F055343815556A01F725F6C35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
21:35:40.0716 5048  WimFltr - ok
21:35:40.0759 5048  [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:35:40.0811 5048  winachsf - ok
21:35:40.0874 5048  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:35:40.0907 5048  WinDefend - ok
21:35:40.0936 5048  WinHttpAutoProxySvc - ok
21:35:41.0013 5048  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:35:41.0070 5048  Winmgmt - ok
21:35:41.0144 5048  [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:35:41.0284 5048  WinRM - ok
21:35:41.0382 5048  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:35:41.0439 5048  Wlansvc - ok
21:35:41.0478 5048  [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc      C:\Program Files\Windows Live\installer\WLSetupSvc.exe
21:35:41.0536 5048  WLSetupSvc - ok
21:35:41.0565 5048  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:35:41.0635 5048  WmiAcpi - ok
21:35:41.0684 5048  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:35:41.0753 5048  wmiApSrv - ok
21:35:41.0858 5048  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:35:41.0973 5048  WMPNetworkSvc - ok
21:35:42.0038 5048  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:35:42.0131 5048  WPCSvc - ok
21:35:42.0173 5048  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:35:42.0249 5048  WPDBusEnum - ok
21:35:42.0312 5048  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
21:35:42.0381 5048  WpdUsb - ok
21:35:42.0420 5048  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:35:42.0485 5048  ws2ifsl - ok
21:35:42.0541 5048  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
21:35:42.0560 5048  wscsvc - ok
21:35:42.0622 5048  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
21:35:42.0641 5048  WSDPrintDevice - ok
21:35:42.0650 5048  WSearch - ok
21:35:42.0729 5048  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:35:42.0823 5048  wuauserv - ok
21:35:42.0885 5048  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:35:42.0917 5048  WUDFRd - ok
21:35:42.0950 5048  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:35:42.0999 5048  wudfsvc - ok
21:35:43.0036 5048  [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
21:35:43.0068 5048  XAudio - ok
21:35:43.0101 5048  [ 15A317674A08DF26BE65164D959E9203 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
21:35:43.0124 5048  XAudioService - ok
21:35:43.0167 5048  [ 7D4CCA3659FA0780603206E3D12A993F ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
21:35:43.0223 5048  yukonwlh - ok
21:35:43.0273 5048  ================ Scan global ===============================
21:35:43.0316 5048  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:35:43.0364 5048  [ 5DF01708D214FDC0075AD197F1889557 ] C:\Windows\system32\winsrv.dll
21:35:43.0409 5048  [ 5DF01708D214FDC0075AD197F1889557 ] C:\Windows\system32\winsrv.dll
21:35:43.0456 5048  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
21:35:43.0477 5048  [Global] - ok
21:35:43.0478 5048  ================ Scan MBR ==================================
21:35:43.0508 5048  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:35:44.0333 5048  \Device\Harddisk0\DR0 - ok
21:35:44.0333 5048  ================ Scan VBR ==================================
21:35:44.0365 5048  [ 5C64891CBA38A56957FC8E8AE32A709B ] \Device\Harddisk0\DR0\Partition1
21:35:44.0367 5048  \Device\Harddisk0\DR0\Partition1 - ok
21:35:44.0368 5048  ============================================================
21:35:44.0368 5048  Scan finished
21:35:44.0368 5048  ============================================================
21:35:44.0393 5648  Detected object count: 18
21:35:44.0393 5648  Actual detected object count: 18
21:36:18.0064 5648  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0064 5648  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:18.0069 5648  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0069 5648  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:18.0075 5648  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0075 5648  FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:18.0081 5648  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0081 5648  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:18.0083 5648  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0083 5648  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:18.0087 5648  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0087 5648  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:18.0090 5648  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0090 5648  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:18.0094 5648  NBSREG ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0094 5648  NBSREG ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:18.0097 5648  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0097 5648  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:18.0100 5648  NSUService ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0101 5648  NSUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:18.0104 5648  PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0104 5648  PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:18.0107 5648  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0107 5648  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:18.0111 5648  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0111 5648  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:18.0114 5648  SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0114 5648  SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:18.0117 5648  SZDrvSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0118 5648  SZDrvSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:18.0121 5648  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0121 5648  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:18.0127 5648  VCFw ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0127 5648  VCFw ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:36:18.0131 5648  VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:36:18.0131 5648  VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:37:44.0172 5212  Deinitialize success
Dankeschön

Alt 03.04.2013, 20:59   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista - Standard

C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.04.2013, 21:31   #12
theres
 
