AntiVir findet u.a.: TR/Dldr.Dofoil.R.266, JAVA/Dldr.Obfshlp.MA, EXP/CVE-2013-2423.DV, TR/Spy.ZBot.lntt.12, JAVA/Lamar.gta.27

Tenenbaum · 22.07.2013, 00:24

Liebe Leute,

vorweg: mein Laptop zickt schon ein paar Wochen herum und ich hab eher mäßig viel Ahnung, hab ein, zwei Mal Antivir Vollscan gemacht und Malwarebytes, kam aber nichts raus.

Ich beschreib mal die Probleme BIS heute:

a) Alle 2-3 Wochen stürzt mein Rechner ab mit BlueScreen und "Vorgang Read konnte nicht ausgeführt werden".

b) Ich hab öfters Probleme mit dem Sound. Mein Rechner erkennt dann überhaupt kein Ausgabegerät. Beim Herunterfahren dauert es ewig und es erscheint: "(Warten auf Explorer.exe, Abmeldungssound wird wiedergebeben...)"

Bisher dachte ich, ich hätte einfach Probleme mit dem Soundtreiber, hab auch schon ein paar mal versucht, ihn neu zu installieren, hat nicht geholfen.

Vielleicht hat das überhaupt nichts mit dem Virenfund zu tun, aber vielleicht ja doch, deswegen schreib ichs mal dazu.

Seit HEUTE kommt beim Starten zusätzlich
c) "IAStoreIcon funktioniert nicht mehr".

Außerdem hab ich gesehen, dass aus irgendeinem Grund AntiVir ausgeschaltet war.
d) Bei einem Vollständigen Scan hat er 37 unerwünschte Programme gefunden.
(könnt Ihr das Protokoll gebrauchen??)

Also bin ich schnellstens zu Euch, denn ich kenn mich wirklich WENIG aus, wie ihr wahrscheinlich schon gemerkt habt.

Hier OTL:

Zitat:

OTL logfile created on: 21.07.2013 23:44:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\USER\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,92 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 61,90% Memory free
7,83 Gb Paging File | 6,07 Gb Available in Paging File | 77,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,76 Gb Total Space | 350,93 Gb Free Space | 78,55% Space Free | Partition Type: NTFS

Computer Name: USERBASIS | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.07.21 23:36:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USER\Desktop\OTL.exe
PRC - [2013.06.24 11:05:03 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.24 11:04:53 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.24 11:04:53 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.10 09:57:36 | 000,840,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2013.03.12 07:32:58 | 000,506,744 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2011.11.14 17:14:24 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.11.14 17:14:20 | 001,355,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.11.14 17:13:58 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011.11.14 17:13:52 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011.07.07 15:44:12 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
PRC - [2011.07.07 15:44:12 | 000,066,696 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
PRC - [2011.06.17 22:02:56 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.06.17 22:02:41 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.05.31 17:28:04 | 002,801,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011.03.15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011.03.15 14:44:28 | 000,650,080 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2013.05.10 09:57:52 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll

========== Services (SafeList) ==========

SRV:64bit: - [2011.12.21 18:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.06.24 11:05:03 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.24 11:04:53 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.12 13:17:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.26 15:43:42 | 001,359,408 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.01.13 12:22:24 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV - [2012.01.04 12:27:32 | 001,526,032 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2012.01.04 12:14:38 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2012.01.04 12:13:06 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.12.12 03:40:36 | 000,661,504 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV - [2011.12.07 08:38:10 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011.11.14 17:14:24 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.11.14 17:14:20 | 001,355,840 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.11.14 17:13:58 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011.07.15 16:43:38 | 000,969,352 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2011.07.07 15:44:12 | 000,066,696 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service)
SRV - [2011.06.17 22:02:56 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.06.17 22:02:41 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.05.31 16:51:20 | 000,552,584 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.05.19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011.02.21 12:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011.02.21 12:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011.02.18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011.02.18 22:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2011.01.20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2011.01.20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2011.01.14 17:07:08 | 000,286,504 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Programme\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.09.14 05:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2009.09.14 05:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.04.03 21:46:49 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.03 21:46:49 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.03 21:46:49 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.09.19 11:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.09.19 11:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.05.25 03:01:44 | 012,312,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.03 04:21:44 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011.12.21 19:30:24 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.12.21 18:12:40 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.12.12 08:19:16 | 008,616,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.12.12 03:33:36 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.12.12 03:33:36 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.12.09 11:45:14 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.11.14 17:13:44 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011.11.14 17:13:40 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.11.14 17:13:38 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011.10.25 02:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.10.25 02:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.08.22 22:12:56 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.06.25 05:13:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.06.21 15:19:16 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011.06.21 15:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.06.21 15:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.06.17 22:02:39 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.06.15 22:17:49 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.30 03:19:52 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.14 17:08:20 | 000,100,128 | ---- | M] (SonicWALL, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SWIPsec.sys -- (SWIPsec)
DRV:64bit: - [2010.12.06 10:46:24 | 000,131,672 | ---- | M] (Deterministic Networks, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dnelwf64.sys -- (DNE)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010.01.23 12:55:28 | 000,024,600 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWVNIC.sys -- (SWVNIC)
DRV:64bit: - [2009.08.14 12:15:56 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 03:18:06 | 000,281,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 22:41:10 | 000,015,360 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=1A0388532E4BC5A9&affID=119357&tsp=4950
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{000CB869-68FE-4F11-BA38-7D65E2E812BE}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1A0388532E4BC5A9&affID=119357&tsp=4950
IE - HKCU\..\SearchScopes\{478C7699-6CA4-4E40-A270-25F57C5693A5}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.05.20 01:26:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.16 09:19:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\USER\AppData\Roaming\09001.069 [2012.08.04 11:38:38 | 000,000,000 | ---D | M]

[2013.03.08 18:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Extensions
[2013.07.21 23:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\at3tgvbi.default-1368462960951\extensions
[2013.07.21 23:17:45 | 000,006,507 | ---- | M] () -- C:\Users\USER\AppData\Roaming\mozilla\firefox\profiles\at3tgvbi.default-1368462960951\searchplugins\babylon.xml
[2013.07.21 23:18:15 | 000,001,294 | ---- | M] () -- C:\Users\USER\AppData\Roaming\mozilla\firefox\profiles\at3tgvbi.default-1368462960951\searchplugins\delta.xml
[2013.05.23 21:03:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions
[2013.05.18 12:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.18 12:03:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [Del482370] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Del482370] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\USER\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F1B9C5D-D43F-4D3F-AFB5-DAF1D34D3909}: DhcpNameServer = 217.237.150.115 217.237.151.205
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CAD4C787-D1F5-4AD0-8487-67CEB7A1581C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{37ce7bf6-7eef-11e1-8a84-f0bf97d2744b}\Shell - "" = AutoRun
O33 - MountPoints2\{37ce7bf6-7eef-11e1-8a84-f0bf97d2744b}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{632872b6-87bd-11e2-87e6-88532e4bc5ac}\Shell - "" = AutoRun
O33 - MountPoints2\{632872b6-87bd-11e2-87e6-88532e4bc5ac}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.07.21 23:36:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\USER\Desktop\OTL.exe
[2013.07.21 23:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Open It!
[2013.07.21 23:34:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenIt
[2013.07.21 23:17:24 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\DSite
[2013.07.21 17:41:37 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Systweak
[2013.07.21 17:41:29 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013.07.15 23:14:30 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\ChessBase
[2013.07.15 23:12:25 | 000,000,000 | ---D | C] -- C:\Users\USER\Documents\ChessBase
[2013.07.15 23:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ChessBase
[2013.07.14 00:18:21 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\Bildersingen
[2013.07.12 16:02:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA SPORTS
[2013.07.04 21:56:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\syncdb
[2013.06.30 22:33:58 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\{275FE1DB-2DAA-4966-BF83-E255DD9BD4BA}
[2013.06.30 22:33:46 | 000,000,000 | ---D | C] -- C:\Users\USER\Documents\My Weblog Posts
[2013.06.28 21:00:11 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\{6B70F129-13BA-4CC2-98DC-49CC5EBCD598}
[2013.06.28 20:16:55 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\elsterformular
[2013.06.28 20:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2013.06.25 16:03:24 | 000,000,000 | R--D | C] -- C:\Users\USER\AppData\Roaming\Brother
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\USER\AppData\Roaming\*.tmp files -> C:\Users\USER\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.07.21 23:36:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\USER\Desktop\OTL.exe
[2013.07.21 23:34:42 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.21 23:34:41 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.21 23:34:13 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Open It!.lnk
[2013.07.21 23:26:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.21 23:26:25 | 3155,054,592 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.21 23:18:23 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\EPUpdater.job
[2013.07.21 17:59:18 | 001,634,476 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.21 17:59:18 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.21 17:59:18 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.21 17:59:18 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.21 17:59:18 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.11 13:49:06 | 000,020,312 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013.07.11 12:46:34 | 000,055,469 | ---- | M] () -- C:\Users\USER\Desktop\Rechnung 106 13 Reisekosten Endfestival2013.pdf
[2013.07.11 10:24:08 | 000,591,264 | ---- | M] () -- C:\Users\USER\Desktop\Abschlussbericht Der neue Weg Hamburg.pdf
[2013.07.10 18:30:55 | 000,089,989 | ---- | M] () -- C:\Users\USER\Desktop\Endfestival2013.jpg
[2013.07.10 17:01:37 | 000,595,538 | ---- | M] () -- C:\Users\USER\Desktop\Abschlussbericht DER NEUE Weg.pdf
[2013.07.10 13:36:30 | 002,150,056 | ---- | M] () -- C:\Users\USER\Desktop\20130517_190559.jpg
[2013.07.10 13:35:29 | 002,433,830 | ---- | M] () -- C:\Users\USER\Desktop\20130517_190241.jpg
[2013.07.09 18:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.09 10:53:39 | 000,324,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.07.02 15:05:51 | 000,223,735 | ---- | M] () -- C:\Users\USER\Desktop\Ethikkommission2.jpg
[2013.07.02 15:00:56 | 000,103,072 | ---- | M] () -- C:\Users\USER\Desktop\der jahrgang.jpg
[2013.07.02 14:52:18 | 000,128,640 | ---- | M] () -- C:\Users\USER\Desktop\Kopftuch.JPG
[2013.07.02 14:44:44 | 000,360,596 | ---- | M] () -- C:\Users\USER\Desktop\Berg Stadtteil.jpg
[2013.07.02 09:58:19 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.02 09:58:18 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.06.28 20:50:13 | 000,009,739 | ---- | M] () -- C:\Users\USER\ESt2012_***_***.elfo
[2013.06.28 13:14:38 | 000,089,990 | ---- | M] () -- C:\Users\USER\Desktop\MdM1.jpg
[2013.06.28 13:14:34 | 000,094,564 | ---- | M] () -- C:\Users\USER\Desktop\MdM2.jpg
[2013.06.27 00:32:38 | 548,756,396 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.25 16:03:24 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2013.06.24 11:05:06 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\USER\AppData\Roaming\*.tmp files -> C:\Users\USER\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.07.21 23:34:13 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Open It!.lnk
[2013.07.21 23:18:22 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\EPUpdater.job
[2013.07.11 12:46:34 | 000,055,469 | ---- | C] () -- C:\Users\USER\Desktop\Rechnung 106 13 Reisekosten Endfestival2013.pdf
[2013.07.11 10:24:08 | 000,591,264 | ---- | C] () -- C:\Users\USER\Desktop\Abschlussbericht Der neue Weg Hamburg.pdf
[2013.07.10 18:31:07 | 000,089,989 | ---- | C] () -- C:\Users\USER\Desktop\Endfestival2013.jpg
[2013.07.10 17:01:37 | 000,595,538 | ---- | C] () -- C:\Users\USER\Desktop\Abschlussbericht DER NEUE Weg.pdf
[2013.07.10 16:58:24 | 002,329,500 | ---- | C] () -- C:\Users\USER\Desktop\20130516_151927.jpg
[2013.07.10 16:43:33 | 002,700,749 | ---- | C] () -- C:\Users\USER\Desktop\1000 Kisten Tag 4 f.jpg
[2013.07.10 16:35:44 | 002,439,053 | ---- | C] () -- C:\Users\USER\Desktop\20130516_150753.jpg
[2013.07.10 13:36:19 | 002,150,056 | ---- | C] () -- C:\Users\USER\Desktop\20130517_190559.jpg
[2013.07.10 13:35:17 | 002,433,830 | ---- | C] () -- C:\Users\USER\Desktop\20130517_190241.jpg
[2013.07.04 20:46:11 | 002,529,097 | ---- | C] () -- C:\Users\USER\Desktop\THERE WILL BE DANCE!.jpg
[2013.07.02 15:05:51 | 000,223,735 | ---- | C] () -- C:\Users\USER\Desktop\Ethikkommission2.jpg
[2013.07.02 15:00:56 | 000,103,072 | ---- | C] () -- C:\Users\USER\Desktop\der jahrgang.jpg
[2013.07.02 14:52:18 | 000,128,640 | ---- | C] () -- C:\Users\USER\Desktop\Kopftuch.JPG
[2013.07.02 14:39:48 | 000,360,596 | ---- | C] () -- C:\Users\USER\Desktop\Berg Stadtteil.jpg
[2013.07.02 09:58:19 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.07.02 09:58:18 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.07.01 15:40:43 | 000,001,141 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2013.06.28 20:50:01 | 000,009,739 | ---- | C] () -- C:\Users\USER\ESt2012_***_***.elfo
[2013.06.28 13:15:16 | 000,094,564 | ---- | C] () -- C:\Users\USER\Desktop\MdM2.jpg
[2013.06.28 13:15:07 | 000,089,990 | ---- | C] () -- C:\Users\USER\Desktop\MdM1.jpg
[2013.04.07 21:32:32 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2013.04.07 21:30:15 | 013,913,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2013.04.07 21:30:15 | 000,963,884 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2013.04.07 21:30:15 | 000,221,264 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013.04.07 21:30:15 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.08.14 11:47:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.09 09:48:26 | 004,503,728 | ---- | C] () -- C:\ProgramData\ldsw_0paos.pad
[2012.07.26 17:59:24 | 000,000,026 | ---- | C] () -- C:\Users\USER\AppData\Roaming\urhtps.dat
[2012.07.26 16:58:07 | 000,000,017 | ---- | C] () -- C:\Users\USER\AppData\Roaming\blckdom.res
[2012.03.29 14:46:46 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012.03.07 12:44:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.12.29 12:16:03 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.12.22 03:15:50 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.12.13 11:16:53 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.09.04 05:33:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.07.26 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\09001.066
[2012.07.30 14:29:53 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\09001.068
[2012.08.04 11:38:38 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\09001.069
[2013.05.30 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\4fhfhVN9
[2013.05.23 21:02:44 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Babylon
[2013.07.21 16:49:56 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\ChessBase
[2013.01.28 12:36:10 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\DAEMON Tools Lite
[2013.07.21 23:28:33 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Dropbox
[2013.07.21 23:17:24 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\DSite
[2013.05.30 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\DVDVideoSoft
[2013.07.04 21:44:35 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\elsterformular
[2013.07.04 16:23:46 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Giypm
[2012.08.08 22:29:46 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\iolo
[2012.07.26 16:57:53 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\kock
[2013.01.28 12:34:15 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\OpenCandy
[2013.03.29 00:16:26 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Sony
[2013.07.21 23:23:56 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Systweak
[2013.04.07 14:23:47 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\TestApp
[2012.05.22 18:43:41 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Thunderbird
[2012.07.26 17:30:53 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\UAs
[2012.01.03 16:02:54 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Windows Live Writer
[2012.07.30 14:33:55 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\xmldm
[2013.05.13 18:28:33 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Yfis
[2013.07.09 10:56:28 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Zuyn

