Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   AVG meldet Rootkits in spjl.sys (https://www.trojaner-board.de/117522-avg-meldet-rootkits-spjl-sys.html)

Mieserwitz 18.06.2012 10:04
AVG meldet Rootkits in spjl.sys
 
Hallo,

mein AVG Internet Security 2012 meldet mir 7 Rootkits in der Datei spjl.sys.

Hier das AVG-Log:
Code:
"";"C:\Windows\System32\Drivers\spjl.sys";"atapi.sys, Import-Hook ataport.SYS AtaPortReadPortBufferUshort -> spjl.sys +0x2D35C";"Verstecktes Objekt"
"";"C:\Windows\System32\Drivers\spjl.sys";"atapi.sys, Import-Hook ataport.SYS AtaPortReadPortUchar -> spjl.sys +0x2D224";"Verstecktes Objekt"
"";"C:\Windows\System32\Drivers\spjl.sys";"atapi.sys, Import-Hook ataport.SYS AtaPortWritePortUchar -> spjl.sys +0x2DA24";"Verstecktes Objekt"
"";"C:\Windows\System32\Drivers\spjl.sys";"atapi.sys, Import-Hook ataport.SYS AtaPortWritePortBufferUshort -> spjl.sys +0x2DBA0";"Verstecktes Objekt"
"";"C:\Windows\System32\Drivers\spjl.sys";"pci.sys, Import-Hook ntoskrnl.exe IoAttachDeviceToDeviceStack -> spjl.sys +0x62650";"Verstecktes Objekt"
"";"C:\Windows\System32\Drivers\spjl.sys";"pci.sys, Import-Hook ntoskrnl.exe IoDetachDevice -> spjl.sys +0x625DC";"Verstecktes Objekt"
"";"C:\Windows\System32\Drivers\spjl.sys";"Inline-Hook ataport.SYS DllUnload -> spjl.sys +0x5E360";"Verstecktes Objekt"
Das OTL-Log:
Code:
OTL logfile created on: 18.06.2012 10:49:06 - Run 2
OTL by OldTimer - Version 3.2.49.0    Folder = D:\Nu kuck rein
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,70 Gb Available Physical Memory | 71,25% Memory free
15,99 Gb Paging File | 13,71 Gb Available in Paging File | 85,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 62,04 Gb Free Space | 55,54% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 409,76 Gb Free Space | 87,98% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 366,00 Gb Free Space | 78,58% Space Free | Partition Type: NTFS
Drive F: | 1397,26 Gb Total Space | 638,87 Gb Free Space | 45,72% Space Free | Partition Type: NTFS
 
Computer Name: XXXX-PC | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Nu kuck rein\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Windows\SysWOW64\javaw.exe (Oracle Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll ()
MOD - C:\Program Files (x86)\Common Files\Stardock\ODImg.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDock\ODImg.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater11.1.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SKYNET) -- C:\Windows\SysNative\drivers\SkyNET_AMD64.sys (TechniSat Digital, S.A.)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2418}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2418}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=418&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2418}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2418}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=418&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 01 DD F6 0D 23 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={D5716FDA-B3A9-42E1-B677-4E0DC0EB1B87}&mid=1233be83bf8247d0ae7e6de783ce5d53-a69f8dc3a8ac24c656c806b689e7ae455e04d966&lang=de&ds=AVG&pr=pr&d=2012-04-18 20:40:27&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2418}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=418&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bb81d41b4-b00f-474e-8d90-b48a9a577ab9%7D&mid=1233be83bf8247d0ae7e6de783ce5d53-a69f8dc3a8ac24c656c806b689e7ae455e04d966&ds=AVG&v=11.0.0.9&lang=de&pr=pr&d=2012-04-18%2020%3A40%3A27&sap=ku&q="
 
FF - user.js..browser.search.openintab: false
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.06.11 15:53:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.04.27 13:35:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012.06.12 22:55:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 20:36:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.07 20:17:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.18 20:07:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2012.04.18 19:58:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 20:36:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.07 20:17:22 | 000,000,000 | ---D | M]
 