C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista - Standard

C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista


Combofix File
Code:
ATTFilter
ComboFix 13-04-02.01 - Theres 03.04.2013  22:13:58.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.3068.1904 [GMT 2:00]
ausgeführt von:: c:\users\Theres\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-03 bis 2013-04-03  ))))))))))))))))))))))))))))))
.
.
2013-04-03 20:24 . 2013-04-03 20:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-02 19:17 . 2013-04-02 19:17	--------	d-----w-	c:\program files\7-Zip
2013-04-02 11:38 . 2013-04-02 11:38	--------	d-----w-	c:\program files\Clarus
2013-03-28 18:15 . 2013-03-29 06:19	--------	d-----w-	C:\Version_4
2013-03-27 09:32 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2013-03-27 09:32 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2013-03-27 09:32 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2013-03-27 09:32 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2013-03-27 09:31 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2013-03-27 09:31 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2013-03-27 09:31 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2013-03-27 09:31 . 2012-06-02 14:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2013-03-27 09:31 . 2012-06-02 14:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2013-03-26 15:21 . 2013-03-26 15:21	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5613F169-5A06-44E6-850F-14176CE76D15}\offreg.dll
2013-03-26 14:47 . 2013-03-26 14:48	--------	d-----w-	c:\windows\system32\ca-ES
2013-03-26 14:47 . 2013-03-26 14:48	--------	d-----w-	c:\windows\system32\eu-ES
2013-03-26 14:47 . 2013-03-26 14:48	--------	d-----w-	c:\windows\system32\vi-VN
2013-03-26 14:36 . 2013-03-26 14:36	--------	d-----w-	c:\windows\system32\SPReview
2013-03-26 14:18 . 2009-04-10 22:28	928768	----a-w-	c:\windows\system32\scavenge.dll
2013-03-26 14:18 . 2009-04-10 22:27	57856	----a-w-	c:\windows\system32\compcln.exe
2013-03-26 14:16 . 2009-04-10 22:28	95232	----a-w-	c:\windows\system32\SCardSvr.dll
2013-03-26 14:15 . 2009-04-10 22:28	936960	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-03-26 14:14 . 2009-04-10 22:28	1524736	----a-w-	c:\windows\system32\WindowsAnytimeUpgradeCPL.dll
2013-03-26 14:14 . 2009-04-10 22:28	163840	----a-w-	c:\windows\system32\wevtutil.exe
2013-03-26 14:14 . 2009-04-10 22:28	31232	----a-w-	c:\windows\system32\whealogr.dll
2013-03-26 14:14 . 2009-04-10 22:28	1017856	----a-w-	c:\windows\system32\wevtsvc.dll
2013-03-21 18:11 . 2013-03-21 18:16	--------	d-----w-	C:\Logfiles_Version3
2013-03-21 10:08 . 2013-02-08 00:45	6954968	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5613F169-5A06-44E6-850F-14176CE76D15}\mpengine.dll
2013-03-21 09:49 . 2013-03-21 09:49	--------	d-----w-	c:\windows\system32\EventProviders
2013-03-21 09:12 . 2013-03-21 09:12	--------	d-----w-	c:\users\Theres\AppData\Roaming\Malwarebytes
2013-03-21 09:12 . 2013-03-21 09:12	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-21 09:12 . 2013-03-21 09:12	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-03-21 09:12 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-19 15:14 . 2013-03-19 15:21	--------	d-----w-	c:\users\Theres\AppData\Local\click.to
2013-03-19 15:13 . 2013-03-19 15:13	--------	d-----w-	c:\program files\Axonic
2013-03-18 18:06 . 2013-04-01 07:58	--------	d-----w-	c:\users\Theres\AppData\Roaming\Audacity
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 10:53 . 2012-10-20 12:10	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-13 10:53 . 2012-01-03 13:47	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-27 11:34 . 2013-02-27 11:34	41176	----a-w-	c:\windows\system32\drivers\Usbkey.sys
2013-02-27 11:34 . 2013-02-27 11:34	41176	----a-w-	c:\windows\inf\Usbkey.sys
2013-02-27 11:34 . 2013-02-27 11:34	7440	----a-w-	c:\windows\system32\ppmon.dll
2013-02-27 11:34 . 2013-02-27 11:34	24136	----a-w-	c:\windows\system32\ppmon.exe
2013-02-27 11:34 . 2013-02-27 11:34	176128	----a-w-	c:\windows\system32\NWKL2_32.DLL
2013-02-27 11:34 . 2013-02-27 11:34	163840	----a-w-	c:\windows\system32\KL2DLL32.DLL
2013-02-27 11:34 . 2013-02-27 11:34	12480	----a-w-	c:\windows\system32\KL2N.DLL
2013-01-18 15:49 . 2013-01-18 15:52	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-01-18 15:49 . 2013-01-18 15:52	92008	----a-w-	c:\windows\system32\drivers\avfwim.sys
2013-01-18 15:49 . 2013-01-18 15:52	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-01-18 15:49 . 2013-01-18 15:52	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-01-18 15:49 . 2013-01-18 15:52	112584	----a-w-	c:\windows\system32\drivers\avfwot.sys
2013-01-17 00:28 . 2009-10-10 09:01	232336	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Theres\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Theres\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Theres\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Theres\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-27 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Samsung Drive Manager"="c:\program files\Clarus\Samsung Drive Manager\Drive Manager.exe" [2012-07-13 5796440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-08-12 24576]
"ConnectionCenter"="c:\users\Theres\AppData\Local\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-01-18 384800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Theres\Desktop\mbar\mbar.exe" [2013-04-02 1363016]
.
c:\users\Theres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Theres\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
Stickies.lnk - c:\program files\Stickies\stickies.exe [2012-4-1 1134592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Drive Manager Real-Time.lnk - c:\program files\Clarus\Samsung Drive Manager\ABRTMon.exe [2013-4-2 135168]
VPN Client.lnk - c:\windows\Installer\{08B785C1-3893-4154-B53B-F5D341D0AAAA}\Icon3E5562ED7.ico [2010-5-29 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-07 10:28	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-06-11 18:03	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-03-25 02:28	144784	----a-w-	c:\program files\Java\jre1.6.0_06\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R4 0252211232277384mcinstcleanup;McAfee Application Installer Cleanup (0252211232277384);c:\users\Theres\AppData\Local\Temp\025221~1.EXE [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 98559209
*NewlyCreated* - ASWMBR
*Deregistered* - 98559209
*Deregistered* - aswMBR
*Deregistered* - DLPortIO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
HPService	REG_MULTI_SZ   	HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-01 07:59	1642448	----a-w-	c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-20 10:53]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 09:37]
.
2013-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 09:37]
.
2012-10-20 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2012-10-20 04:32]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3244149
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to Mp3 Converter - c:\users\Theres\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 10.0.0.138
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-NPSStartup - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
AddRemove-ScaleTrans - c:\program files\ScaleTrans\Uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-Keylok - c:\vss\Development\SingleFileInstall\Release\install.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-04-03 22:25
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-04-03  22:29:11
ComboFix-quarantined-files.txt  2013-04-03 20:28
.
Vor Suchlauf: 14 Verzeichnis(se), 140.914.372.608 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 141.332.926.464 Bytes frei
.
- - End Of File - - 71C94CF82AB25D4C62537212C58426D0
Danke!!