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP

FC5A2B2

< End of report >

und OTL Extra:

Zitat:

OTL Extras logfile created on: 21.07.2013 23:44:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tenenbaum\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,92 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 61,90% Memory free
7,83 Gb Paging File | 6,07 Gb Available in Paging File | 77,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,76 Gb Total Space | 350,93 Gb Free Space | 78,55% Space Free | Partition Type: NTFS

Computer Name: TENENBAUMBASIS | User Name: Tenenbaum | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0192E608-205F-47BE-BCBD-EE728AD77773}" = rport=10243 | protocol=6 | dir=out | app=system |
"{060476E7-5E2D-4575-B7D6-F49124169AC6}" = lport=138 | protocol=17 | dir=in | app=system |
"{0D2B1B0A-04B9-4641-8D54-73FC76F0A675}" = rport=445 | protocol=6 | dir=out | app=system |
"{1A3ACFDF-8352-4B75-BD47-17B96BCC8B58}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1AA8C75A-1990-4E0E-A3F4-7CAF88F32684}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{208C7B27-47A5-4836-B603-8F5AE0BE1FB1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21A6BE88-1CDE-4D27-8B7E-B130D4B47B00}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2EEAAE20-0887-4E3E-9ECB-4F6CFCDBD55D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4BB0D7C3-DD3E-4288-8418-A0BC21319CAA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{623047AB-ED55-4237-BB69-BDDE575D02BB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67DD36FB-86C9-45F6-B221-0618E3DF6C99}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{725A2C3D-1470-4997-87A1-4A22F06E1C3C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79EA6EE6-ED15-4E25-8E39-F567909AC0C9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{93B03BA7-9FDB-4AD1-A467-54A4BDB240B8}" = lport=137 | protocol=17 | dir=in | app=system |
"{991939E4-1BE3-475D-B769-4F6B1DD34643}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9B64ADA9-A721-4036-9681-AD1A4812D188}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A21716C9-25C6-40B3-BABF-F3DFC31B7376}" = rport=138 | protocol=17 | dir=out | app=system |
"{A648724B-44FF-4F5F-B580-E7BC7470386D}" = lport=445 | protocol=6 | dir=in | app=system |
"{A7CADC56-5A28-44D5-B3EA-C96E99E47FCC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AAE6FDA6-2EAE-4FA7-AE49-74AEC1291120}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE7F5283-827B-4C1C-9246-5787FEA807D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2AAA5D3-D20D-4C03-8154-BF676D14D010}" = lport=139 | protocol=6 | dir=in | app=system |
"{B2F139BF-CE29-42F2-A797-DBAED5B3E82E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C1E28532-989C-42BD-A5E3-1E4ECE684E2E}" = rport=137 | protocol=17 | dir=out | app=system |
"{CAB9E53E-0F69-4AB4-954D-C38581275331}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5CF578F-E0AD-4697-A558-C74DC80E2234}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03121F93-D788-43F6-9FF9-80EBB8AC99EB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{0A6B32B9-B445-4BE7-8AFF-B87B8182764A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0F03673A-3655-4545-B3B0-459858F8C0FE}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{104359B5-C439-4EDB-BA11-777FF44EF329}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{11ECF74A-47CA-40BB-A1C5-14FCF4859001}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F535249-F3BC-4A2D-89EC-DA480AE93DC5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{23B32E42-088E-418E-B956-BCD2ABEF80F5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2A368EE3-8171-450B-A390-C6FE17C8C291}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{311E21BC-CC80-4B00-8363-D097940758B0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{326CBCF1-F199-4A6A-8CC1-DF43A7AAB46A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3392818C-538C-49A3-AF3B-F480A0162E85}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\hpnetworkcommunicator.exe |
"{413ABBBD-44A6-4916-BBFA-1AE257F381BE}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\devicesetup.exe |
"{47BA8953-370C-403B-A761-EE289E185BDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49E8EFA4-3463-45AE-82E0-53AF723AAA04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B5DB0E3-9E4D-4B3A-BFB2-250E9CE91CC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D5A8998-038D-40CE-A463-A20828409A01}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{6061C4F6-A3BE-4812-AFEF-8C07207351C4}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\hpnetworkcommunicator.exe |
"{71883400-4C19-4069-849F-C0AEDA306CCF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F36C2AE-4822-4FE7-A857-525C0E3A1A74}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{925BD1BB-A24E-4F05-9FD8-7FFC6B9E8BB4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9A903178-E5D2-4D01-B64A-F8757FA7C4B8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B267F5B1-B5E1-48DE-A06A-4C0DD397D8DF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B35C328B-1702-42C0-BD7D-415A710EB7FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B52CFDBE-5757-42DF-A7BA-0A9443979CE7}" = protocol=6 | dir=in | app=c:\users\tenenbaum\appdata\roaming\dropbox\bin\dropbox.exe |
"{C7FF1FCB-839E-4E88-B908-181A9B3B1EB7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D257D1AF-C339-4020-AB39-66C663AD2DEF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA3BE17C-E711-4134-824C-5FF595E12E1B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E11AE614-631B-4387-B601-8D5F410BE581}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{E175BF1D-EDD8-4D70-8155-A561B1F63AAF}" = protocol=6 | dir=out | app=system |
"{E4AB2551-9AED-47E5-8B63-D4506D1B4CC8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E7CBFA71-3121-4826-BA08-412702EA920C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E9FE33C1-6ADD-4D4F-82F9-B10C9CD13361}" = protocol=17 | dir=in | app=c:\users\tenenbaum\appdata\roaming\dropbox\bin\dropbox.exe |
"{EB827B12-7FB1-45EB-AB4F-38DB2144FCE5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC2295FD-63DE-4769-95C1-5A4C075CC023}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F4393F27-42E6-458A-AC8E-FBFF6261B776}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3000 j310 series\bin\devicesetup.exe |
"{FE0F29AE-D4FB-4E22-9630-738B2819D1FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{026F878A-C86F-4753-9D00-2C72F41071B6}C:\users\tenenbaum\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\tenenbaum\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{139EF365-BAA9-4A65-9A16-316C0A5BDF4A}C:\program files (x86)\luchterhand\fa-arbr-kommentar\lplocal.exe" = protocol=6 | dir=in | app=c:\program files (x86)\luchterhand\fa-arbr-kommentar\lplocal.exe |
"TCP Query User{B78CA51F-4662-4EB2-9E34-4D8BD2C56F52}C:\users\tenenbaum\appdata\roaming\zuyn\eptot.exe" = protocol=6 | dir=in | app=c:\users\tenenbaum\appdata\roaming\zuyn\eptot.exe |
"TCP Query User{FEFC3100-E6B4-4E8F-9377-829A1815D273}C:\users\tenenbaum\appdata\roaming\zuyn\eptot.exe" = protocol=6 | dir=in | app=c:\users\tenenbaum\appdata\roaming\zuyn\eptot.exe |
"UDP Query User{505E0436-C46F-4145-BE33-D9DC2C2FA51F}C:\program files (x86)\luchterhand\fa-arbr-kommentar\lplocal.exe" = protocol=17 | dir=in | app=c:\program files (x86)\luchterhand\fa-arbr-kommentar\lplocal.exe |
"UDP Query User{60993F5D-5763-4917-8CDE-5D076D7244BE}C:\users\tenenbaum\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\tenenbaum\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{9647712B-D901-4B28-83A8-97AC743E70EB}C:\users\tenenbaum\appdata\roaming\zuyn\eptot.exe" = protocol=17 | dir=in | app=c:\users\tenenbaum\appdata\roaming\zuyn\eptot.exe |
"UDP Query User{B5AFD05D-9A02-4470-B126-6FE79E6D9C53}C:\users\tenenbaum\appdata\roaming\zuyn\eptot.exe" = protocol=17 | dir=in | app=c:\users\tenenbaum\appdata\roaming\zuyn\eptot.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{077BF055-512A-4D48-B3C2-44AD860FEB0A}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{158BEEC4-CC30-BF2F-248D-B52AF953E9C1}" = ATI Catalyst Install Manager
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2E1D150F-AD6B-E27A-1986-FEE1C0EE0527}" = AMD Media Foundation Decoders
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4EFA8109-732B-4026-9F0C-B70ECF3F9293}" = Windows Live Remote Service Resources
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{549AD5FB-F52D-4307-864A-C0008FB35D96}" = VCCx64
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2150EF-FDFB-C635-9859-1FAC3AB1D530}" = ccc-utility64
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{6C71F039-AD9F-496E-985E-0A6DC3A41717}" = HP Deskjet 3000 J310 series - Grundlegende Software für das Gerät
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9049851D-76CC-4DCC-B446-4F370C542797}" = SonicWALL Global VPN Client
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{9F672527-2BE4-47AB-B061-C057BDE30B30}" = Windows Live Remote Client Resources
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}" = VPMx64
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E7DC06A3-8516-4929-B712-80987AFFFB57}" = Intel(R) PROSet/Wireless WiFi-Software
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"EPSON BX525WD Series" = Druckerdeinstallation für EPSON BX525WD Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" =
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{102145D2-3923-77A7-24E8-0C340ACCBF3E}" = CCC Help Dutch
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{13EC74A6-4707-4D26-B9B9-E173403F3B08}" = Quick Web Access
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{163E8878-383D-D084-6FD7-7306DE3526DC}" = PX Profile Update
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1B0545C4-620F-4661-A369-C4D113F24932}" = Windows Live Writer Resources
"{1B0ABC80-549D-925C-A537-19E5353F72C1}" = CCC Help Turkish
"{1C078C3C-57FB-1FEC-AC0E-C6E968B24A33}" = Catalyst Control Center
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2303F9E7-6293-4A85-BC21-CA226FAD5CE4}" = Windows Live Mail
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{260E3D78-94E6-47EC-8E29-46301572BB1E}" = Control ActiveX Windows Live Mesh pentru conexiuni la distanță
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C8FBAB0-4564-47B8-AC4B-9C7401B94BF2}" = Основи Windows Live
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3287195A-D1AB-6707-6DDE-24B9909ABB9B}" = CCC Help Russian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C232F1B-86B5-8C1A-98A1-D8B45902E038}" = Catalyst Control Center Localization All
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{45B654B7-99CD-FDAB-BE03-9B0C44833C5B}" = CCC Help German
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46A32202-DD89-C286-A76E-CA4CABC70718}" = Catalyst Control Center Graphics Previews Common
"{4722CB67-DC61-9EAF-6917-292E2C0FF551}" = CCC Help Korean
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4C9EF5EF-5DC6-587A-FBB8-A5517B3A60EA}" = CCC Help Chinese Traditional
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4E5D79D4-9210-E729-4035-9E28D895ACB7}" = CCC Help Chinese Standard
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{504A8AAD-86C2-55A3-4727-AF22E239B4D2}" = CCC Help Japanese
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{51944E98-E7FD-35D5-9AA9-1134F80B2FFC}" = CCC Help Portuguese
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5F2E8FB8-3B01-0DFB-1AEE-105586BC7057}" = CCC Help Thai
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{654A65DA-7173-4B51-ACEB-F855201EE033}" = HP Deskjet 3000 J310 series Hilfe
"{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = PMB VAIO Edition Guide
"{662E4107-92BC-228F-3BEE-6140BDF17BD7}" = Catalyst Control Center InstallProxy
"{6756D5CA-3E31-4308-9BF0-79DFD1AF196E}" = Елемент керування Windows Live Mesh ActiveX для віддалених підключень
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AC57EEF-2733-4DE6-81BB-E78ACB964C22}" = Windows Live Photo Common
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{70DE9E60-DE22-4362-B868-1B8922F78C1A}" = Remote Keyboard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{71FC647F-E91F-4DD2-BEA4-7B4172015DCE}" = VHD
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{7531583A-4A99-F352-0947-4ED677CCDCBA}" = CCC Help Polish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78B36980-3499-48B9-9327-C10C3D1C7866}" = Catalyst Control Center - Branding
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{80651674-74AA-4155-AF2D-1339E628D187}" = Windows Live Movie Maker
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E797841-A110-41FD-B17A-3ABC0641187A}" = VAIO Control Center
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91BD94FE-ADCA-49CC-BE96-97D4BBC36FAF}" = Windows Live Mesh
"{92280FD3-A119-41E6-A740-A62DBA4DFB53}" = Windows Live UX Platform Language Pack
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE76A96-BF2F-8AB9-46B8-74F1FB68AD4C}" = PX Profile Update
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3E74E53-BF73-C14B-3D0A-87CAEB33BFDC}" = CCC Help Spanish
"{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86
"{A5453C56-55BF-63D5-C31C-1452A35E0B65}" = CCC Help English
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{AC76BA86-1033-F400-BA7E-000000000005}" = Adobe Acrobat X Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACC74BEB-FDFF-2AAA-22F2-91CA33572A54}" = CCC Help Hungarian
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B0792F14-EF48-1DE6-5A0E-A36B78091577}" = CCC Help Czech
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1893E3F-9BDF-443F-BED0-1AAA2D9E0D68}" = ArcSoft Magic-i Visual Effects 2
"{B3BA4D1C-23EF-4859-9C11-1B2CCB7FADBB}" = ActiveX контрола на Windows Live Mesh за отдалечени връзки
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6190387-0036-4BEB-8D74-A0AFC5F14706}" = Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7399BB1-B0F1-C4B4-D9BB-79856665B0A4}" = CCC Help Greek
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B77DE05C-7C84-4011-B93F-A29D0D2840F4}" = ArcSoft WebCam Companion 4
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{BA469F53-3131-47B0-9683-2C27F3546CD3}" = Remote Play with PlayStation 3
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}" = VAIO*CPU-Lüfterdiagnose
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BE9E4DD1-6228-46C6-8EF9-42F7A4F6CC9D}" = VAIO Data Restore Tool
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C115A674-A398-49E5-9C6E-C0A541D3EA10}" = Фотоколекція Windows Live
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}" = Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C618CD0B-96C6-AF4B-FC83-F430299EC614}" = CCC Help Norwegian
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF54B7E6-A460-A85E-825A-4CBAA10F0B62}" = CCC Help French
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57A002F-2B34-4E7B-A58B-0A4FBDA2E93F}" = Windows Live Messenger
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF184496-1CA2-4D07-92E7-0BD251D7DEF0}" = VCCx86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1ACD378-91D9-27C3-B1BB-4C0D8C4D3DC0}" = CCC Help Danish
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBBC686-A551-E387-37A9-35B8E9941E41}" = CCC Help Swedish
"{EFB2E87A-DAB1-1C03-8623-3584C6E63B56}" = CCC Help Finnish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F28C98E9-BAC1-41FF-81F2-8885925CCB48}" = Windows Live Writer
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.4
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery
"{FAED76CB-9CC4-CB47-A56B-248B755D75D8}" = Catalyst Control Center Profiles Mobile
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEAC84BD-D196-6EB5-B57B-7EDBEC1F6BC6}" = CCC Help Italian
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OpenIt Open It!" = Open It!
"ProInst" = Intel PROSet Wireless
"splashtop" = Quick Web Access
"VAIO Help and Support" =
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"DSite" = Update for Zip Opener