[2012.05.01 22:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions
[2012.05.27 11:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\1x2m12al.default\extensions
[2012.05.01 22:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.27 13:35:52 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012.04.18 23:12:36 | 000,275,540 | ---- | M] () (No name found) -- C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1X2M12AL.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012.04.18 23:12:36 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1X2M12AL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.16 20:36:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.04.18 20:03:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.12 22:55:00 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.04.18 20:03:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.18 20:03:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.18 20:03:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.01 22:39:59 | 000,002,515 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012.04.18 20:03:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.18 20:03:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\XXXX\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jAnrufmonitor 5.0.lnk = C:\Eigenes Zeug\JAnrufmonitor\jam.exe ()
O4 - Startup: C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\RSLSP.dll (Ratajik Software)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BF53AE7-6E02-46B4-9A31-4675D95E1C87}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA3B2C80-3DAD-4EDA-BE89-E6D7E7ED8C0A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (AnyDiscHelp.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.03 21:54:57 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.17 19:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools&More
[2012.06.17 19:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tools&More
[2012.06.17 19:21:59 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.06.16 22:27:07 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Google
[2012.06.16 20:41:24 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Tobit
[2012.06.16 20:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tobit
[2012.06.16 19:18:41 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Macromedia
[2012.06.15 18:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012.06.13 19:27:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.13 19:27:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.13 19:27:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.13 19:27:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.13 19:27:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.13 19:27:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.13 19:27:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.13 19:27:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.13 19:27:07 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.13 19:27:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.13 19:27:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.13 19:27:07 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.13 19:27:07 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.13 19:26:46 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.13 19:26:45 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.13 19:26:42 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.13 19:26:42 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.13 19:26:42 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.13 19:26:41 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.13 19:26:40 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.13 19:26:39 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.13 19:26:39 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.12 22:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite
[2012.06.12 22:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\nLite
[2012.06.11 16:40:29 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\FRITZ!
[2012.06.11 16:40:29 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\FRITZ!
[2012.06.11 15:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.06.08 00:30:30 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\America's Army 3
[2012.06.08 00:15:22 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\PunkBuster
[2012.06.08 00:10:20 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012.06.08 00:10:20 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012.06.08 00:10:20 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012.06.08 00:10:20 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012.06.08 00:10:20 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2012.06.08 00:10:20 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2012.06.08 00:10:20 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012.06.08 00:10:20 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012.06.08 00:10:20 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2012.06.08 00:10:20 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2012.06.08 00:10:20 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012.06.08 00:10:20 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012.06.08 00:10:20 | 000,021,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_2.dll
[2012.06.08 00:10:20 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_2.dll
[2012.06.08 00:10:19 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2012.06.08 00:10:19 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012.06.08 00:10:19 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012.06.08 00:10:19 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012.06.08 00:10:19 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012.06.08 00:10:19 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012.06.08 00:10:19 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2012.06.08 00:10:19 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012.06.08 00:10:19 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2012.06.08 00:10:19 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012.06.08 00:10:19 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2012.06.08 00:10:19 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012.06.08 00:10:18 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2012.06.08 00:10:18 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012.06.08 00:10:18 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012.06.08 00:10:18 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012.06.08 00:10:18 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2012.06.08 00:10:18 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012.06.08 00:10:18 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2012.06.08 00:10:18 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2012.06.08 00:10:18 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012.06.08 