Alt 03.04.2013, 21:53   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista - Standard

C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista


JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.04.2013, 08:00   #14
theres
 
C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista - Standard

C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.1 (04.03.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Theres on 04.04.2013 at  8:05:02,84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{462be121-2b54-4218-bf00-b9bf8135b23f} 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1234123350-1742015166-1920242133-1003\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_local_machine\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\softonicapp.appcore
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\softonicapp.appcore.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\srv.softonicsrvc
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\srv.softonicsrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3244149
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Theres\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Theres\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Theres\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Theres\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Theres\appdata\locallow\softonic"
Successfully deleted: [Folder] "C:\Users\Theres\appdata\locallow\whitesmoke_us_new"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\softonic"
Successfully deleted: [Folder] "C:\Program Files\whitesmoke_us_new"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.04.2013 at  8:09:57,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
adwCleaner
Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 04/04/2013 um 08:12:37 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Theres - THERES-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Theres\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Theres\AppData\Local\APN

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WhiteSmoke_US_New Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7235D210-B45E-4F25-A977-7C58EB795175}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B788DDCF-08ED-424A-8F50-1C1AB5CE26A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New Toolbar
Schlüssel Gelöscht : HKLM\Software\WhiteSmoke_US_New

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v26.0.1410.43

Datei : C:\Users\Theres\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [5598 octets] - [04/04/2013 08:12:37]

########## EOF - C:\AdwCleaner[S1].txt - [5658 octets] ##########
OTL
Code:
ATTFilter
OTL logfile created on: 04.04.2013 08:21:21 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Theres\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,27% Memory free
6,19 Gb Paging File | 4,79 Gb Available in Paging File | 77,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224,77 Gb Total Space | 124,51 Gb Free Space | 55,39% Space Free | Partition Type: NTFS
 
Computer Name: THERES-PC | User Name: Theres | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Theres\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Theres\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\ipmgui.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Stickies\stickies.exe (Zhorn Software)
PRC - C:\Programme\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
PRC - C:\Programme\Clarus\Samsung Drive Manager\SZDrvMon.exe (Clarus, Inc.)
PRC - C:\Programme\Clarus\Samsung Drive Manager\SZDrvSvc.exe (Clarus, Inc.)
PRC - C:\Programme\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Programme\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Users\Theres\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Users\Theres\AppData\Local\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\27b0a88bfa56a9390f516b0fa55f3dcb\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e515919524c6be56f55ad12fbdd23c19\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\b0be4ac8da47fbf783dabd1505e6c55e\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e39e61fd6133a92333a2c98f2ffeb7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\49431ce6d568de0bafdb1b25d3942723\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\34942db56010e4225825bfae8a27559f\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3aac7b97549d4ccf0c7dca3d1777f9b4\mscorlib.ni.dll ()
MOD - C:\Programme\Stickies\shook70.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3020.36958__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3020.36966__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3020.36925__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3020.36980__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3020.37156__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3020.37121__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3020.37076__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3020.36945__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3020.37184__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3020.37129__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3020.37190__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3020.37135__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3020.36939__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3020.37128__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3020.37085__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3020.36992__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3020.36947__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3020.37148__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3020.36985__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3020.37100__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3020.37084__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3020.36997__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3020.37100__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3020.37078__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3020.37114__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3020.36998__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3020.37077__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3020.37084__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3020.37114__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3020.37169_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3020.36952__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3020.37169__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3020.37176__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3020.37175__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3020.37200__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3020.37210__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3020.36917__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3020.36918__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3020.36932__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3020.37176__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3020.36918__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3020.36916__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3020.36917__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (0252211232277384mcinstcleanup) -- C:\Users\Theres\AppData\Local\Temp\025221~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirFirewallService) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SZDrvSvc) -- C:\Programme\Clarus\Samsung Drive Manager\SZDrvSvc.exe (Clarus, Inc.)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (NSUService) -- C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VCFw) -- C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Programme\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Programme\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Programme\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (igfx) -- system32\DRIVERS\igdkmd32.sys File not found
DRV - (catchme) -- C:\Users\Theres\AppData\Local\Temp\catchme.sys File not found
DRV - (usbkey) -- C:\Windows\System32\drivers\Usbkey.sys ()
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (mvd23) -- C:\Programme\Clarus\Samsung Drive Manager\mvd23.sys ()
DRV - (mdf16) -- C:\Programme\Clarus\Samsung Drive Manager\mdf16.sys ()
DRV - (NBSPortDriver) -- C:\Windows\System32\drivers\NBSPortDriver.sys (Neurobehavioral Systems (www.neurobs.com))
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (NBSREG) -- C:\Windows\System32\drivers\nbsreg.sys (Neurobehavioral Systems)
DRV - (DLPortIO) -- C:\Windows\System32\drivers\DLPORTIO.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6C46687A-47DF-4C56-9E42-77258AB738EB}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.sonystyle-europe.comht [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\..\SearchScopes,DefaultScope = {6C46687A-47DF-4C56-9E42-77258AB738EB}
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\..\SearchScopes\{6C46687A-47DF-4C56-9E42-77258AB738EB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\..\SearchScopes\{8832180A-C76B-4537-98B0-7AA474E99BA8}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10263&src=crm&q={searchTerms}&locale=de_AT&apn_ptnrs=^AGU&apn_dtid=^YYYYYY^YY^AT&apn_uid=26221291-3d97-4a53-a077-9ed9d3fd099f&apn_sauid=28DEE4EC-0D20-485B-84DF-F2E0AF4B6597
IE - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Theres\Program Files\DNA\plugins\npbtdna.dll File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.22 16:40:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Theres\Program Files\DNA
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.02.22 16:40:29 | 000,000,000 | ---D | M]
 