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21.07.2013 15:08:08 | Computer Name = TenenbaumBasis | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35

Error - 21.07.2013 15:08:43 | Computer Name = TenenbaumBasis | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35

Error - 21.07.2013 15:09:16 | Computer Name = TenenbaumBasis | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35

Error - 21.07.2013 15:09:27 | Computer Name = TenenbaumBasis | Source = Application Hang | ID = 1002
Description = Programm avcenter.exe, Version 13.6.0.1550 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 237c Startzeit:
01ce8645897d3142 Endzeit: 60000 Anwendungspfad: C:\program files (x86)\avira\antivir
desktop\avcenter.exe Berichts-ID: d9b1d2a6-f238-11e2-8efc-f0bf97d2744b

Error - 21.07.2013 15:11:46 | Computer Name = TenenbaumBasis | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35

Error - 21.07.2013 17:03:03 | Computer Name = TenenbaumBasis | Source = ESENT | ID = 490
Description = Windows (3064) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 21.07.2013 17:03:03 | Computer Name = TenenbaumBasis | Source = ESENT | ID = 439
Description = Windows (3064) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.

Error - 21.07.2013 17:03:13 | Computer Name = TenenbaumBasis | Source = ESENT | ID = 486
Description = Windows (3064) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00C92.log"
nach "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log" zu
verschieben, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die
Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen.
Fehler -1032 (0xfffffbf8) beim Verschieben von Dateien.

Error - 21.07.2013 17:26:49 | Computer Name = TenenbaumBasis | Source = WinMgmt | ID = 10
Description =

Error - 21.07.2013 17:43:23 | Computer Name = TenenbaumBasis | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1770 Startzeit:
01ce865a7dec7c05 Endzeit: 0 Anwendungspfad: C:\Users\Tenenbaum\Desktop\OTL.exe Berichts-ID:

[ System Events ]
Error - 21.07.2013 17:45:12 | Computer Name = TenenbaumBasis | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error - 21.07.2013 17:45:12 | Computer Name = TenenbaumBasis | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error - 21.07.2013 17:45:12 | Computer Name = TenenbaumBasis | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error - 21.07.2013 17:45:12 | Computer Name = TenenbaumBasis | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error - 21.07.2013 17:45:12 | Computer Name = TenenbaumBasis | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error - 21.07.2013 17:45:12 | Computer Name = TenenbaumBasis | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error - 21.07.2013 17:45:12 | Computer Name = TenenbaumBasis | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error - 21.07.2013 17:45:12 | Computer Name = TenenbaumBasis | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error - 21.07.2013 17:45:12 | Computer Name = TenenbaumBasis | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

Error - 21.07.2013 17:45:12 | Computer Name = TenenbaumBasis | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.

< End of report >

Und GMER:

Zitat:

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-22 00:38:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GT00 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\TENENB~1\AppData\Local\Temp\fflcypog.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80003406000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff8000340602f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077001465 2 bytes [00, 77]
.text C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770014bb 2 bytes [00, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077001465 2 bytes [00, 77]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[3816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770014bb 2 bytes [00, 77]
.text ... * 2
.text C:\Users\Tenenbaum\AppData\Roaming\Dropbox\bin\Dropbox.exe[3640] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077001465 2 bytes [00, 77]
.text C:\Users\Tenenbaum\AppData\Roaming\Dropbox\bin\Dropbox.exe[3640] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000770014bb 2 bytes [00, 77]
.text ... * 2
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077001465 2 bytes [00, 77]
.text C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe[1416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770014bb 2 bytes [00, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077001465 2 bytes [00, 77]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770014bb 2 bytes [00, 77]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Windows\SysWOW64\ntdll.dll [1616:1620] 000000000093d227
Thread C:\Windows\SysWOW64\ntdll.dll [1616:1708] 0000000072eee2db
Thread C:\Windows\SysWOW64\ntdll.dll [1616:2812] 00000000711d8e20
Thread C:\Windows\SysWOW64\ntdll.dll [1616:2796] 00000000711d8e20
Thread C:\Windows\SysWOW64\ntdll.dll [1616:1852] 00000000711d8e20
Thread C:\Windows\SysWOW64\ntdll.dll [1616:2964] 00000000711d4e00
Thread C:\Windows\SysWOW64\DllHost.exe [2420:2520] 0000000071a628f0

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e4bc5ac
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e4bc5ac@9c02983fccd6 0xCB 0xE9 0xA0 0x65 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e4bc5ac (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e4bc5ac@9c02983fccd6 0xCB 0xE9 0xA0 0x65 ...

---- EOF - GMER 2.1 ----

Könnt Ihr mir helfen?

1000 Dank im Voraus -

Tenenbaum

cosinus · 22.07.2013, 02:37

Hallo,

Zitat:

AntiVir findet u.a.: TR/Dldr.Dofoil.R.266, JAVA/Dldr.Obfshlp.MA, EXP/CVE-2013-2423.DV, TR/Spy.ZBot.lntt.12, JAVA/Lamar.gta.27

Wo sind die Logs dazu? bitte nachreichen. Und die Logs bitte alle in CODE-Tags posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Tenenbaum · 22.07.2013, 08:20

Hallo und guten Morgen!

Hier ist das Logfile von Antivir:

Code:

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 21. Juli 2013  21:15


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : TENENBAUMBASIS

Versionsinformationen:
BUILD.DAT      : 13.0.0.3882    54853 Bytes  11.07.2013 10:31:00
AVSCAN.EXE     : 13.6.0.1722   634936 Bytes  24.06.2013 09:04:54
AVSCANRC.DLL   : 13.6.0.1550    62520 Bytes  24.06.2013 09:04:54
LUKE.DLL       : 13.6.0.1550    65080 Bytes  24.06.2013 09:05:03
AVSCPLR.DLL    : 13.6.0.1712    92216 Bytes  24.06.2013 09:04:54
AVREG.DLL      : 13.6.0.1550   247864 Bytes  24.06.2013 09:04:54
avlode.dll     : 13.6.2.1704   449592 Bytes  24.06.2013 09:04:53
avlode.rdf     : 13.0.1.22      26240 Bytes  11.07.2013 22:35:30
VBASE000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 18:29:39
VBASE001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 06:55:48
VBASE002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 10:33:37
VBASE003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 09:04:50
VBASE004.VDF   : 7.11.85.215     2048 Bytes  21.06.2013 09:04:50
VBASE005.VDF   : 7.11.85.216     2048 Bytes  21.06.2013 09:04:50
VBASE006.VDF   : 7.11.85.217     2048 Bytes  21.06.2013 09:04:50
VBASE007.VDF   : 7.11.85.218     2048 Bytes  21.06.2013 09:04:50
VBASE008.VDF   : 7.11.85.219     2048 Bytes  21.06.2013 09:04:50
VBASE009.VDF   : 7.11.85.220     2048 Bytes  21.06.2013 09:04:50
VBASE010.VDF   : 7.11.85.221     2048 Bytes  21.06.2013 09:04:50
VBASE011.VDF   : 7.11.85.222     2048 Bytes  21.06.2013 09:04:50
VBASE012.VDF   : 7.11.85.223     2048 Bytes  21.06.2013 09:04:50
VBASE013.VDF   : 7.11.85.224     2048 Bytes  21.06.2013 09:04:50
VBASE014.VDF   : 7.11.86.93    870400 Bytes  24.06.2013 09:04:51
VBASE015.VDF   : 7.11.86.223   331776 Bytes  25.06.2013 09:05:36
VBASE016.VDF   : 7.11.87.67    204800 Bytes  27.06.2013 12:17:32
VBASE017.VDF   : 7.11.87.157   247296 Bytes  28.06.2013 09:40:57
VBASE018.VDF   : 7.11.87.221   196608 Bytes  30.06.2013 20:30:02
VBASE019.VDF   : 7.11.88.51    356352 Bytes  02.07.2013 13:06:13
VBASE020.VDF   : 7.11.88.119   182272 Bytes  03.07.2013 20:51:25
VBASE021.VDF   : 7.11.88.213   266752 Bytes  05.07.2013 08:59:43
VBASE022.VDF   : 7.11.89.43    184320 Bytes  07.07.2013 08:59:43
VBASE023.VDF   : 7.11.89.105   203776 Bytes  08.07.2013 08:59:43
VBASE024.VDF   : 7.11.89.175   253440 Bytes  10.07.2013 13:16:09
VBASE025.VDF   : 7.11.90.3     221696 Bytes  11.07.2013 22:35:27
VBASE026.VDF   : 7.11.90.71    217088 Bytes  13.07.2013 08:35:54
VBASE027.VDF   : 7.11.90.173   306688 Bytes  16.07.2013 09:58:19
VBASE028.VDF   : 7.11.91.1     348160 Bytes  18.07.2013 09:38:03
VBASE029.VDF   : 7.11.91.99    493568 Bytes  21.07.2013 08:11:47
VBASE030.VDF   : 7.11.91.100     2048 Bytes  21.07.2013 08:11:47
VBASE031.VDF   : 7.11.91.114    76800 Bytes  21.07.2013 14:11:46
Engineversion  : 8.2.12.88 
AEVDF.DLL      : 8.1.3.4       102774 Bytes  13.06.2013 17:09:39
AESCRIPT.DLL   : 8.1.4.134     491902 Bytes  21.07.2013 19:11:50
AESCN.DLL      : 8.1.10.4      131446 Bytes  03.04.2013 19:46:34
AESBX.DLL      : 8.2.5.12      606578 Bytes  11.03.2013 12:32:43
AERDL.DLL      : 8.2.0.128     688504 Bytes  13.06.2013 17:09:39
AEPACK.DLL     : 8.3.2.24      749945 Bytes  20.06.2013 15:37:46
AEOFFICE.DLL   : 8.1.2.70      205181 Bytes  21.07.2013 19:11:50
AEHEUR.DLL     : 8.1.4.486    6021498 Bytes  21.07.2013 19:11:50
AEHELP.DLL     : 8.1.27.4      266617 Bytes  28.06.2013 08:45:40
AEGEN.DLL      : 8.1.7.8       442742 Bytes  04.07.2013 15:12:04
AEEXP.DLL      : 8.4.1.28      266615 Bytes  21.07.2013 19:11:50
AEEMU.DLL      : 8.1.3.2       393587 Bytes  11.03.2013 12:32:36
AECORE.DLL     : 8.1.31.6      201081 Bytes  28.06.2013 08:45:39
AEBB.DLL       : 8.1.1.4        53619 Bytes  11.03.2013 12:32:36
AVWINLL.DLL    : 13.6.0.1550    23608 Bytes  24.06.2013 09:04:48
AVPREF.DLL     : 13.6.0.1550    48184 Bytes  24.06.2013 09:04:54
AVREP.DLL      : 13.6.0.1550   175672 Bytes  24.06.2013 09:04:54
AVARKT.DLL     : 13.6.0.1626   258104 Bytes  24.06.2013 09:04:52
AVEVTLOG.DLL   : 13.6.0.1550   164920 Bytes  24.06.2013 09:04:53
SQLITE3.DLL    : 3.7.0.1       397704 Bytes  11.03.2013 12:33:24
AVSMTP.DLL     : 13.6.0.1550    59960 Bytes  24.06.2013 09:04:55
NETNT.DLL      : 13.6.0.1550    13368 Bytes  24.06.2013 09:05:03
RCIMAGE.DLL    : 13.4.0.360   4780832 Bytes  11.03.2013 12:31:08
RCTEXT.DLL     : 13.6.0.1624    67128 Bytes  24.06.2013 09:04:48