00:10:18 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012.06.08 00:10:17 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012.06.08 00:10:17 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2012.06.08 00:10:17 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012.06.08 00:10:17 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012.06.08 00:10:17 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012.06.08 00:10:17 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012.06.08 00:10:17 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012.06.08 00:10:17 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012.06.08 00:10:17 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2012.06.08 00:10:17 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012.06.08 00:10:17 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012.06.08 00:10:17 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2012.06.08 00:10:17 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012.06.08 00:10:16 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2012.06.08 00:10:16 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012.06.08 00:10:14 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2012.06.08 00:10:14 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012.06.08 00:10:14 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012.06.08 00:10:14 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012.06.08 00:10:14 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2012.06.08 00:10:14 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012.06.08 00:10:13 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012.06.08 00:10:13 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012.06.08 00:10:13 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012.06.08 00:10:13 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012.06.08 00:10:13 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012.06.08 00:10:13 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012.06.08 00:10:12 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012.06.08 00:10:12 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012.06.08 00:10:12 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012.06.08 00:10:12 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012.06.08 00:10:12 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012.06.08 00:10:12 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012.06.07 20:33:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012.06.07 19:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2012.05.31 19:25:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.05.31 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Wondershare
[2012.05.31 19:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2012.05.31 19:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2012.05.31 19:25:39 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\Wondershare Video Editor
[2012.05.31 19:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2012.05.31 19:19:22 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Ashampoo
[2012.05.31 19:18:18 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\ashampoo
[2012.05.31 19:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2012.05.31 19:18:17 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012.05.31 19:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2012.05.31 18:49:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2012.05.27 20:41:23 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Apps
[2012.05.27 12:31:10 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\ID3-TagIT 3
[2012.05.27 12:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ID3-TagIT 3
[2012.05.27 12:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ID3-TagIT 3
[2012.05.27 12:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ID3-TagIT 3
[2012.05.25 21:13:49 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\CoSoSys
[2012.05.25 21:07:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.05.22 22:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StationRipper
[2012.05.22 20:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2012.05.22 20:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 8 Qt
[2012.05.22 20:06:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2012.05.22 19:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2012.05.22 19:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.18 09:39:47 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 09:39:47 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 09:38:56 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.18 09:38:56 | 000,656,246 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.18 09:38:56 | 000,616,792 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.18 09:38:56 | 000,130,620 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.18 09:38:56 | 000,106,914 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.18 09:37:55 | 100,552,554 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.06.18 09:32:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.18 09:32:29 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.17 17:14:32 | 000,349,800 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.06.16 19:26:48 | 000,036,565 | ---- | M] () -- C:\Users\XXXX\Desktop\Kundenbefragung.pdf
[2012.06.16 08:45:00 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.16 08:45:00 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.15 18:46:38 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012.06.14 07:29:25 | 000,411,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.11 16:32:05 | 000,066,647 | ---- | M] () -- C:\Users\XXXX\Desktop\Forum - CHIP Online - Malware-Basics.pdf
[2012.06.08 00:22:47 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.08 00:22:31 | 000,298,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.08 00:22:31 | 000,298,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.07 20:59:26 | 003,360,624 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.05 23:03:13 | 000,716,977 | ---- | M] () -- C:\Users\XXXX\Desktop\003.jpg
[2012.06.04 18:07:38 | 000,158,220 | ---- | M] () -- C:\Users\XXXX\Desktop\001.jpg
[2012.06.02 21:14:03 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk
[2012.05.31 19:25:47 | 000,001,202 | ---- | M] () -- C:\Users\XXXX\Desktop\Wondershare Video Editor.lnk
[2012.05.31 19:20:55 | 000,001,233 | ---- | M] () -- C:\Users\XXXX\Desktop\Ashampoo Photo Commander 8.lnk
[2012.05.31 19:18:17 | 000,001,371 | ---- | M] () -- C:\Users\XXXX\Desktop\Ashampoo Burning Studio Elements.lnk
[2012.05.29 17:03:45 | 000,625,911 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012.05.28 12:35:24 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.05.22 22:50:06 | 000,001,254 | ---- | M] () -- C:\Users\Public\Desktop\StationRipper.lnk
[2012.05.22 20:06:58 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib
 