[2012.10.20 10:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2013.04.03 22:25:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] C:\Users\Theres\AppData\Local\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003..\Run: [Samsung Drive Manager] C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
O4 - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Theres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Theres\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Theres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Programme\Stickies\stickies.exe (Zhorn Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Theres\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1234123350-1742015166-1920242133-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FF9E66F-9D0A-408E-8B29-31348A9B2ED0}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Axonic\click.to\skype4com.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Theres\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Theres\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.04 08:04:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.04 08:04:52 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.03 22:29:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.03 22:29:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.03 22:11:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.03 22:11:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.03 22:11:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.03 22:09:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.03 22:08:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.02 21:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.04.02 21:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.04.02 16:27:12 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\mbar
[2013.04.02 13:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Clarus
[2013.04.02 13:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013.04.01 21:35:40 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\Version_4
[2013.03.28 20:15:57 | 000,000,000 | ---D | C] -- C:\Version_4
[2013.03.27 11:32:07 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013.03.27 11:32:07 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013.03.27 11:31:37 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2013.03.27 11:31:37 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2013.03.27 11:31:37 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2013.03.27 11:31:22 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013.03.27 11:31:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013.03.26 16:47:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2013.03.26 16:47:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2013.03.26 16:47:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2013.03.26 16:36:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013.03.26 16:18:31 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2013.03.26 16:18:17 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
[2013.03.26 16:17:02 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2013.03.26 16:17:01 | 000,476,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2013.03.26 16:17:01 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2013.03.26 16:17:01 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2013.03.26 16:17:01 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2013.03.26 16:17:00 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2013.03.26 16:17:00 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2013.03.26 16:17:00 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2013.03.26 16:17:00 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2013.03.26 16:17:00 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpchttp.dll
[2013.03.26 16:17:00 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2013.03.26 16:17:00 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2013.03.26 16:17:00 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2013.03.26 16:16:59 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scansetting.dll
[2013.03.26 16:16:59 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2013.03.26 16:16:59 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scksp.dll
[2013.03.26 16:16:56 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PerfCenterCPL.dll
[2013.03.26 16:16:56 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\phon.ime
[2013.03.26 16:16:55 | 001,823,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
[2013.03.26 16:16:55 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\powercpl.dll
[2013.03.26 16:16:55 | 000,542,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpui.dll
[2013.03.26 16:16:55 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pcaui.dll
[2013.03.26 16:16:55 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2013.03.26 16:16:55 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2013.03.26 16:16:55 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pnpsetup.dll
[2013.03.26 16:16:55 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013.03.26 16:16:55 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2013.03.26 16:16:55 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2013.03.26 16:16:55 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PNPXAssoc.dll
[2013.03.26 16:16:55 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPUnattend.exe
[2013.03.26 16:16:55 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PnPutil.exe
[2013.03.26 16:16:54 | 001,107,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pidgenx.dll
[2013.03.26 16:16:54 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoScreensaver.scr
[2013.03.26 16:16:54 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2013.03.26 16:16:54 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PkgMgr.exe
[2013.03.26 16:16:54 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pintlgnt.ime
[2013.03.26 16:16:54 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nslookup.exe
[2013.03.26 16:16:53 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2013.03.26 16:16:53 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2013.03.26 16:16:53 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2013.03.26 16:16:53 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2013.03.26 16:16:52 | 002,153,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oobefldr.dll
[2013.03.26 16:16:52 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntprint.dll
[2013.03.26 16:16:52 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\osk.exe
[2013.03.26 16:16:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbccp32.dll
[2013.03.26 16:16:52 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleprn.dll
[2013.03.26 16:16:52 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbcconf.dll
[2013.03.26 16:16:52 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ocsetup.exe
[2013.03.26 16:16:51 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2013.03.26 16:16:51 | 000,642,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasgcw.dll
[2013.03.26 16:16:51 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013.03.26 16:16:51 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasplap.dll
[2013.03.26 16:16:51 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RelMon.dll
[2013.03.26 16:16:51 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasmontr.dll
[2013.03.26 16:16:51 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quick.ime
[2013.03.26 16:16:51 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qintlgnt.ime
[2013.03.26 16:16:51 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdiag.dll
[2013.03.26 16:16:51 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rekeywiz.exe
[2013.03.26 16:16:51 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rasdial.exe
[2013.03.26 16:16:50 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2013.03.26 16:16:50 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2013.03.26 16:16:50 | 000,612,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2013.03.26 16:16:50 | 000,551,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prnntfy.dll
[2013.03.26 16:16:50 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationSettings.exe
[2013.03.26 16:16:50 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2013.03.26 16:16:50 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013.03.26 16:16:50 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
[2013.03.26 16:16:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2013.03.26 16:16:49 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2013.03.26 16:16:49 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\puiapi.dll
[2013.03.26 16:16:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2013.03.26 16:16:48 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2013.03.26 16:16:48 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2013.03.26 16:16:48 | 000,050,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PSHED.DLL
[2013.03.26 16:16:44 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sethc.exe
[2013.03.26 16:16:28 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapphost.dll
[2013.03.26 16:16:28 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eappgnui.dll
[2013.03.26 16:16:27 | 000,444,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
[2013.03.26 16:16:27 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eapp3hst.dll
[2013.03.26 16:16:27 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dsprop.dll
[2013.03.26 16:16:27 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2013.03.26 16:16:27 | 000,027,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Dumpata.sys
[2013.03.26 16:16:26 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2013.03.26 16:16:26 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2013.03.26 16:16:26 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2013.03.26 16:16:26 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxg.sys
[2013.03.26 16:16:26 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2013.03.26 16:16:26 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
[2013.03.26 16:16:26 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\f3ahvoas.dll
[2013.03.26 16:16:25 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2013.03.26 16:16:25 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\devmgr.dll
[2013.03.26 16:16:25 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskraid.exe