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Sonntag, 21. Juli 2013  21:15

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '148' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'devmonsrv.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_S50STB.EXE' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'E_S50RPB.EXE' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'EvtEng.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMBDeviceInfoProvider.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'RegSrvc.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'SWGVCSvc.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'obexsrv.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '181' Modul(e) wurden durchsucht
Durchsuche Prozess 'mediasrv.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESGfxMgr.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxext.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apoint.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'iFrmewrk.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'rundll32.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'RAVBg64.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'PMBVolumeWatcher.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTPlayerCtrl.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'ApMsgFwd.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '127' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apvfb.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'Apntex.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTHSAmpPalService.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTHSSecurityMgr.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'RIconMan.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '194' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'uCamMonitor.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'SPMService.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'VSNService.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'VSNClient.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'jucheck.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '107' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '124' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3942' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\Tenenbaum\AppData\Local\Temp\ish329754\DAT\DSiteU.dat
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/InstallCore.E
C:\Users\Tenenbaum\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\251b9aee-5f92a564
  [FUND]      Ist das Trojanische Pferd TR/Dldr.Dofoil.R.266
    [0] Archivtyp: RSRC
    --> C:\Users\Tenenbaum\AppData\Roaming\Dropbox\bin\Dropbox.exe
        [1] Archivtyp: RSRC
      --> C:\Users\Tenenbaum\AppData\Roaming\Dropbox\bin\Dropbox.exe
          [2] Archivtyp: RSRC
        --> C:\Users\Tenenbaum\AppData\Roaming\Dropbox\bin\Dropbox.exe
            [3] Archivtyp: RSRC
          --> C:\Users\Tenenbaum\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
              [4] Archivtyp: Runtime Packed
            --> C:\Users\Tenenbaum\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57c9fd79-7fae0593
                [5] Archivtyp: ZIP
              --> Nkg1.class
                  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2013-2423.A.63
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Nkg2.class
                  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2013-2423.A.75
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> SClass.class
                  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2013-2423.GK
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.ZK
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre010.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Obfshlp.LL
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre012.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Obfshlp.LN
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre013.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Themod.PB
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre014.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Obfshlp.LP
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre015.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.ZJ
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre016.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.teq.41
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre017.class
                  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2013-2423.FP
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre02.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.ZI
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre03.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.ZH
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre05.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.YY
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> wh.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Obfshlp.MA
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Tenenbaum\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57c9fd79-7fae0593
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Obfshlp.MA
            --> C:\Users\Tenenbaum\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\440c1a7b-32faf941
                [5] Archivtyp: ZIP
              --> aaWwixQq.class
                  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2013-2423.DV
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> HNpzu.class
                  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2013-2423.DV
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Tenenbaum\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\440c1a7b-32faf941
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2013-2423.DV
C:\Users\Tenenbaum\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\3d6f0587-2bea33f8
  [FUND]      Ist das Trojanische Pferd TR/Spy.ZBot.lntt.12
            --> C:\Users\Tenenbaum\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\744d9147-32dd8335
                [5] Archivtyp: ZIP
              --> Air1.class
                  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2013-2423.A.77
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Air2.class
                  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2013-2423.A.84
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.gta.20
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre010.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.ZF
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre012.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.ZE
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre013.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.gta.21
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre014.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.gta.22
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre015.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.gta.23
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre016.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.gta.24
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre017.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.gta.25
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre02.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.ZA
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre03.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.gta.26
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> Tretre05.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.YY
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
              --> wh.class
                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.gta.27
                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Tenenbaum\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\744d9147-32dd8335
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.gta.27

Beginne mit der Desinfektion:
C:\Users\Tenenbaum\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\744d9147-32dd8335
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.gta.27
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57abeabb.qua' verschoben!
C:\Users\Tenenbaum\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\3d6f0587-2bea33f8
  [FUND]      Ist das Trojanische Pferd TR/Spy.ZBot.lntt.12
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f3ec2cd.qua' verschoben!
C:\Users\Tenenbaum\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\440c1a7b-32faf941
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2013-2423.DV
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1d5f9ff5.qua' verschoben!
C:\Users\Tenenbaum\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57c9fd79-7fae0593
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Obfshlp.MA
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7b3bd7ca.qua' verschoben!
C:\Users\Tenenbaum\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\251b9aee-5f92a564
  [FUND]      Ist das Trojanische Pferd TR/Dldr.Dofoil.R.266
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3eedfd0a.qua' verschoben!
C:\Users\Tenenbaum\AppData\Local\Temp\ish329754\DAT\DSiteU.dat
  [FUND]      Enthält Erkennungsmuster der Adware ADWARE/InstallCore.E
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '41bec889.qua' verschoben!


Ende des Suchlaufs: Sonntag, 21. Juli 2013  22:59
Benötigte Zeit:  1:39:17 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  33484 Verzeichnisse wurden überprüft
 764939 Dateien wurden geprüft
     37 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      6 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 764902 Dateien ohne Befall
   7924 Archive wurden durchsucht
     31 Warnungen
      6 Hinweise
 860295 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden

Liebe Grüße aus Hamburg
Matthias

cosinus · 22.07.2013, 23:00

Ok, bitte MBAR ausführen, danach aswMBR:

MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Tenenbaum · 23.07.2013, 01:55

So, lieber Cosinus,

here we are:

a) 1. Log von MBAR

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.22.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Tenenbaum :: TENENBAUMBASIS [administrator]

23.07.2013 00:34:21
mbar-log-2013-07-23 (00-34-21).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 246421
Time elapsed: 37 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\CLASSES\linkrd.AIEbho (Trojan.Banker) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\linkrd.AIEbho.1 (Trojan.Banker) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Tenenbaum\AppData\Local\Temp\is357113909\plus-hd-2-3_DE.exe (Heuristics.Shuriken) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

b) 2. LOG von MBAR

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.22.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Tenenbaum :: TENENBAUMBASIS [administrator]

23.07.2013 01:18:47
mbar-log-2013-07-23 (01-18-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 246467
Time elapsed: 38 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

c) Das LOG von aswMBR

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-23 02:00:25
-----------------------------
02:00:25.936    OS Version: Windows x64 6.1.7601 Service Pack 1
02:00:25.936    Number of processors: 4 586 0x2A07
02:00:25.936    ComputerName: TENENBAUMBASIS  UserName: Tenenbaum
02:00:29.165    Initialize success
02:27:21.361    AVAST engine defs: 13072202
02:28:55.014    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
02:28:55.014    Disk 0 Vendor: TOSHIBA_ GT00 Size: 476940MB BusType: 3
02:28:55.170    Disk 0 MBR read successfully
02:28:55.185    Disk 0 MBR scan
02:28:55.201    Disk 0 Windows 7 default MBR code
02:28:55.217    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        19354 MB offset 2048
02:28:55.232    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 39639040
02:28:55.248    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       457484 MB offset 39843840
02:28:55.373    Disk 0 scanning C:\Windows\system32\drivers
02:29:05.793    Service scanning
02:29:43.904    Modules scanning
02:29:43.904    Disk 0 trace - called modules:
02:29:43.951    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
02:29:43.951    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800757c060]
02:29:43.951    3 CLASSPNP.SYS[fffff880015cd43f] -> nt!IofCallDriver -> [0xfffffa80042f4800]
02:29:43.967    5 ACPI.sys[fffff88000f397a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006324050]
02:29:45.511    AVAST engine scan C:\Windows
02:29:47.835    AVAST engine scan C:\Windows\system32
02:32:39.264    AVAST engine scan C:\Windows\system32\drivers
02:32:52.103    AVAST engine scan C:\Users\Tenenbaum
02:43:21.517    AVAST engine scan C:\ProgramData
02:46:45.924    Scan finished successfully
02:47:35.829    Disk 0 MBR has been saved successfully to "C:\Users\Tenenbaum\Desktop\MBR.dat"
02:47:35.829    The log file has been saved successfully to "C:\Users\Tenenbaum\Desktop\aswMBR.txt"

Was sagt der Experte?

LG
Matthias

cosinus · 23.07.2013, 01:58

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Tenenbaum · 23.07.2013, 02:09

So,

a) aswMBR hab ich Dir schon im letzten Posting geschickt - siehe unten.

b) hier nun noch das Log von TDSS Killer:

Code:

ATTFilter

03:03:50.0560 5072  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
03:03:50.0622 5072  ============================================================
03:03:50.0622 5072  Current date / time: 2013/07/23 03:03:50.0622
03:03:50.0622 5072  SystemInfo:
03:03:50.0622 5072  
03:03:50.0622 5072  OS Version: 6.1.7601 ServicePack: 1.0
03:03:50.0622 5072  Product type: Workstation
03:03:50.0622 5072  ComputerName: TENENBAUMBASIS
03:03:50.0622 5072  UserName: Tenenbaum
03:03:50.0622 5072  Windows directory: C:\Windows
03:03:50.0622 5072  System windows directory: C:\Windows
03:03:50.0622 5072  Running under WOW64
03:03:50.0622 5072  Processor architecture: Intel x64
03:03:50.0622 5072  Number of processors: 4
03:03:50.0622 5072  Page size: 0x1000
03:03:50.0622 5072  Boot type: Normal boot
03:03:50.0622 5072  ============================================================
03:03:51.0012 5072  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:03:51.0028 5072  ============================================================
03:03:51.0028 5072  \Device\Harddisk0\DR0:
03:03:51.0028 5072  MBR partitions:
03:03:51.0028 5072  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x25CD800, BlocksNum 0x32000
03:03:51.0028 5072  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25FF800, BlocksNum 0x37D86030
03:03:51.0028 5072  ============================================================
03:03:51.0059 5072  C: <-> \Device\Harddisk0\DR0\Partition2
03:03:51.0059 5072  ============================================================
03:03:51.0059 5072  Initialize success
03:03:51.0059 5072  ============================================================
03:04:17.0922 2992  ============================================================
03:04:17.0922 2992  Scan started
03:04:17.0922 2992  Mode: Manual; SigCheck; TDLFS; 
03:04:17.0922 2992  ============================================================
03:04:18.0281 2992  ================ Scan system memory ========================
03:04:18.0281 2992  System memory - ok
03:04:18.0281 2992  ================ Scan services =============================
03:04:18.0468 2992  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
03:04:18.0593 2992  1394ohci - ok
03:04:18.0702 2992  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
03:04:18.0749 2992  ACDaemon - ok
03:04:18.0796 2992  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
03:04:18.0812 2992  ACPI - ok
03:04:18.0858 2992  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
03:04:18.0968 2992  AcpiPmi - ok
03:04:19.0061 2992  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
03:04:19.0061 2992  AdobeARMservice - ok
03:04:19.0186 2992  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:04:19.0202 2992  AdobeFlashPlayerUpdateSvc - ok
03:04:19.0264 2992  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
03:04:19.0280 2992  adp94xx - ok
03:04:19.0326 2992  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
03:04:19.0342 2992  adpahci - ok
03:04:19.0373 2992  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
03:04:19.0389 2992  adpu320 - ok
03:04:19.0404 2992  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
03:04:19.0529 2992  AeLookupSvc - ok
03:04:19.0576 2992  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
03:04:19.0638 2992  AFD - ok
03:04:19.0685 2992  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
03:04:19.0685 2992  agp440 - ok
03:04:19.0748 2992  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
03:04:19.0794 2992  ALG - ok
03:04:19.0857 2992  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
03:04:19.0857 2992  aliide - ok
03:04:19.0888 2992  [ 0EE274476C3E5F05F2B79B8C63FCCCFC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
03:04:19.0982 2992  AMD External Events Utility - ok
03:04:20.0013 2992  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
03:04:20.0013 2992  amdide - ok
03:04:20.0060 2992  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
03:04:20.0091 2992  AmdK8 - ok
03:04:20.0309 2992  [ B18018924D6ADB6E64BC39BD37D6A4D8 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
03:04:20.0574 2992  amdkmdag - ok
03:04:20.0621 2992  [ 3249B112D48D29BE86984CF4594C9755 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
03:04:20.0668 2992  amdkmdap - ok
03:04:20.0730 2992  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
03:04:20.0777 2992  AmdPPM - ok
03:04:20.0824 2992  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
03:04:20.0824 2992  amdsata - ok
03:04:20.0855 2992  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
03:04:20.0871 2992  amdsbs - ok
03:04:20.0886 2992  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
03:04:20.0886 2992  amdxata - ok
03:04:20.0933 2992  [ 6D5225F0DD9EB4937A10BA05235FA6F1 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
03:04:20.0980 2992  AMPPAL - ok
03:04:20.0996 2992  [ 6D5225F0DD9EB4937A10BA05235FA6F1 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
03:04:20.0996 2992  AMPPALP - ok
03:04:21.0074 2992  [ 75130C273367F6AEA472BA34F1D43B45 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
03:04:21.0105 2992  AMPPALR3 - ok
03:04:21.0183 2992  [ FE9932692FC61C2203EC9884D414F700 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
03:04:21.0198 2992  AntiVirSchedulerService - ok
03:04:21.0245 2992  [ B1F8B58F27971B7E316DD316687886EC ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
03:04:21.0245 2992  AntiVirService - ok
03:04:21.0308 2992  [ 9DC1A45BA81C923DB68A162B0F0D0149 ] ApfiltrService  C:\Windows\system32\drivers\Apfiltr.sys
03:04:21.0323 2992  ApfiltrService - ok
03:04:21.0370 2992  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
03:04:21.0510 2992  AppID - ok
03:04:21.0542 2992  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
03:04:21.0573 2992  AppIDSvc - ok
03:04:21.0635 2992  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
03:04:21.0666 2992  Appinfo - ok
03:04:21.0682 2992  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
03:04:21.0698 2992  arc - ok
03:04:21.0729 2992  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
03:04:21.0729 2992  arcsas - ok
03:04:21.0760 2992  [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
03:04:21.0760 2992  ArcSoftKsUFilter - ok
03:04:21.0885 2992  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
03:04:21.0885 2992  aspnet_state - ok
03:04:21.0900 2992  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
03:04:21.0947 2992  AsyncMac - ok
03:04:21.0994 2992  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
03:04:22.0010 2992  atapi - ok
03:04:22.0056 2992  [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
03:04:22.0119 2992  athr - ok
03:04:22.0197 2992  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
03:04:22.0259 2992  AudioEndpointBuilder - ok
03:04:22.0275 2992  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
03:04:22.0306 2992  AudioSrv - ok
03:04:22.0353 2992  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
03:04:22.0368 2992  avgntflt - ok
03:04:22.0431 2992  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
03:04:22.0446 2992  avipbb - ok
03:04:22.0493 2992  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
03:04:22.0509 2992  avkmgr - ok
03:04:22.0540 2992  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
03:04:22.0634 2992  AxInstSV - ok
03:04:22.0680 2992  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
03:04:22.0743 2992  b06bdrv - ok
03:04:22.0774 2992  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
03:04:22.0805 2992  b57nd60a - ok
03:04:22.0899 2992  [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
03:04:22.0914 2992  BBSvc - ok
03:04:22.0961 2992  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
03:04:22.0977 2992  BBUpdate - ok
03:04:23.0024 2992  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
03:04:23.0055 2992  BDESVC - ok
03:04:23.0102 2992  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
03:04:23.0148 2992  Beep - ok
03:04:23.0211 2992  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
03:04:23.0273 2992  BFE - ok
03:04:23.0320 2992  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
03:04:23.0382 2992  BITS - ok
03:04:23.0414 2992  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
03:04:23.0445 2992  blbdrive - ok
03:04:23.0585 2992  [ 2E251B39ABEA79351E5633E5A7C36BE4 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
03:04:23.0616 2992  Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
03:04:23.0616 2992  Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
03:04:23.0663 2992  [ 1EC546F8B6222F1F984220C1324EA945 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
03:04:23.0710 2992  Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
03:04:23.0710 2992  Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
03:04:23.0772 2992  [ ADB9C79CCBEF779D56A9AC931F9C8DF0 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
03:04:23.0804 2992  Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
03:04:23.0804 2992  Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
03:04:23.0835 2992  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
03:04:23.0882 2992  bowser - ok
03:04:23.0913 2992  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
03:04:23.0944 2992  BrFiltLo - ok
03:04:23.0960 2992  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
03:04:23.0975 2992  BrFiltUp - ok
03:04:24.0022 2992  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
03:04:24.0069 2992  Browser - ok
03:04:24.0100 2992  [ E5E9B1625A767CEB6F319C12D33EAB78 ] BrSerIb         C:\Windows\system32\DRIVERS\BrSerIb.sys
03:04:24.0147 2992  BrSerIb - ok
03:04:24.0194 2992  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
03:04:24.0225 2992  Brserid - ok
03:04:24.0256 2992  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
03:04:24.0272 2992  BrSerWdm - ok
03:04:24.0303 2992  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
03:04:24.0334 2992  BrUsbMdm - ok
03:04:24.0365 2992  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
03:04:24.0396 2992  BrUsbSer - ok
03:04:24.0443 2992  [ D9F6B30AD93CBD165EC71FADF51DF25E ] BrUsbSIb        C:\Windows\system32\DRIVERS\BrUsbSIb.sys
03:04:24.0459 2992  BrUsbSIb - ok
03:04:24.0506 2992  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
03:04:24.0552 2992  BthEnum - ok
03:04:24.0615 2992  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
03:04:24.0646 2992  BTHMODEM - ok
03:04:24.0677 2992  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
03:04:24.0693 2992  BthPan - ok
03:04:24.0755 2992  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
03:04:24.0786 2992  BTHPORT - ok
03:04:24.0833 2992  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
03:04:24.0864 2992  bthserv - ok
03:04:24.0896 2992  [ 68389D0AA570BD089FDF7802ABBC0B8C ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
03:04:24.0911 2992  BTHSSecurityMgr - ok
03:04:24.0942 2992  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
03:04:24.0958 2992  BTHUSB - ok
03:04:25.0005 2992  [ 274E47BD9C1367BDBFA9DF10C2E6C544 ] btmaudio        C:\Windows\system32\drivers\btmaud.sys
03:04:25.0052 2992  btmaudio - ok
03:04:25.0083 2992  [ 76A1340ADB32798D18394AA424D584E2 ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
03:04:25.0130 2992  btmaux - ok
03:04:25.0161 2992  [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
03:04:25.0192 2992  btmhsf - ok
03:04:25.0239 2992  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
03:04:25.0301 2992  cdfs - ok
03:04:25.0364 2992  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
03:04:25.0379 2992  cdrom - ok
03:04:25.0410 2992  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
03:04:25.0457 2992  CertPropSvc - ok
03:04:25.0504 2992  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
03:04:25.0535 2992  circlass - ok
03:04:25.0566 2992  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
03:04:25.0598 2992  CLFS - ok
03:04:25.0660 2992  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:04:25.0676 2992  clr_optimization_v2.0.50727_32 - ok
03:04:25.0691 2992  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:04:25.0707 2992  clr_optimization_v2.0.50727_64 - ok
03:04:25.0769 2992  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:04:25.0785 2992  clr_optimization_v4.0.30319_32 - ok
03:04:25.0800 2992  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:04:25.0816 2992  clr_optimization_v4.0.30319_64 - ok
03:04:25.0863 2992  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
03:04:25.0894 2992  CmBatt - ok
03:04:25.0925 2992  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
03:04:25.0941 2992  cmdide - ok
03:04:25.0988 2992  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
03:04:26.0003 2992  CNG - ok
03:04:26.0034 2992  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
03:04:26.0050 2992  Compbatt - ok
03:04:26.0081 2992  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
03:04:26.0112 2992  CompositeBus - ok
03:04:26.0128 2992  COMSysApp - ok
03:04:26.0159 2992  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
03:04:26.0159 2992  crcdisk - ok
03:04:26.0222 2992  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
03:04:26.0268 2992  CryptSvc - ok
03:04:26.0315 2992  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
03:04:26.0378 2992  DcomLaunch - ok
03:04:26.0409 2992  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
03:04:26.0456 2992  defragsvc - ok
03:04:26.0502 2992  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
03:04:26.0549 2992  DfsC - ok
03:04:26.0580 2992  [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
03:04:26.0596 2992  dg_ssudbus - ok
03:04:26.0658 2992  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
03:04:26.0705 2992  Dhcp - ok
03:04:26.0721 2992  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
03:04:26.0768 2992  discache - ok
03:04:26.0799 2992  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
03:04:26.0814 2992  Disk - ok
03:04:26.0861 2992  [ 599864BDC6D2D769E5FF53E960C6B3BD ] DNE             C:\Windows\system32\DRIVERS\dnelwf64.sys
03:04:26.0861 2992  DNE - ok
03:04:26.0892 2992  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
03:04:26.0939 2992  Dnscache - ok
03:04:26.0955 2992  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
03:04:27.0002 2992  dot3svc - ok
03:04:27.0017 2992  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
03:04:27.0064 2992  DPS - ok
03:04:27.0095 2992  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
03:04:27.0126 2992  drmkaud - ok
03:04:27.0173 2992  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
03:04:27.0204 2992  DXGKrnl - ok
03:04:27.0251 2992  [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y60x64.sys
03:04:27.0282 2992  e1yexpress - ok
03:04:27.0329 2992  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
03:04:27.0376 2992  EapHost - ok
03:04:27.0454 2992  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
03:04:27.0532 2992  ebdrv - ok
03:04:27.0563 2992  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
03:04:27.0610 2992  EFS - ok
03:04:27.0672 2992  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
03:04:27.0735 2992  ehRecvr - ok
03:04:27.0750 2992  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
03:04:27.0782 2992  ehSched - ok
03:04:27.0828 2992  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
03:04:27.0844 2992  elxstor - ok
03:04:27.0906 2992  [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
03:04:27.0953 2992  EPSON_EB_RPCV4_04 - ok
03:04:27.0953 2992  [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
03:04:27.0969 2992  EPSON_PM_RPCV4_04 - ok
03:04:27.0984 2992  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
03:04:28.0016 2992  ErrDev - ok
03:04:28.0047 2992  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
03:04:28.0094 2992  EventSystem - ok
03:04:28.0172 2992  [ 88894171B312B829150CC7B25202D70A ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
03:04:28.0203 2992  EvtEng - ok
03:04:28.0250 2992  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
03:04:28.0281 2992  exfat - ok
03:04:28.0312 2992  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
03:04:28.0359 2992  fastfat - ok
03:04:28.0421 2992  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
03:04:28.0468 2992  Fax - ok
03:04:28.0499 2992  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
03:04:28.0515 2992  fdc - ok
03:04:28.0546 2992  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
03:04:28.0593 2992  fdPHost - ok
03:04:28.0608 2992  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
03:04:28.0655 2992  FDResPub - ok
03:04:28.0686 2992  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
03:04:28.0702 2992  FileInfo - ok
03:04:28.0718 2992  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
03:04:28.0764 2992  Filetrace - ok
03:04:28.0811 2992  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
03:04:28.0811 2992  flpydisk - ok
03:04:28.0827 2992  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
03:04:28.0842 2992  FltMgr - ok
03:04:28.0905 2992  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
03:04:28.0936 2992  FontCache - ok
03:04:28.0998 2992  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:04:29.0014 2992  FontCache3.0.0.0 - ok
03:04:29.0045 2992  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
03:04:29.0045 2992  FsDepends - ok
03:04:29.0061 2992  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
03:04:29.0076 2992  Fs_Rec - ok
03:04:29.0123 2992  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
03:04:29.0139 2992  fvevol - ok
03:04:29.0170 2992  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
03:04:29.0186 2992  gagp30kx - ok
03:04:29.0217 2992  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
03:04:29.0264 2992  gpsvc - ok
03:04:29.0295 2992  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
03:04:29.0342 2992  hcw85cir - ok
03:04:29.0388 2992  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:04:29.0420 2992  HdAudAddService - ok
03:04:29.0451 2992  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
03:04:29.0482 2992  HDAudBus - ok
03:04:29.0498 2992  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
03:04:29.0529 2992  HidBatt - ok
03:04:29.0544 2992  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
03:04:29.0591 2992  HidBth - ok
03:04:29.0622 2992  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
03:04:29.0622 2992  HidIr - ok
03:04:29.0654 2992  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
03:04:29.0685 2992  hidserv - ok
03:04:29.0716 2992  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