========== Files Created - No Company Name ==========
 
[2012.06.16 20:41:04 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2012.06.16 19:26:47 | 000,036,565 | ---- | C] () -- C:\Users\XXXX\Desktop\Kundenbefragung.pdf
[2012.06.11 16:32:03 | 000,066,647 | ---- | C] () -- C:\Users\XXXX\Desktop\Forum - CHIP Online - Malware-Basics.pdf
[2012.06.08 00:22:31 | 000,298,280 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.08 00:10:37 | 000,298,280 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.08 00:10:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.08 00:10:21 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.04 21:14:44 | 000,716,977 | ---- | C] () -- C:\Users\XXXX\Desktop\003.jpg
[2012.06.04 18:06:52 | 000,158,220 | ---- | C] () -- C:\Users\XXXX\Desktop\001.jpg
[2012.05.31 19:25:47 | 000,001,202 | ---- | C] () -- C:\Users\XXXX\Desktop\Wondershare Video Editor.lnk
[2012.05.31 19:20:55 | 000,001,233 | ---- | C] () -- C:\Users\XXXX\Desktop\Ashampoo Photo Commander 8.lnk
[2012.05.31 19:18:17 | 000,001,371 | ---- | C] () -- C:\Users\XXXX\Desktop\Ashampoo Burning Studio Elements.lnk
[2012.05.22 22:50:06 | 000,001,254 | ---- | C] () -- C:\Users\Public\Desktop\StationRipper.lnk
[2012.05.22 19:53:54 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.05.16 22:01:04 | 000,000,152 | ---- | C] () -- C:\Windows\SysWow64\RSLSP.ini
[2012.05.16 21:52:57 | 000,034,814 | ---- | C] () -- C:\Users\XXXX\AppData\Local\dt.dat
[2012.04.18 23:50:20 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012.04.18 23:47:44 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.04.18 23:19:26 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.18 19:48:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
 
========== LOP Check ==========
 
[2012.04.18 23:03:02 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Acronis
[2012.05.31 19:21:03 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Ashampoo
[2012.04.18 19:58:38 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\AVG2012
[2012.05.25 21:13:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\CoSoSys
[2012.04.18 23:17:12 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools Lite
[2012.04.22 13:37:12 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Foxit Software
[2012.05.06 11:49:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\FreeMoviesToDVD
[2012.06.11 16:40:29 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\FRITZ!
[2012.04.18 20:33:34 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.05.27 12:43:55 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\ID3-TagIT 3
[2012.04.18 20:19:19 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Leadertech
[2012.04.23 20:20:44 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Power Kasse
[2012.06.03 21:52:33 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\SoftGrid Client
[2012.04.18 20:05:02 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Softland
[2012.05.07 20:31:24 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\streamripper
[2012.04.18 20:05:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Sync App Settings
[2012.04.23 18:40:18 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\TeamViewer
[2012.04.18 23:06:20 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Thunderbird
[2012.06.16 20:47:04 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Tobit
[2012.04.18 23:20:17 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\TP
[2012.06.13 18:51:04 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\uTorrent
[2009.07.14 07:08:49 | 000,024,318 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
OTL-Extras:
Code:
OTL Extras logfile created on: 18.06.2012 10:49:11 - Run 2
OTL by OldTimer - Version 3.2.49.0    Folder = D:\Nu kuck rein
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,70 Gb Available Physical Memory | 71,25% Memory free
15,99 Gb Paging File | 13,71 Gb Available in Paging File | 85,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 62,04 Gb Free Space | 55,54% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 409,76 Gb Free Space | 87,98% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 366,00 Gb Free Space | 78,58% Space Free | Partition Type: NTFS
Drive F: | 1397,26 Gb Total Space | 638,87 Gb Free Space | 45,72% Space Free | Partition Type: NTFS
 