[2013.03.26 16:16:25 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2013.03.26 16:16:25 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diskpart.exe
[2013.03.26 16:16:25 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll
[2013.03.26 16:16:25 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2013.03.26 16:16:24 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2013.03.26 16:16:24 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapimig.exe
[2013.03.26 16:16:24 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2013.03.26 16:16:24 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvstore.dll
[2013.03.26 16:16:24 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drvinst.exe
[2013.03.26 16:16:24 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpresult.exe
[2013.03.26 16:16:24 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmsynth.dll
[2013.03.26 16:16:24 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dmusic.dll
[2013.03.26 16:16:24 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3msm.dll
[2013.03.26 16:16:24 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dot3cfg.dll
[2013.03.26 16:16:24 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hbaapi.dll
[2013.03.26 16:16:23 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2013.03.26 16:16:23 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2013.03.26 16:16:23 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasnap.dll
[2013.03.26 16:16:23 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hdwwiz.exe
[2013.03.26 16:16:23 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashlpr.dll
[2013.03.26 16:16:23 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasacct.dll
[2013.03.26 16:16:23 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2013.03.26 16:16:23 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2013.03.26 16:16:23 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013.03.26 16:16:23 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpupdate.exe
[2013.03.26 16:16:22 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2013.03.26 16:16:22 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2013.03.26 16:16:22 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
[2013.03.26 16:16:22 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWCN.dll
[2013.03.26 16:16:22 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdSSDP.dll
[2013.03.26 16:16:22 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdWSD.dll
[2013.03.26 16:16:22 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\findstr.exe
[2013.03.26 16:16:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\feclient.dll
[2013.03.26 16:16:22 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdeploy.dll
[2013.03.26 16:16:22 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2013.03.26 16:16:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fc.exe
[2013.03.26 16:16:22 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2013.03.26 16:16:21 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2013.03.26 16:16:21 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2013.03.26 16:16:20 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2013.03.26 16:16:20 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ftp.exe
[2013.03.26 16:16:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
[2013.03.26 16:16:19 | 001,696,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013.03.26 16:16:18 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.03.26 16:16:18 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayCpl.dll
[2013.03.26 16:16:18 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoconv.exe
[2013.03.26 16:16:18 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autofmt.exe
[2013.03.26 16:16:18 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013.03.26 16:16:18 | 000,516,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\autoplay.dll
[2013.03.26 16:16:18 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2013.03.26 16:16:18 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayDriverLib.dll
[2013.03.26 16:16:18 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AuxiliaryDisplayServices.dll
[2013.03.26 16:16:18 | 000,099,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.03.26 16:16:18 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2013.03.26 16:16:17 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\brcpl.dll
[2013.03.26 16:16:17 | 000,130,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\basecsp.dll
[2013.03.26 16:16:17 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2013.03.26 16:16:16 | 002,515,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\accessibilitycpl.dll
[2013.03.26 16:16:16 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\azroles.dll
[2013.03.26 16:16:16 | 000,542,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2013.03.26 16:16:16 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
[2013.03.26 16:16:16 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bitsigd.dll
[2013.03.26 16:16:15 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2013.03.26 16:16:15 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2013.03.26 16:16:15 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2013.03.26 16:16:15 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comuid.dll
[2013.03.26 16:16:15 | 000,481,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmdial32.dll
[2013.03.26 16:16:15 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adsmsext.dll
[2013.03.26 16:16:15 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
[2013.03.26 16:16:15 | 000,035,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\crashdmp.sys
[2013.03.26 16:16:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2013.03.26 16:16:14 | 001,856,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dbgeng.dll
[2013.03.26 16:16:14 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2013.03.26 16:16:14 | 001,502,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certmgr.dll
[2013.03.26 16:16:14 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2013.03.26 16:16:14 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013.03.26 16:16:14 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2013.03.26 16:16:14 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2013.03.26 16:16:14 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cmmon32.exe
[2013.03.26 16:16:14 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrstub.exe
[2013.03.26 16:16:14 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2013.03.26 16:16:14 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013.03.26 16:16:14 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DeviceEject.exe
[2013.03.26 16:16:13 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2013.03.26 16:16:13 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2013.03.26 16:16:13 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2013.03.26 16:16:13 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnrollUI.dll
[2013.03.26 16:16:13 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2013.03.26 16:16:13 | 000,125,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Classpnp.sys
[2013.03.26 16:16:13 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cintlgnt.ime
[2013.03.26 16:16:13 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cipher.exe
[2013.03.26 16:16:13 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cbsra.exe
[2013.03.26 16:16:13 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2013.03.26 16:16:12 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2013.03.26 16:16:12 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2013.03.26 16:16:12 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.03.26 16:16:12 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msftedit.dll
[2013.03.26 16:16:12 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexch40.dll
[2013.03.26 16:16:12 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msexcl40.dll
[2013.03.26 16:16:12 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2013.03.26 16:16:12 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certreq.exe
[2013.03.26 16:16:12 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chajei.ime
[2013.03.26 16:16:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CHxReadingStringIME.dll
[2013.03.26 16:16:11 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2013.03.26 16:16:11 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2013.03.26 16:16:11 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msctfui.dll
[2013.03.26 16:16:11 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
[2013.03.26 16:16:10 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimsg.dll
[2013.03.26 16:16:09 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\modemui.dll
[2013.03.26 16:16:09 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
[2013.03.26 16:16:07 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscandui.dll
[2013.03.26 16:16:06 | 002,225,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcenter.dll
[2013.03.26 16:16:06 | 001,086,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NetProjW.dll
[2013.03.26 16:16:06 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncryptui.dll
[2013.03.26 16:16:06 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
[2013.03.26 16:16:06 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.03.26 16:16:06 | 000,155,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2013.03.26 16:16:06 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2013.03.26 16:16:05 | 000,223,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2013.03.26 16:16:04 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2013.03.26 16:16:04 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NcdProp.dll
[2013.03.26 16:16:03 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.exe
[2013.03.26 16:16:02 | 003,072,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkmap.dll
[2013.03.26 16:16:02 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2013.03.26 16:16:02 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswdat10.dll
[2013.03.26 16:16:02 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2013.03.26 16:16:02 | 000,618,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mswstr10.dll
[2013.03.26 16:16:02 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPEG2VDEC.DLL
[2013.03.26 16:16:02 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2013.03.26 16:16:02 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2013.03.26 16:16:02 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msinfo32.exe