03:04:29.0732 2992  HidUsb - ok
03:04:29.0747 2992  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
03:04:29.0794 2992  hkmsvc - ok
03:04:29.0841 2992  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
03:04:29.0872 2992  HomeGroupListener - ok
03:04:29.0903 2992  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
03:04:29.0934 2992  HomeGroupProvider - ok
03:04:29.0981 2992  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
03:04:29.0981 2992  HpSAMD - ok
03:04:30.0028 2992  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
03:04:30.0090 2992  HTTP - ok
03:04:30.0106 2992  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
03:04:30.0106 2992  hwpolicy - ok
03:04:30.0137 2992  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
03:04:30.0153 2992  i8042prt - ok
03:04:30.0184 2992  [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor          C:\Windows\system32\drivers\iaStor.sys
03:04:30.0200 2992  iaStor - ok
03:04:30.0262 2992  [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
03:04:30.0278 2992  IAStorDataMgrSvc - ok
03:04:30.0309 2992  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
03:04:30.0324 2992  iaStorV - ok
03:04:30.0356 2992  [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
03:04:30.0371 2992  iBtFltCoex - ok
03:04:30.0465 2992  [ 3CC7B3BB1A9EA201A040883EDFAA67A0 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
03:04:30.0527 2992  IconMan_R - ok
03:04:30.0574 2992  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:04:30.0605 2992  idsvc - ok
03:04:30.0636 2992  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
03:04:30.0652 2992  iirsp - ok
03:04:30.0683 2992  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
03:04:30.0746 2992  IKEEXT - ok
03:04:30.0792 2992  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
03:04:30.0808 2992  intaud_WaveExtensible - ok
03:04:30.0933 2992  [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
03:04:31.0058 2992  IntcAzAudAddService - ok
03:04:31.0120 2992  [ AE594CC17C33AC146739494615E14851 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
03:04:31.0151 2992  IntcDAud - ok
03:04:31.0182 2992  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
03:04:31.0182 2992  intelide - ok
03:04:31.0432 2992  [ E5C11F3689D9448CCC1D782FC2C4CC46 ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
03:04:31.0760 2992  intelkmd - ok
03:04:31.0806 2992  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
03:04:31.0838 2992  intelppm - ok
03:04:31.0869 2992  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
03:04:31.0916 2992  IPBusEnum - ok
03:04:31.0947 2992  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:04:31.0978 2992  IpFilterDriver - ok
03:04:32.0025 2992  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
03:04:32.0072 2992  iphlpsvc - ok
03:04:32.0087 2992  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
03:04:32.0118 2992  IPMIDRV - ok
03:04:32.0134 2992  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
03:04:32.0181 2992  IPNAT - ok
03:04:32.0212 2992  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
03:04:32.0243 2992  IRENUM - ok
03:04:32.0274 2992  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
03:04:32.0274 2992  isapnp - ok
03:04:32.0321 2992  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
03:04:32.0337 2992  iScsiPrt - ok
03:04:32.0368 2992  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\Windows\system32\drivers\iwdbus.sys
03:04:32.0384 2992  iwdbus - ok
03:04:32.0430 2992  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
03:04:32.0430 2992  kbdclass - ok
03:04:32.0446 2992  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
03:04:32.0477 2992  kbdhid - ok
03:04:32.0493 2992  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
03:04:32.0508 2992  KeyIso - ok
03:04:32.0540 2992  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
03:04:32.0555 2992  KSecDD - ok
03:04:32.0571 2992  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
03:04:32.0586 2992  KSecPkg - ok
03:04:32.0618 2992  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
03:04:32.0680 2992  ksthunk - ok
03:04:32.0711 2992  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
03:04:32.0742 2992  KtmRm - ok
03:04:32.0789 2992  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
03:04:32.0836 2992  LanmanServer - ok
03:04:32.0867 2992  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
03:04:32.0914 2992  LanmanWorkstation - ok
03:04:32.0961 2992  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
03:04:33.0008 2992  lltdio - ok
03:04:33.0039 2992  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
03:04:33.0086 2992  lltdsvc - ok
03:04:33.0101 2992  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
03:04:33.0148 2992  lmhosts - ok
03:04:33.0195 2992  [ F4A17DCAB576267C85663E64F3ACE5A4 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
03:04:33.0210 2992  LMS - ok
03:04:33.0257 2992  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
03:04:33.0273 2992  LSI_FC - ok
03:04:33.0304 2992  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
03:04:33.0320 2992  LSI_SAS - ok
03:04:33.0335 2992  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
03:04:33.0335 2992  LSI_SAS2 - ok
03:04:33.0351 2992  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
03:04:33.0366 2992  LSI_SCSI - ok
03:04:33.0398 2992  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
03:04:33.0444 2992  luafv - ok
03:04:33.0491 2992  mbamswissarmy - ok
03:04:33.0569 2992  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
03:04:33.0585 2992  McComponentHostService - ok
03:04:33.0600 2992  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
03:04:33.0632 2992  Mcx2Svc - ok
03:04:33.0663 2992  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
03:04:33.0678 2992  megasas - ok
03:04:33.0725 2992  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
03:04:33.0741 2992  MegaSR - ok
03:04:33.0772 2992  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys
03:04:33.0772 2992  MEIx64 - ok
03:04:33.0819 2992  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
03:04:33.0850 2992  MMCSS - ok
03:04:33.0866 2992  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
03:04:33.0912 2992  Modem - ok
03:04:33.0928 2992  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
03:04:33.0959 2992  monitor - ok
03:04:33.0975 2992  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
03:04:33.0990 2992  mouclass - ok
03:04:34.0022 2992  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
03:04:34.0053 2992  mouhid - ok
03:04:34.0068 2992  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
03:04:34.0084 2992  mountmgr - ok
03:04:34.0146 2992  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:04:34.0146 2992  MozillaMaintenance - ok
03:04:34.0193 2992  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
03:04:34.0193 2992  mpio - ok
03:04:34.0224 2992  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
03:04:34.0256 2992  mpsdrv - ok
03:04:34.0287 2992  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
03:04:34.0334 2992  MpsSvc - ok
03:04:34.0349 2992  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
03:04:34.0380 2992  MRxDAV - ok
03:04:34.0412 2992  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
03:04:34.0458 2992  mrxsmb - ok
03:04:34.0490 2992  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:04:34.0505 2992  mrxsmb10 - ok
03:04:34.0521 2992  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:04:34.0536 2992  mrxsmb20 - ok
03:04:34.0568 2992  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
03:04:34.0583 2992  msahci - ok
03:04:34.0599 2992  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
03:04:34.0614 2992  msdsm - ok
03:04:34.0646 2992  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
03:04:34.0677 2992  MSDTC - ok
03:04:34.0692 2992  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
03:04:34.0739 2992  Msfs - ok
03:04:34.0770 2992  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
03:04:34.0817 2992  mshidkmdf - ok
03:04:34.0848 2992  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
03:04:34.0864 2992  msisadrv - ok
03:04:34.0880 2992  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
03:04:34.0926 2992  MSiSCSI - ok
03:04:34.0926 2992  msiserver - ok
03:04:34.0942 2992  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
03:04:34.0989 2992  MSKSSRV - ok
03:04:35.0004 2992  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
03:04:35.0051 2992  MSPCLOCK - ok
03:04:35.0067 2992  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
03:04:35.0129 2992  MSPQM - ok
03:04:35.0145 2992  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
03:04:35.0160 2992  MsRPC - ok
03:04:35.0192 2992  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
03:04:35.0192 2992  mssmbios - ok
03:04:35.0223 2992  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
03:04:35.0270 2992  MSTEE - ok
03:04:35.0285 2992  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
03:04:35.0301 2992  MTConfig - ok
03:04:35.0332 2992  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
03:04:35.0348 2992  Mup - ok
03:04:35.0410 2992  [ C00F9A366C3CFA2F18CA7835E15E4C95 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
03:04:35.0426 2992  MyWiFiDHCPDNS - ok
03:04:35.0457 2992  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
03:04:35.0504 2992  napagent - ok
03:04:35.0550 2992  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
03:04:35.0582 2992  NativeWifiP - ok
03:04:35.0628 2992  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
03:04:35.0644 2992  NDIS - ok
03:04:35.0675 2992  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
03:04:35.0722 2992  NdisCap - ok
03:04:35.0769 2992  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
03:04:35.0800 2992  NdisTapi - ok
03:04:35.0816 2992  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
03:04:35.0878 2992  Ndisuio - ok
03:04:35.0894 2992  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
03:04:35.0940 2992  NdisWan - ok
03:04:35.0956 2992  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
03:04:36.0003 2992  NDProxy - ok
03:04:36.0050 2992  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
03:04:36.0096 2992  NetBIOS - ok
03:04:36.0112 2992  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
03:04:36.0159 2992  NetBT - ok
03:04:36.0159 2992  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
03:04:36.0174 2992  Netlogon - ok
03:04:36.0206 2992  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
03:04:36.0252 2992  Netman - ok
03:04:36.0299 2992  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:04:36.0299 2992  NetMsmqActivator - ok
03:04:36.0315 2992  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:04:36.0315 2992  NetPipeActivator - ok
03:04:36.0330 2992  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
03:04:36.0393 2992  netprofm - ok
03:04:36.0393 2992  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:04:36.0393 2992  NetTcpActivator - ok
03:04:36.0408 2992  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:04:36.0408 2992  NetTcpPortSharing - ok
03:04:36.0596 2992  [ B25FE0FA523579B6FA327311A579866E ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
03:04:36.0861 2992  NETwNs64 - ok
03:04:36.0892 2992  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
03:04:36.0892 2992  nfrd960 - ok
03:04:36.0923 2992  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
03:04:36.0970 2992  NlaSvc - ok
03:04:36.0986 2992  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
03:04:37.0017 2992  Npfs - ok
03:04:37.0032 2992  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
03:04:37.0079 2992  nsi - ok
03:04:37.0079 2992  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
03:04:37.0126 2992  nsiproxy - ok
03:04:37.0188 2992  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
03:04:37.0235 2992  Ntfs - ok
03:04:37.0266 2992  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
03:04:37.0313 2992  Null - ok
03:04:37.0344 2992  [ B227E75AD10A142DD326B4CC8D73A6D9 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
03:04:37.0391 2992  nusb3hub - ok
03:04:37.0407 2992  [ 55959DB860E4E484681586824D09E52C ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
03:04:37.0454 2992  nusb3xhc - ok
03:04:37.0734 2992  [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
03:04:38.0093 2992  nvlddmkm - ok
03:04:38.0156 2992  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
03:04:38.0156 2992  nvraid - ok
03:04:38.0187 2992  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
03:04:38.0187 2992  nvstor - ok
03:04:38.0234 2992  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
03:04:38.0249 2992  nv_agp - ok
03:04:38.0265 2992  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
03:04:38.0296 2992  ohci1394 - ok
03:04:38.0358 2992  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:04:38.0374 2992  ose - ok
03:04:38.0405 2992  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
03:04:38.0436 2992  p2pimsvc - ok
03:04:38.0452 2992  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
03:04:38.0468 2992  p2psvc - ok
03:04:38.0499 2992  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
03:04:38.0530 2992  Parport - ok
03:04:38.0561 2992  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
03:04:38.0561 2992  partmgr - ok
03:04:38.0592 2992  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
03:04:38.0639 2992  PcaSvc - ok
03:04:38.0686 2992  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
03:04:38.0702 2992  pci - ok
03:04:38.0717 2992  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
03:04:38.0733 2992  pciide - ok
03:04:38.0748 2992  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
03:04:38.0764 2992  pcmcia - ok
03:04:38.0764 2992  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
03:04:38.0780 2992  pcw - ok
03:04:38.0811 2992  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
03:04:38.0873 2992  PEAUTH - ok
03:04:38.0936 2992  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
03:04:38.0982 2992  PerfHost - ok
03:04:39.0045 2992  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
03:04:39.0107 2992  pla - ok
03:04:39.0154 2992  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
03:04:39.0201 2992  PlugPlay - ok
03:04:39.0279 2992  [ E9605A180001A6B5551112D91DE92CA1 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
03:04:39.0294 2992  PMBDeviceInfoProvider - ok
03:04:39.0310 2992  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
03:04:39.0341 2992  PNRPAutoReg - ok
03:04:39.0357 2992  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
03:04:39.0372 2992  PNRPsvc - ok
03:04:39.0404 2992  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
03:04:39.0466 2992  PolicyAgent - ok
03:04:39.0482 2992  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
03:04:39.0544 2992  Power - ok
03:04:39.0591 2992  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
03:04:39.0638 2992  PptpMiniport - ok
03:04:39.0669 2992  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
03:04:39.0684 2992  Processor - ok
03:04:39.0731 2992  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
03:04:39.0762 2992  ProfSvc - ok
03:04:39.0778 2992  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
03:04:39.0778 2992  ProtectedStorage - ok
03:04:39.0809 2992  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
03:04:39.0856 2992  Psched - ok
03:04:39.0918 2992  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
03:04:39.0965 2992  ql2300 - ok
03:04:39.0996 2992  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
03:04:40.0012 2992  ql40xx - ok
03:04:40.0043 2992  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
03:04:40.0059 2992  QWAVE - ok
03:04:40.0074 2992  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
03:04:40.0106 2992  QWAVEdrv - ok
03:04:40.0121 2992  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
03:04:40.0184 2992  RasAcd - ok
03:04:40.0215 2992  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
03:04:40.0246 2992  RasAgileVpn - ok
03:04:40.0277 2992  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
03:04:40.0340 2992  RasAuto - ok
03:04:40.0355 2992  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
03:04:40.0402 2992  Rasl2tp - ok
03:04:40.0418 2992  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
03:04:40.0449 2992  RasMan - ok
03:04:40.0480 2992  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
03:04:40.0542 2992  RasPppoe - ok
03:04:40.0558 2992  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
03:04:40.0605 2992  RasSstp - ok
03:04:40.0636 2992  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
03:04:40.0683 2992  rdbss - ok
03:04:40.0714 2992  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
03:04:40.0745 2992  rdpbus - ok
03:04:40.0776 2992  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
03:04:40.0808 2992  RDPCDD - ok
03:04:40.0823 2992  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
03:04:40.0870 2992  RDPENCDD - ok
03:04:40.0901 2992  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
03:04:40.0932 2992  RDPREFMP - ok
03:04:40.0948 2992  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
03:04:40.0995 2992  RDPWD - ok
03:04:41.0042 2992  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
03:04:41.0042 2992  rdyboost - ok
03:04:41.0151 2992  [ 79B2095737F44D9573DE9850D3571C37 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
03:04:41.0182 2992  RegSrvc - ok
03:04:41.0198 2992  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
03:04:41.0244 2992  RemoteAccess - ok
03:04:41.0276 2992  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
03:04:41.0338 2992  RemoteRegistry - ok
03:04:41.0369 2992  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
03:04:41.0400 2992  RFCOMM - ok
03:04:41.0416 2992  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
03:04:41.0478 2992  RpcEptMapper - ok
03:04:41.0510 2992  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
03:04:41.0525 2992  RpcLocator - ok
03:04:41.0572 2992  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
03:04:41.0603 2992  RpcSs - ok
03:04:41.0650 2992  [ EBBFA2B4E317AF86E93FEC4C04D7A9B3 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
03:04:41.0666 2992  RSPCIESTOR - ok
03:04:41.0697 2992  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
03:04:41.0728 2992  rspndr - ok
03:04:41.0744 2992  [ EA5532868BA76923D75BCB2A1448D810 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
03:04:41.0775 2992  RTL8167 - ok
03:04:41.0790 2992  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
03:04:41.0790 2992  SamSs - ok
03:04:41.0806 2992  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
03:04:41.0822 2992  sbp2port - ok
03:04:41.0837 2992  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
03:04:41.0884 2992  SCardSvr - ok
03:04:41.0900 2992  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
03:04:41.0946 2992  scfilter - ok
03:04:41.0978 2992  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
03:04:42.0040 2992  Schedule - ok
03:04:42.0087 2992  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
03:04:42.0118 2992  SCPolicySvc - ok
03:04:42.0149 2992  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
03:04:42.0180 2992  sdbus - ok
03:04:42.0212 2992  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
03:04:42.0258 2992  SDRSVC - ok
03:04:42.0305 2992  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
03:04:42.0336 2992  secdrv - ok
03:04:42.0352 2992  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
03:04:42.0383 2992  seclogon - ok
03:04:42.0399 2992  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
03:04:42.0430 2992  SENS - ok
03:04:42.0461 2992  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
03:04:42.0508 2992  SensrSvc - ok
03:04:42.0555 2992  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
03:04:42.0586 2992  Serenum - ok
03:04:42.0633 2992  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
03:04:42.0664 2992  Serial - ok
03:04:42.0695 2992  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
03:04:42.0711 2992  sermouse - ok
03:04:42.0758 2992  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
03:04:42.0804 2992  SessionEnv - ok
03:04:42.0851 2992  [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP            C:\Windows\system32\drivers\SFEP.sys
03:04:42.0882 2992  SFEP - ok
03:04:42.0882 2992  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
03:04:42.0914 2992  sffdisk - ok
03:04:42.0929 2992  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
03:04:42.0960 2992  sffp_mmc - ok
03:04:42.0992 2992  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
03:04:43.0023 2992  sffp_sd - ok
03:04:43.0070 2992  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
03:04:43.0085 2992  sfloppy - ok
03:04:43.0116 2992  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
03:04:43.0163 2992  SharedAccess - ok
03:04:43.0210 2992  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:04:43.0257 2992  ShellHWDetection - ok
03:04:43.0288 2992  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
03:04:43.0304 2992  SiSRaid2 - ok
03:04:43.0319 2992  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
03:04:43.0335 2992  SiSRaid4 - ok
03:04:43.0382 2992  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
03:04:43.0428 2992  Smb - ok
03:04:43.0475 2992  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
03:04:43.0475 2992  SNMPTRAP - ok
03:04:43.0538 2992  [ DDF2EC98AF6FC70608A4F9CE4DB52758 ] SOHCImp         C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
03:04:43.0553 2992  SOHCImp - ok
03:04:43.0584 2992  [ 5FA03F5EA6EFEF6D17B4A1A48C40A23C ] SOHDs           C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
03:04:43.0584 2992  SOHDs - ok
03:04:43.0662 2992  [ 65E5659E9C2A0762D05657C0E22A7CA2 ] SpfService      C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
03:04:43.0678 2992  SpfService - ok
03:04:43.0694 2992  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
03:04:43.0709 2992  spldr - ok
03:04:43.0740 2992  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
03:04:43.0756 2992  Spooler - ok
03:04:43.0865 2992  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
03:04:43.0959 2992  sppsvc - ok
03:04:43.0974 2992  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
03:04:44.0021 2992  sppuinotify - ok
03:04:44.0052 2992  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
03:04:44.0099 2992  srv - ok
03:04:44.0115 2992  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
03:04:44.0146 2992  srv2 - ok
03:04:44.0177 2992  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
03:04:44.0177 2992  srvnet - ok
03:04:44.0208 2992  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
03:04:44.0255 2992  SSDPSRV - ok
03:04:44.0302 2992  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
03:04:44.0318 2992  SSPORT - ok
03:04:44.0333 2992  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
03:04:44.0364 2992  SstpSvc - ok
03:04:44.0427 2992  [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
03:04:44.0442 2992  ssudmdm - ok
03:04:44.0442 2992  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
03:04:44.0458 2992  stexstor - ok
03:04:44.0505 2992  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
03:04:44.0552 2992  stisvc - ok
03:04:44.0583 2992  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
03:04:44.0583 2992  swenum - ok
03:04:44.0661 2992  [ 18AA39F3229D033D83C40E2B86F86757 ] SWGVCSvc        C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
03:04:44.0676 2992  SWGVCSvc - ok
03:04:44.0692 2992  [ 62EAC9FB03C327654608070FA78BA84D ] SWIPsec         C:\Windows\system32\Drivers\SWIPsec.sys
03:04:44.0708 2992  SWIPsec - ok
03:04:44.0739 2992  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
03:04:44.0801 2992  swprv - ok
03:04:44.0832 2992  [ DCF11E08A8524B19EC47515C22BE492E ] SWVNIC          C:\Windows\system32\DRIVERS\swvnic.sys
03:04:44.0848 2992  SWVNIC - ok
03:04:44.0895 2992  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
03:04:44.0942 2992  SysMain - ok
03:04:44.0973 2992  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
03:04:45.0004 2992  TabletInputService - ok
03:04:45.0035 2992  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
03:04:45.0066 2992  TapiSrv - ok
03:04:45.0082 2992  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
03:04:45.0129 2992  TBS - ok
03:04:45.0207 2992  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
03:04:45.0254 2992  Tcpip - ok
03:04:45.0285 2992  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
03:04:45.0316 2992  TCPIP6 - ok
03:04:45.0363 2992  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
03:04:45.0363 2992  tcpipreg - ok
03:04:45.0394 2992  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
03:04:45.0425 2992  TDPIPE - ok
03:04:45.0456 2992  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
03:04:45.0472 2992  TDTCP - ok
03:04:45.0488 2992  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
03:04:45.0534 2992  tdx - ok
03:04:45.0550 2992  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
03:04:45.0550 2992  TermDD - ok
03:04:45.0597 2992  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
03:04:45.0659 2992  TermService - ok
03:04:45.0675 2992  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
03:04:45.0690 2992  Themes - ok
03:04:45.0722 2992  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
03:04:45.0753 2992  THREADORDER - ok
03:04:45.0768 2992  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
03:04:45.0815 2992  TrkWks - ok
03:04:45.0862 2992  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:04:45.0893 2992  TrustedInstaller - ok
03:04:45.0924 2992  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
03:04:45.0971 2992  tssecsrv - ok
03:04:45.0987 2992  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
03:04:46.0018 2992  TsUsbFlt - ok
03:04:46.0018 2992  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
03:04:46.0049 2992  TsUsbGD - ok
03:04:46.0080 2992  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
03:04:46.0143 2992  tunnel - ok
03:04:46.0158 2992  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
03:04:46.0174 2992  uagp35 - ok
03:04:46.0221 2992  [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC ] uCamMonitor     C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
03:04:46.0236 2992  uCamMonitor - ok
03:04:46.0268 2992  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
03:04:46.0314 2992  udfs - ok
03:04:46.0346 2992  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
03:04:46.0361 2992  UI0Detect - ok
03:04:46.0392 2992  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
03:04:46.0408 2992  uliagpkx - ok
03:04:46.0424 2992  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
03:04:46.0455 2992  umbus - ok
03:04:46.0486 2992  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
03:04:46.0517 2992  UmPass - ok
03:04:46.0642 2992  [ DB641944F7E4B14C13C3FEFC89843F69 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
03:04:46.0704 2992  UNS - ok
03:04:46.0720 2992  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
03:04:46.0782 2992  upnphost - ok
03:04:46.0814 2992  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
03:04:46.0845 2992  usbccgp - ok
03:04:46.0892 2992  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
03:04:46.0907 2992  usbcir - ok
03:04:46.0938 2992  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
03:04:46.0954 2992  usbehci - ok
03:04:47.0001 2992  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
03:04:47.0032 2992  usbhub - ok
03:04:47.0048 2992  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
03:04:47.0079 2992  usbohci - ok
03:04:47.0110 2992  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
03:04:47.0126 2992  usbprint - ok
03:04:47.0172 2992  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
03:04:47.0188 2992  usbscan - ok
03:04:47.0219 2992  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:04:47.0250 2992  USBSTOR - ok
03:04:47.0282 2992  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
03:04:47.0297 2992  usbuhci - ok
03:04:47.0344 2992  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
03:04:47.0375 2992  usbvideo - ok
03:04:47.0406 2992  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
03:04:47.0453 2992  UxSms - ok
03:04:47.0531 2992  [ 387D3DFFCF0A544539E9C5D8B81169A2 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
03:04:47.0547 2992  VAIO Event Service - ok
03:04:47.0609 2992  [ D1933E428D991B15AFFD48B1A7BEB643 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
03:04:47.0640 2992  VAIO Power Management - ok
03:04:47.0656 2992  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
03:04:47.0672 2992  VaultSvc - ok
03:04:47.0734 2992  [ D00058C1FFF3F3DE990444A5734E9639 ] VCFw            C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
03:04:47.0765 2992  VCFw - ok
03:04:47.0828 2992  [ F19275655B42086C884ABCDAE2C659AE ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
03:04:47.0843 2992  VcmIAlzMgr - ok
03:04:47.0890 2992  [ 2F06D134554BA84FE253DBC481DCFE6D ] VcmINSMgr       C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
03:04:47.0906 2992  VcmINSMgr - ok
03:04:47.0921 2992  [ 32A3735F6874B7783C6209ED5CA36D9D ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
03:04:47.0937 2992  VcmXmlIfHelper - ok
03:04:47.0952 2992  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
03:04:47.0952 2992  vdrvroot - ok
03:04:47.0984 2992  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
03:04:48.0046 2992  vds - ok
03:04:48.0077 2992  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
03:04:48.0093 2992  vga - ok
03:04:48.0108 2992  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
03:04:48.0140 2992  VgaSave - ok
03:04:48.0171 2992  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
03:04:48.0186 2992  vhdmp - ok
03:04:48.0218 2992  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
03:04:48.0233 2992  viaide - ok
03:04:48.0264 2992  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
03:04:48.0264 2992  volmgr - ok
03:04:48.0296 2992  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
03:04:48.0311 2992  volmgrx - ok
03:04:48.0358 2992  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
03:04:48.0374 2992  volsnap - ok
03:04:48.0405 2992  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
03:04:48.0420 2992  vsmraid - ok
03:04:48.0498 2992  [ 8BE8C47D5B09F5550DCBF6FCD8832CCB ] VSNService      C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
03:04:48.0530 2992  VSNService - ok
03:04:48.0576 2992  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
03:04:48.0654 2992  VSS - ok
03:04:48.0764 2992  [ 630BC8454C8F1398CE4FAEA1FBF62789 ] VUAgent         C:\Program Files\Sony\VAIO Update\VUAgent.exe
03:04:48.0795 2992  VUAgent - ok
03:04:48.0826 2992  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
03:04:48.0857 2992  vwifibus - ok
03:04:48.0873 2992  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
03:04:48.0904 2992  vwififlt - ok
03:04:48.0920 2992  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
03:04:48.0966 2992  vwifimp - ok
03:04:48.0982 2992  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
03:04:49.0029 2992  W32Time - ok
03:04:49.0060 2992  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
03:04:49.0076 2992  WacomPen - ok
03:04:49.0122 2992  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
03:04:49.0169 2992  WANARP - ok
03:04:49.0185 2992  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
03:04:49.0216 2992  Wanarpv6 - ok
03:04:49.0294 2992  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
03:04:49.0325 2992  WatAdminSvc - ok
03:04:49.0372 2992  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
03:04:49.0434 2992  wbengine - ok
03:04:49.0450 2992  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
03:04:49.0466 2992  WbioSrvc - ok
03:04:49.0481 2992  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
03:04:49.0528 2992  wcncsvc - ok
03:04:49.0559 2992  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
03:04:49.0590 2992  WcsPlugInService - ok
03:04:49.0606 2992  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
03:04:49.0622 2992  Wd - ok
03:04:49.0668 2992  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
03:04:49.0684 2992  Wdf01000 - ok
03:04:49.0700 2992  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
03:04:49.0778 2992  WdiServiceHost - ok
03:04:49.0778 2992  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
03:04:49.0793 2992  WdiSystemHost - ok
03:04:49.0840 2992  [ 63CE387483E74A0BD79EE4E5EBA1FD2E ] wdkmd           C:\Windows\system32\DRIVERS\WDKMD.sys
03:04:49.0840 2992  wdkmd - ok
03:04:49.0871 2992  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
03:04:49.0902 2992  WebClient - ok
03:04:49.0934 2992  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
03:04:49.0980 2992  Wecsvc - ok
03:04:50.0012 2992  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
03:04:50.0043 2992  wercplsupport - ok
03:04:50.0090 2992  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
03:04:50.0121 2992  WerSvc - ok
03:04:50.0152 2992  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
03:04:50.0183 2992  WfpLwf - ok
03:04:50.0199 2992  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
03:04:50.0214 2992  WIMMount - ok
03:04:50.0246 2992  WinDefend - ok
03:04:50.0261 2992  WinHttpAutoProxySvc - ok
03:04:50.0308 2992  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
03:04:50.0355 2992  Winmgmt - ok
03:04:50.0402 2992  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
03:04:50.0464 2992  WinRM - ok
03:04:50.0526 2992  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
03:04:50.0558 2992  WinUsb - ok
03:04:50.0604 2992  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
03:04:50.0651 2992  Wlansvc - ok
03:04:50.0682 2992  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
03:04:50.0698 2992  wlcrasvc - ok
03:04:50.0792 2992  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:04:50.0838 2992  wlidsvc - ok
03:04:50.0870 2992  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
03:04:50.0901 2992  WmiAcpi - ok
03:04:50.0932 2992  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
03:04:50.0963 2992  wmiApSrv - ok
03:04:50.0994 2992  WMPNetworkSvc - ok
03:04:51.0026 2992  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
03:04:51.0041 2992  WPCSvc - ok
03:04:51.0057 2992  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
03:04:51.0072 2992  WPDBusEnum - ok
03:04:51.0104 2992  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
03:04:51.0135 2992  ws2ifsl - ok
03:04:51.0150 2992  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
03:04:51.0182 2992  wscsvc - ok
03:04:51.0182 2992  WSearch - ok
03:04:51.0260 2992  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
03:04:51.0306 2992  wuauserv - ok
03:04:51.0322 2992  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
03:04:51.0369 2992  WudfPf - ok
03:04:51.0416 2992  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
03:04:51.0447 2992  WUDFRd - ok
03:04:51.0478 2992  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
03:04:51.0494 2992  wudfsvc - ok
03:04:51.0540 2992  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
03:04:51.0572 2992  WwanSvc - ok
03:04:51.0603 2992  ================ Scan global ===============================
03:04:51.0634 2992  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
03:04:51.0681 2992  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
03:04:51.0681 2992  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
03:04:51.0712 2992  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
03:04:51.0728 2992  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
03:04:51.0743 2992  [Global] - ok
03:04:51.0743 2992  ================ Scan MBR ==================================
03:04:51.0759 2992  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
03:04:52.0742 2992  \Device\Harddisk0\DR0 - ok
03:04:52.0742 2992  ================ Scan VBR ==================================
03:04:52.0773 2992  [ A22B670895B065CF80894A531A75B644 ] \Device\Harddisk0\DR0\Partition1
03:04:52.0773 2992  \Device\Harddisk0\DR0\Partition1 - ok
03:04:52.0788 2992  [ E6C546A6087D6190BE702F31291225CF ] \Device\Harddisk0\DR0\Partition2
03:04:52.0788 2992  \Device\Harddisk0\DR0\Partition2 - ok
03:04:52.0788 2992  ============================================================
03:04:52.0788 2992  Scan finished
03:04:52.0788 2992  ============================================================
03:04:52.0804 6444  Detected object count: 3
03:04:52.0804 6444  Actual detected object count: 3
03:05:06.0516 6444  Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
03:05:06.0516 6444  Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
03:05:06.0516 6444  Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
03:05:06.0516 6444  Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
03:05:06.0516 6444  Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user
03:05:06.0516 6444  Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
03:05:23.0942 3500  Deinitialize success