[2013.03.26 16:16:02 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2013.03.26 16:16:02 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2013.03.26 16:16:02 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2013.03.26 16:16:02 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x40.dll
[2013.03.26 16:16:02 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2013.03.26 16:16:02 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2013.03.26 16:16:02 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2013.03.26 16:16:02 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2013.03.26 16:16:02 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2013.03.26 16:16:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter40.dll
[2013.03.26 16:16:02 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2013.03.26 16:16:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\networkitemfactory.dll
[2013.03.26 16:16:02 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2013.03.26 16:16:02 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
[2013.03.26 16:16:02 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint40.dll
[2013.03.26 16:16:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msisip.dll
[2013.03.26 16:16:01 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2013.03.26 16:16:01 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2013.03.26 16:16:01 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2013.03.26 16:16:01 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2013.03.26 16:16:01 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2013.03.26 16:16:01 | 000,217,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\InkEd.dll
[2013.03.26 16:16:01 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2013.03.26 16:16:01 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2013.03.26 16:16:01 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2013.03.26 16:16:01 | 000,035,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2013.03.26 16:16:01 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2013.03.26 16:16:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetppui.dll
[2013.03.26 16:16:01 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2013.03.26 16:16:00 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imkr80.ime
[2013.03.26 16:15:59 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsecsnp.dll
[2013.03.26 16:15:59 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipsmsnap.dll
[2013.03.26 16:15:59 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\input.dll
[2013.03.26 16:15:59 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
[2013.03.26 16:15:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iscsilog.dll
[2013.03.26 16:15:58 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2013.03.26 16:15:58 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2013.03.26 16:15:58 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2013.03.26 16:15:58 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassdo.dll
[2013.03.26 16:15:58 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassam.dll
[2013.03.26 16:15:58 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrad.dll
[2013.03.26 16:15:58 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2013.03.26 16:15:58 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iassvcs.dll
[2013.03.26 16:15:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iaspolcy.dll
[2013.03.26 16:15:58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ifmon.dll
[2013.03.26 16:15:58 | 000,009,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2013.03.26 16:15:57 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2013.03.26 16:15:57 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi.dll
[2013.03.26 16:15:56 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2013.03.26 16:15:54 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2013.03.26 16:15:52 | 002,167,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcndmgr.dll
[2013.03.26 16:15:52 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2013.03.26 16:15:52 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmci.dll
[2013.03.26 16:15:52 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2013.03.26 16:15:52 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmcico.dll
[2013.03.26 16:15:51 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2013.03.26 16:15:51 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2013.03.26 16:15:50 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2013.03.26 16:15:50 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Kswdmcap.ax
[2013.03.26 16:15:48 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2013.03.26 16:15:48 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2013.03.26 16:15:48 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\l2nacp.dll
[2013.03.26 16:15:48 | 000,019,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdusb.dll
[2013.03.26 16:15:48 | 000,017,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2013.03.26 16:15:48 | 000,017,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kdcom.dll
[2013.03.26 16:15:47 | 000,852,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
[2013.03.26 16:15:47 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MediaMetadataHandler.dll
[2013.03.26 16:15:47 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2013.03.26 16:15:47 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logman.exe
[2013.03.26 16:15:35 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2013.03.26 16:15:30 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shsetup.dll
[2013.03.26 16:15:20 | 001,143,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
[2013.03.26 16:15:19 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll
[2013.03.26 16:15:18 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdscore.dll
[2013.03.26 16:15:17 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdc.dll
[2013.03.26 16:15:12 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013.03.26 16:14:38 | 001,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2013.03.26 16:14:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtutil.exe
[2013.03.26 16:14:10 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\whealogr.dll
[2013.03.26 16:13:49 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFaultSecure.exe
[2013.03.26 16:13:48 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2013.03.26 16:13:48 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WerFault.exe
[2013.03.26 16:13:37 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiaaut.dll
[2013.03.26 16:13:36 | 000,507,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsdyn.dll
[2013.03.26 16:13:36 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdsutil.dll
[2013.03.26 16:13:36 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vdmdbg.dll
[2013.03.26 16:13:32 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\usercpl.dll
[2013.03.26 16:13:32 | 000,638,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Utilman.exe
[2013.03.26 16:13:32 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2013.03.26 16:13:31 | 001,533,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz.dll
[2013.03.26 16:13:31 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2013.03.26 16:13:31 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2013.03.26 16:13:31 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2013.03.26 16:13:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2013.03.26 16:13:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\watchdog.sys
[2013.03.26 16:13:30 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscui.cpl
[2013.03.26 16:13:30 | 001,580,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpccpl.dll
[2013.03.26 16:13:30 | 001,575,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVENCOD.DLL
[2013.03.26 16:13:30 | 001,382,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVSDECD.DLL
[2013.03.26 16:13:30 | 000,657,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVXENCD.DLL
[2013.03.26 16:13:30 | 000,532,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpcao.dll
[2013.03.26 16:13:30 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wow32.dll
[2013.03.26 16:13:30 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
[2013.03.26 16:13:30 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDMon.dll
[2013.03.26 16:13:30 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsdchngr.dll
[2013.03.26 16:13:30 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscisvif.dll
[2013.03.26 16:13:29 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wusa.exe
[2013.03.26 16:13:29 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2013.03.26 16:13:29 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2013.03.26 16:13:28 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanpref.dll
[2013.03.26 16:13:28 | 000,399,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlangpui.dll
[2013.03.26 16:13:28 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanui.dll
[2013.03.26 16:13:28 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDPrPxy.dll
[2013.03.26 16:13:28 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsnmp32.dll
[2013.03.26 16:13:27 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2013.03.26 16:13:27 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2013.03.26 16:13:27 | 000,926,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2013.03.26 16:13:27 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlgpclnt.dll
[2013.03.26 16:13:26 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2013.03.26 16:13:26 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013.03.26 16:13:26 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2013.03.26 16:13:25 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2013.03.26 16:13:24 | 001,224,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sud.dll
[2013.03.26 16:13:24 | 000,122,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Storport.sys
[2013.03.26 16:13:24 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Storprop.dll
[2013.03.26 16:13:24 | 000,052,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\stream.sys
[2013.03.26 16:13:23 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2013.03.26 16:13:23 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2013.03.26 16:13:21 | 002,205,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
[2013.03.26 16:13:21 | 000,777,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcc.dll
[2013.03.26 16:13:21 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmiEngine.dll
[2013.03.26 16:13:21 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shwebsvc.dll
[2013.03.26 16:13:21 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysmon.ocx
[2013.03.26 16:13:21 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLUI.exe
[2013.03.26 16:13:21 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013.03.26 16:13:21 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysclass.dll
[2013.03.26 16:13:21 | 000,083,456 | ---- | C] (Microsoft) -- C:\Windows\System32\SMBHelperClass.dll
[2013.03.26 16:13:21 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2013.03.26 16:13:21 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2013.03.26 16:13:20 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2013.03.26 16:13:20 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2013.03.26 16:13:20 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2013.03.26 16:13:20 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2013.03.26 16:13:20 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLLUA.exe
[2013.03.26 16:13:20 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2013.03.26 16:13:20 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slcinst.dll
[2013.03.26 16:13:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spcmsg.dll
[2013.03.26 16:13:20 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwinsat.dll
[2013.03.26 16:13:19 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2013.03.26 16:13:19 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sqlsrv32.dll
[2013.03.26 16:13:19 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SnippingTool.exe
[2013.03.26 16:13:19 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SndVol.exe
[2013.03.26 16:13:19 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\softkbd.dll
[2013.03.26 16:13:19 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2013.03.26 16:13:19 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSTheme.exe
[2013.03.26 16:13:19 | 000,035,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2013.03.26 16:13:17 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\untfs.dll
[2013.03.26 16:13:17 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2013.03.26 16:13:17 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ulib.dll
[2013.03.26 16:13:17 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD2.sys
[2013.03.26 16:13:17 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\USBCAMD.sys
[2013.03.26 16:13:17 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.26 16:13:16 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2013.03.26 16:13:15 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2013.03.26 16:13:15 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2013.03.26 16:13:15 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2013.03.26 16:13:15 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tintlgnt.ime
[2013.03.26 16:13:14 | 001,152,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themecpl.dll
[2013.03.26 16:13:14 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2013.03.21 20:11:50 | 000,000,000 | ---D | C] -- C:\Logfiles_Version3
[2013.03.21 12:12:31 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.03.21 11:49:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013.03.21 11:12:44 | 000,000,000 | ---D | C] -- C:\Users\Theres\AppData\Roaming\Malwarebytes
[2013.03.21 11:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.21 11:12:16 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.03.21 11:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.03.19 22:51:31 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\Bücher
[2013.03.19 17:14:04 | 000,000,000 | ---D | C] -- C:\Users\Theres\AppData\Local\click.to
[2013.03.19 17:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\click.to
[2013.03.19 17:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Axonic
[2013.03.18 20:06:41 | 000,000,000 | ---D | C] -- C:\Users\Theres\AppData\Roaming\Audacity
[2013.03.18 19:10:10 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\3.Version
[2013.03.13 15:17:04 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\Auswertung_Vortest
[2013.03.12 19:51:25 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\2.Version
[2013.03.08 11:01:47 | 000,000,000 | ---D | C] -- C:\Users\Theres\Desktop\USB
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.04 08:22:17 | 000,679,088 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.04 08:22:17 | 000,636,966 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.04 08:22:17 | 000,147,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.04 08:22:17 | 000,119,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.04 08:17:32 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2013.04.04 08:14:57 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.04 08:14:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.04 08:14:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.04 08:14:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.04 08:14:42 | 3218,116,608 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.04 08:02:08 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.04 08:00:29 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.03 22:25:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.03 08:34:35 | 000,000,512 | ---- | M] () -- C:\Users\Theres\Desktop\MBR.dat
[2013.04.02 21:18:32 | 000,064,420 | ---- | M] () -- C:\Users\Theres\Desktop\gmer.zip
[2013.04.02 17:09:05 | 000,401,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.02 14:34:44 | 000,377,856 | ---- | M] () -- C:\Users\Theres\Desktop\gmer_2.1.19155 (2).exe
[2013.04.02 13:38:32 | 000,001,617 | ---- | M] () -- C:\Users\Theres\Desktop\Samsung Drive Manager.lnk
[2013.04.02 13:38:32 | 000,001,605 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
[2013.04.01 10:03:02 | 000,000,952 | ---- | M] () -- C:\Users\Theres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.01 10:02:42 | 000,000,922 | ---- | M] () -- C:\Users\Theres\Desktop\Dropbox.lnk
[2013.04.01 10:00:29 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.03.28 14:58:18 | 000,005,709 | ---- | M] () -- C:\sound_auswertung.m
[2013.03.26 16:44:51 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013.03.26 11:53:58 | 000,094,364 | ---- | M] () -- C:\Users\Theres\Desktop\549908_222244381251964_487270598_n.jpg
[2013.03.26 11:52:26 | 000,146,271 | ---- | M] () -- C:\Users\Theres\Desktop\197099_222690207874048_178572494_n.jpg
[2013.03.21 11:12:19 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.19 17:13:58 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\click.to.lnk
[2013.03.13 12:53:33 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 12:53:33 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.06 13:22:30 | 000,005,909 | ---- | M] () -- C:\read_logfile.m
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.03 22:11:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.03 22:11:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.03 22:11:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.03 22:11:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.03 22:11:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.03 08:34:35 | 000,000,512 | ---- | C] () -- C:\Users\Theres\Desktop\MBR.dat
[2013.04.02 21:18:32 | 000,064,420 | ---- | C] () -- C:\Users\Theres\Desktop\gmer.zip
[2013.04.02 15:10:30 | 000,377,856 | ---- | C] () -- C:\Users\Theres\Desktop\gmer_2.1.19155 (2).exe
[2013.04.02 13:38:32 | 000,001,617 | ---- | C] () -- C:\Users\Theres\Desktop\Samsung Drive Manager.lnk
[2013.04.02 13:38:32 | 000,001,605 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
[2013.03.28 22:27:38 | 000,005,909 | ---- | C] () -- C:\read_logfile.m
[2013.03.28 22:27:38 | 000,005,709 | ---- | C] () -- C:\sound_auswertung.m
[2013.03.26 16:44:51 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2013.03.26 16:16:52 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2013.03.26 16:16:51 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2013.03.26 16:16:27 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2013.03.26 16:16:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2013.03.26 16:16:24 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2013.03.26 16:14:22 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013.03.26 16:13:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013.03.26 16:13:21 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2013.03.26 16:13:20 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2013.03.26 16:13:16 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2013.03.26 11:53:57 | 000,094,364 | ---- | C] () -- C:\Users\Theres\Desktop\549908_222244381251964_487270598_n.jpg
[2013.03.26 11:52:25 | 000,146,271 | ---- | C] () -- C:\Users\Theres\Desktop\197099_222690207874048_178572494_n.jpg
[2013.03.21 11:48:39 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2013.03.21 11:12:19 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.19 17:13:58 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\click.to.lnk
[2013.02.27 13:34:54 | 000,041,176 | ---- | C] () -- C:\Windows\System32\drivers\Usbkey.sys
[2013.02.27 13:34:41 | 000,024,136 | ---- | C] () -- C:\Windows\System32\ppmon.exe
[2013.02.27 13:34:41 | 000,012,480 | ---- | C] () -- C:\Windows\System32\KL2N.DLL
[2013.02.27 13:34:41 | 000,007,440 | ---- | C] () -- C:\Windows\System32\ppmon.dll
[2012.11.04 22:17:24 | 000,002,575 | ---- | C] () -- C:\Program Files\Presentation 0.71 09.24.03.lnk
[2012.11.04 22:16:40 | 000,002,635 | ---- | C] () -- C:\ProgramData\Presentation 0.71 09.24.03.lnk
[2012.10.11 22:02:09 | 000,361,895 | ---- | C] () -- C:\Users\Theres\KIN-214.pdf
[2012.10.08 11:23:14 | 000,163,328 | ---- | C] () -- C:\Windows\System32\OpenPresentationFiles.exe
[2011.11.30 14:26:48 | 000,129,904 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.10.11 15:00:36 | 000,025,773 | ---- | C] () -- C:\Users\Theres\AppData\Roaming\UserTile.png
[2011.08.31 22:33:50 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.01.18 17:11:17 | 001,064,549 | ---- | C] () -- C:\Users\Theres\haut diät.pdf
[2009.10.12 18:04:39 | 000,333,727 | ---- | C] () -- C:\Users\Theres\bilf.JPG
[2008.12.30 19:15:47 | 000,066,048 | ---- | C] () -- C:\Users\Theres\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.30 14:37:12 | 000,002,032 | ---- | C] () -- C:\Users\Theres\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 18:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Alt 04.04.2013, 08:03   #15
theres
 