Herzlich
M.

cosinus · 23.07.2013, 02:31

Sry hab mich da in meinen Bausteinen verklickt

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Tenenbaum · 23.07.2013, 03:13

Here we go again:

a) JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.1 (07.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Tenenbaum on 23.07.2013 at  3:35:53,40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{c26644c4-2a12-4ca6-8f2e-0ede6cf018f3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\quickshare_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\quickshare_rasmancs
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\browserprotect"
Successfully deleted: [Folder] "C:\Users\Tenenbaum\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Tenenbaum\AppData\Roaming\dsite"
Successfully deleted: [Folder] "C:\Users\Tenenbaum\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Tenenbaum\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Tenenbaum\appdata\locallow\delta"
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{01AB81B9-6F24-4EC2-A48E-58958F5DA097}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{02E90B93-BE90-434D-8F5D-04CC879D0387}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{03CD2ECE-6777-4CBA-B48A-49007DE09A8C}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{054D74D4-342B-4AE0-AFB5-76EA10EFC4AD}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{08515917-EF74-4717-831D-0CF8B68CDE3F}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{0C48735E-E260-4576-8F56-4596548D6650}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{10127883-4575-4FB4-B198-B4991708BD30}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{10C246DF-96E8-4AB9-A3E0-68D3F1D3F66B}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{1A93066E-4527-4DC9-BB3B-A57EC5AC9B9C}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{1EF73A50-1885-43BC-A768-5EB432030C99}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{2453BE68-32F4-44B7-9742-8DD8F76087D7}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{275FE1DB-2DAA-4966-BF83-E255DD9BD4BA}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{28032D62-BC83-4A06-955A-4808292A2B35}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{318ECC3E-387D-4795-8BEC-79F97513980C}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{35BFD7EE-2671-4DFD-842F-F5390FBBF034}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{381C5DAB-1365-4E33-A7E9-0538A0790C50}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{38D9EBD7-3D63-4548-9492-B4D54F7D2B2D}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{3C423ECE-746C-4A21-8F22-9AADB6C7D4D1}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{3FB8D9B5-FEF5-47D5-A04C-23B42077D0DB}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{51E3EBEF-C23B-4BAD-913E-49857E280041}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{53E2FDDE-42B5-4E5A-92E9-8174F3EF5C2F}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{54A4F582-4A7F-46EE-960C-63DE72456414}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{5F2F2903-0D0D-4C6E-AF97-E63E7DB30221}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{628E4458-A9BF-4008-A545-C7DF5C84AFAF}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{647588D3-48BA-45FA-BE3D-DCBE8D740CBF}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{68E1F289-D6D6-42E7-ACCE-28D3C82EE3F2}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{693472A6-EC44-4397-A0B1-EA9FB2F82EB6}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{6B70F129-13BA-4CC2-98DC-49CC5EBCD598}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{6D36B503-BB38-4250-B2F3-E4238C2CB930}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{6DA19760-E12F-46B4-BA48-A152CC592AA4}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{6E234345-FAEE-4A38-B548-159E547C103B}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{6EA5FF5E-08AB-4BEF-B2DE-CE1886D362F0}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{709D0C21-612C-4449-A067-6125D65D54E3}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{70A6694E-FDAA-4503-8E8F-E31D82ED6640}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{755ECAD4-DEB6-44BD-84E2-B8C7B644B351}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{768FF1B9-B4B2-472F-85D1-6BF9025132B5}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{76C642AA-4EB4-4283-8FC3-98061CC65AD9}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{7A760E63-BFCC-4431-A694-BADADB9BB2CB}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{7C03A477-D4C2-4B22-9DC8-4371134A40ED}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{7E946F4C-0019-4FD9-BAEE-0C73017D7BD8}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{7EA21D4B-83A9-481C-A8F2-59E10A11B209}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{812A4E27-FBCE-4915-BFF4-2B697FFD24E6}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{81AE7485-0A0F-4A12-A1DC-4DF7389B280E}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{842379D5-3548-41FB-A338-628504C1DEEF}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{870159A3-AA4D-4E45-96F3-5B9E17AB20B8}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{890C5228-18CC-4E4F-A1DF-FF73A1179FCE}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{8A5785A2-48D9-43AD-A040-67295145F70D}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{8E4B87B9-7376-44C5-AFCA-D79BFC8130F9}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{9030688B-9555-40A9-9FAA-7F6C2701C8DF}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{96F36E00-B416-44BE-8888-2C276D2F42D1}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{9D2145A5-6192-4557-9CE6-B627ACAF67B1}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{A4951A43-9478-46FF-B3D3-872D1CF7047F}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{A4ECB324-CBC2-4983-B6B6-D27D62BEE357}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{A96F9B7B-F4D4-46B0-9E52-4E2EF376780E}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{AE5EE802-2E49-4B1D-9F46-50F1E92A7A5B}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{AF50459C-582E-4885-8639-76A0C7075625}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{B1637684-AB92-4362-BDF6-8471273C65E9}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{B1F0146B-6DA3-406F-AC5A-FA0DD6066690}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{B2354F26-365D-4DAF-B536-2BE5ED5F10A9}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{B65A19FB-BEBD-46A7-8D92-388579DDC83A}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{B97F33CC-865E-42AF-BA6E-9AFFC8FD4497}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{B9820EDE-F781-45FB-87F5-6F94063E4CE5}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{BC47DB49-2CA2-4EA7-98F4-F7CB7115FE84}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{BF3294F2-AF37-4898-8DF1-8C41A7D90C6C}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{C82F5C7D-AE3B-4B96-AB0A-682B8588DFC0}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{C9712631-E767-40B1-B732-8F79F8074747}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{CC08A8E4-68D3-41AF-9321-B9B0426BEA90}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{E440C58E-224B-4449-B60A-027419E6DE92}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{E5CDACB5-3E53-4F0B-8FF7-BBC3A4D031FA}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{EF36F4E0-BB24-41FC-AD37-28324D5A78BE}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{EFC168F8-5B1E-47E2-A262-E92CBADFC4C9}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{F08C9A3A-B146-4FA7-A27D-F807EEB7BD4E}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{F0951684-8C3B-4FD6-9053-6F9F8C133F92}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{F1F7D347-8D66-45FF-93D1-D63DCEDB5963}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{F3BA3044-20C7-4495-BDBA-F90D8D1AB536}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{F49169C8-BC43-42CC-8D62-906777146100}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{F6A63690-5E19-4A18-B2F5-9CD32A7674FE}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{F8C700C5-BA1B-4D18-9C17-4031F45D9D91}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{FC30FF3A-BF53-49C6-B4AE-6BEE7A6A0C22}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{FEC5AEA6-811A-4EDC-B8DE-EF8C1998F133}
Successfully deleted: [Empty Folder] C:\Users\Tenenbaum\appdata\local\{FFA61B14-9A5D-4DFB-8743-5C2F7426E99E}



~~~ FireFox

Successfully deleted: [File] C:\Users\Tenenbaum\AppData\Roaming\mozilla\firefox\profiles\at3tgvbi.default-1368462960951\user.js
Successfully deleted: [File] C:\Users\Tenenbaum\AppData\Roaming\mozilla\firefox\profiles\at3tgvbi.default-1368462960951\invalidprefs.js
Successfully deleted: [File] C:\Users\Tenenbaum\AppData\Roaming\mozilla\firefox\profiles\at3tgvbi.default-1368462960951\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\Tenenbaum\AppData\Roaming\mozilla\firefox\profiles\at3tgvbi.default-1368462960951\searchplugins\delta.xml
Successfully deleted the following from C:\Users\Tenenbaum\AppData\Roaming\mozilla\firefox\profiles\at3tgvbi.default-1368462960951\prefs.js

user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "de");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "1a03c3f000000000000088532e4bc5a9");
user_pref("extensions.delta.instlDay", "15907");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.21.5");
user_pref("extensions.delta.vrsnTs", "1.8.21.523:18:14");
user_pref("extensions.delta.vrsni", "1.8.21.5");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4950");
user_pref("extensions.delta_i.srcExt", "ss");
Emptied folder: C:\Users\Tenenbaum\AppData\Roaming\mozilla\firefox\profiles\at3tgvbi.default-1368462960951\minidumps [36 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2013 at  3:40:49,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

b) ADWCleaner

Code:

ATTFilter

# AdwCleaner v2.306 - Datei am 23/07/2013 um 03:45:27 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Tenenbaum - TENENBAUMBASIS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tenenbaum\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Windows\Tasks\EPUpdater.job

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\UpdateStar
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5a57dedae73fba41
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Tenenbaum\AppData\Roaming\Mozilla\Firefox\Profiles\at3tgvbi.default-1368462960951\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1512 octets] - [23/07/2013 03:45:27]

########## EOF - C:\AdwCleaner[S1].txt - [1572 octets] ##########

c) und 2mal OTL

(sind als ZIP im Anhang)

cosinus · 23.07.2013, 03:20

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Tenenbaum · 23.07.2013, 10:17

Also -

hab gestern über Nacht einen Malwarebytes Vollscan gemacht und heute Morgen leider verpasst, bei den 2 Funden ein Häkchen zu machen, deswegen hab ich dann jetzt nochmal NUR einen Quick-Scan gemacht und die beiden Funde entfernt.

Hier das Log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.23.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Tenenbaum :: TENENBAUMBASIS [Administrator]

23.07.2013 10:48:17
mbam-log-2013-07-23 (10-48-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 219542
Laufzeit: 5 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Tenenbaum\AppData\Local\Temp\LyricsPal.exe (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tenenbaum\AppData\Local\Temp\is2036094744\FindLyrics.exe (PUP.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

b) ESET ging überraschend schnell - nur 2 Minuten. Kann das sein?

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=811e13298a8e9c489c7ad9df5f32129f
# engine=14500
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-23 09:05:18
# local_time=2013-07-23 11:05:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 0 11568851 24249 0
# compatibility_mode=5893 16776574 100 94 0 126200168 0 0
# scanned=537
# found=0
# cleaned=0
# scan_time=128

Herzliche Grüße
Matthias

cosinus · 24.07.2013, 00:41

Nu Rest in Temp, bitte mal dazu TFC ausführen

TFC - Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Tenenbaum · 24.07.2013, 09:30

Erledigt.

Sind wir etwa schon durch?

Um noch mal auf meinen Ausgangs-Post zurückzukommen: denkst Du, was wir da "erledigt" haben, war auch verantwortlich für meine Blue-Screen- Abstürze und Soundkarten-Probleme?
Oder müsste ich da noch mal separat in einem Windows-Thread nachforschen?

herzliche Grüße
Matthias

cosinus · 24.07.2013, 14:43

Sind die Abstürze/Bluescreens denn jetzt weg?

24.07.2013, 14:43	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	AntiVir findet u.a.: TR/Dldr.Dofoil.R.266, JAVA/Dldr.Obfshlp.MA, EXP/CVE-2013-2423.DV, TR/Spy.ZBot.lntt.12, JAVA/Lamar.gta.27 Sind die Abstürze/Bluescreens denn jetzt weg? __________________ Logfiles bitte immer in CODE-Tags posten

AntiVir findet u.a.: TR/Dldr.Dofoil.R.266, JAVA/Dldr.Obfshlp.MA, EXP/CVE-2013-2423.DV, TR/Spy.ZBot.lntt.12, JAVA/Lamar.gta.27

Log-Analyse und Auswertung: AntiVir findet u.a.: TR/Dldr.Dofoil.R.266, JAVA/Dldr.Obfshlp.MA, EXP/CVE-2013-2423.DV, TR/Spy.ZBot.lntt.12, JAVA/Lamar.gta.27