C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista - Standard

C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista


OTL Logfile gelöscht, da es im ersten Beitrag schon angehängt wurde..
Geändert von theres (04.04.2013 um 08:08 Uhr)

Antwort
Seite 1 von 2 1 2

Themen zu C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista
adobe, antivir, application/pdf:, avg, avira, bho, branding, converter, defender, desktop, error, excel, firefox, flash player, format, home, homepage, intranet, mp3, plug-in, realtek, recycle.bin, registry, scan, server, software, system, vista, windows


« Yahoo Account macht sich selbstständig - Virensuche erfolglos | Plötzlich radionachrichten und firewall lässt sich nicht mehr deaktivieren »


Ähnliche Themen: C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista


  1. C:\Windows\System32\Drivers\spxi.sys
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (2)
  2. C:\Windows\System32\drivers\Wdf01000.sys - Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 19.12.2011 (3)
  3. Rootkit C:\windows\system32\drivers\volmgr.sys
    Plagegeister aller Art und deren Bekämpfung - 01.02.2011 (8)
  4. TR/Rootkit.Gen in C:\Windows\System32\drivers\ghldywj.sys
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (9)
  5. Rootkit in C:\Windows\system32\drivers\afkw4fu9.sys ?
    Log-Analyse und Auswertung - 08.08.2010 (4)
  6. Mein PC meldet: Infizierung mit C:\windows\system32rasautou.exe, worm.koobFace
    Log-Analyse und Auswertung - 28.07.2010 (2)
  7. Datei aus windows/system32/drivers entfernen
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (21)
  8. TR/Rootkin.gen in C:\Windows\System32\drivers\taunpo.sys
    Plagegeister aller Art und deren Bekämpfung - 17.06.2010 (11)
  9. TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (16)
  10. TR/Rootkit.Gen in C:\Windows\System32\drivers\ezokdc.sys
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (6)
  11. Datei C:\Windows\System32\drivers\mhpccj.sys
    Plagegeister aller Art und deren Bekämpfung - 28.05.2010 (19)
  12. virus in windows/system32/drivers und svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 29.04.2010 (1)
  13. C:\WINDOWS\system32\drivers\**; befürchte Rootkit
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (18)
  14. TR/Agent.ruo in C:\WINDOWS\system32\drivers\ntnvf.sys
    Plagegeister aller Art und deren Bekämpfung - 09.04.2010 (8)
  15. Worm.KoobFace in C:\Windows
    Log-Analyse und Auswertung - 04.12.2009 (7)
  16. TR/AntiHosts.Gen in C:\WINDOWS\system32\drivers\etc\hosts
    Plagegeister aller Art und deren Bekämpfung - 12.09.2009 (15)
  17. Hosts Datei in windows/system32/drivers
    Plagegeister aller Art und deren Bekämpfung - 19.09.2006 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista - Hallo! Ich habe folgendes Problem. Zufällig und mehr aus Interesse habe ich mir in den letzten Tagen "Malwarebytes Anti Malware" heruntergeladen um zu schauen ob mein Laptop infiziert ist. Bis - C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista...
Archiv
Du betrachtest: C:\Windows\System32\drivers\PDRV.sys - Worm.KoobFace - Designänderung Vista auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55