Computer Name: XXXX-PC | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0566B464-D07B-407F-9DAA-A251FC2E41FC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{06F640C5-599F-430E-B740-2988119F4B05}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1AD1CAE0-288A-4829-9002-9D67F395EF5E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{256E94AD-D92E-49FF-97C5-E4197970508E}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3F45C646-7B49-4ACC-B70F-BB6F16EFE853}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{4B79E401-43E0-4364-B5F3-15442310A8EF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{50D50E7E-E157-4B27-834D-2405D66BAEF1}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{513C6202-9BD2-46C1-8465-7FB5821AA288}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{67FE01BF-C965-4869-95DF-49D20DA2EBB0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{888F4CC3-4899-4172-BF4B-5E7BC17B702B}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A20F2150-792A-4171-9D6A-EF9754FE66D8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E572EEEA-FE9D-490D-91AB-627AFA2BC6EE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{E8899FAC-E867-4D4C-8891-58A49BD9C750}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E94EDC9E-10D7-4B4D-8723-08A7637167CA}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FDB2B4BF-D7F5-4A4A-BBA7-C7B9A443B6C7}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D6B9F4B-959F-4DDC-8DBA-CB61340EF0C8}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe |
"{15C4CEB9-0FEA-4D4C-AA98-821343BA4CA4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{160BAF24-A1DE-487E-A9A9-DBE988AA1954}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{1902AE29-040E-4DAE-A9AF-8DC026393B64}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe |
"{1B27B07D-1351-4C8A-9F46-577B6DA2F372}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe |
"{1B4E7E18-2C41-4E12-91CF-2BAB03203C8B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1D25C3E5-0343-4315-9067-0D1F1069AFD9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{1E77489A-5A5B-4E2D-8525-6EE89C7D2082}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2035B24A-1485-4EF8-820A-B0BEB05E00AA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{358D0775-1DF3-484F-9F4A-87DA75BCB4B3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{391E3CCF-E58F-4991-BE3C-7BF696E715AA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{3DCAE393-AC35-466A-96A9-720B0DDDEC81}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{426588EB-E2CD-4818-BE04-0AFFD9EDA202}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe |
"{4C849026-915C-4F40-8DB5-C30A033211F4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4F7F1D72-9B44-4CF3-8125-DA666E6CF2D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{52E82E1B-2BEF-44FE-A74D-A312EB5F2502}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{55DBE702-D36F-41AA-9A10-04F3DCAC0FD1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{56D7043C-3907-4F9C-966A-FBCA0D8A517F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5CC93C8F-419F-4878-B6B1-7AFB87BF7457}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{8634099D-20A3-464D-86B2-66BC656A8BBB}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8F9D6325-489B-4DF1-9BA9-862964874D39}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{9B4997C4-6853-4E7D-8882-65E9F9104382}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A009482B-0AF5-450B-A4B9-DFD13AB5E816}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe |
"{A18F10DD-BBAE-4B87-A1D1-E4A8F051799C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{A487CCE2-31A2-4FFF-A0B0-0740C8BCF4B7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{A4CD46F3-B6EF-4C00-8C96-269143D63FFC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A53E4E90-D90C-45F5-A0C0-C23875813B8E}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\umi.exe |
"{A953D294-593C-43D2-B46A-2D9A7206C433}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe |
"{A9AB5AEE-5B7F-436A-B0EA-12B30FF98390}" = protocol=6 | dir=in | app=c:\users\XXXX\appdata\local\akamai\netsession_win.exe |
"{AC715611-3BDB-4C0F-8D5D-493ADAF27134}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{B020AE11-616E-42C2-8F80-A968E38A7B52}" = protocol=17 | dir=in | app=c:\users\XXXX\appdata\local\akamai\netsession_win.exe |
"{B12AE21F-94D6-4040-B005-66A81D6BE52F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B676051B-0B5A-47CE-AD2C-350874098775}" = protocol=6 | dir=in | app=c:\users\XXXX\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"{C0E049A9-FD1B-4386-A496-365F89D9A9EC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C5F174D3-0F8A-4427-9010-E89DD5A7767A}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\studio.exe |
"{C7F18512-9FD9-44E7-B76A-F47B29DD4DA9}" = protocol=17 | dir=in | app=c:\users\XXXX\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"{CF430876-6C38-473E-A722-BD75D5305494}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe |
"{D47F6909-AF5E-47C6-82A9-7F1EA813784C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D4BB8AF2-A8FC-4CBC-8046-E6AAF8CCD312}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D8908E7A-F75B-4AF1-B547-90767AFE8001}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DD2586C7-9EC1-4D2C-ADA2-321B4CB38EAE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EC1F8C72-7A07-48EB-83FA-69C1DC1BFE22}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F2E9AA7B-3BE4-4811-8912-7513EFC3E87A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{F814C0DB-C611-4017-8972-24C4AB8AD026}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FDE1F6E4-AB7D-4495-90E8-63FC81C48CC0}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\studio 15\programs\rm.exe |
"TCP Query User{A7C0B056-823C-4141-BC21-10C948BADA30}C:\users\XXXX\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=6 | dir=in | app=c:\users\XXXX\appdata\local\temp\_istmp1.dir\_ins5576._mp |
"UDP Query User{F96394AB-B6F9-4751-8DE1-B7D8E7026EE4}C:\users\XXXX\appdata\local\temp\_istmp1.dir\_ins5576._mp" = protocol=17 | dir=in | app=c:\users\XXXX\appdata\local\temp\_istmp1.dir\_ins5576._mp |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.77
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.77
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2012
"doPDF 7 printer_is1" = doPDF 7.2 printer
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.32
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis*True*Image*Home 2011
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1362E602-9625-42D3-B57F-CDA9D26F9DA8}" = Pinnacle Studio 15
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220BCF92-5D17-4F68-980E-975215FD4226}" = rhvFaktura
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53DC0AEE-6B73-4578-94B2-4D4FB7FFAE73}" = Dir-It!
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BFDCF0D-5C60-4C5A-9A31-D5D7002E74E5}" = HD Writer LE 1.0
"{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{732A3B2E-D148-4715-B62B-7B422FD9F23E}" = rhvFaktura
"{793FCE60-DE5E-4977-A942-A7B69A45B17D}" = MainConcept DTV Decoder Pro
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-0080-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D032A7F0-8B5C-4603-8B46-235025D5F9C1}" = TechniSat DVB-PC TV Star
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1489-3350-5074-6281" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Allway Sync_is1" = Allway Sync version 12.1.1
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"Ashampoo Photo Commander 8_is1" = Ashampoo Photo Commander 8 v.8.5.0
"DivX Setup" = DivX-Setup
"DVBViewer TE2_is1" = DVBViewer TE2
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.2 (31/10/2011) Qt
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Foxit Reader" = Foxit Reader
"Free Videos To DVD_is1" = Free Videos To DVD V 4.0.0
"FRITZ! 2.0" = AVM FRITZ!fax für FRITZ!Box
"ID3-TagIT 3_is1" = ID3-TagIT 3
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"jam50" = jAnrufmonitor 5.0
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"nLite_is1" = nLite 1.4.9.1
"ObjectDock" = ObjectDock
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PowerKasse" = PowerKasse
"ProgDVB" = ProgDVB
"PunkBusterSvc" = PunkBuster Services
"Streamripper" = Streamripper (Remove only)
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wondershare Video Editor_is1" = Wondershare Video Editor(Build 3.0.2)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"StationRipper" = StationRipper 2.98.5
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.06.2012 17:41:01 | Computer Name = XXXX-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.2.3199,
Zeitstempel: 0x4ee2440b  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
 Zeitstempel: 0x4dace5b9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00056b1d  ID des fehlerhaften
 Prozesses: 0x18ec  Startzeit der fehlerhaften Anwendung: 0x01cd442d0fdc405a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
 4f052035-b020-11e1-99a2-bcaec52ab4a0
 
Error - 07.06.2012 07:43:07 | Computer Name = XXXX-PC | Source = RapiMgr | ID = 8
Description = communication (0x80072745)-Fehler beim Verbinden des Windows Mobile-basierten
 Geräts. (Die Daten enthalten den Fehlercode.).
 
Error - 08.06.2012 14:12:24 | Computer Name = XXXX-PC | Source = RapiMgr | ID = 8
Description = communication (0x80072745)-Fehler beim Verbinden des Windows Mobile-basierten
 Geräts. (Die Daten enthalten den Fehlercode.).
 
Error - 08.06.2012 15:16:32 | Computer Name = XXXX-PC | Source = RapiMgr | ID = 8
Description = communication (0x8000ffff)-Fehler beim Verbinden des Windows Mobile-basierten
 Geräts. (Die Daten enthalten den Fehlercode.).
 
Error - 08.06.2012 16:01:36 | Computer Name = XXXX-PC | Source = RapiMgr | ID = 8
Description = communication (0x80072745)-Fehler beim Verbinden des Windows Mobile-basierten
 Geräts. (Die Daten enthalten den Fehlercode.).
 
Error - 08.06.2012 20:56:50 | Computer Name = XXXX-PC | Source = RapiMgr | ID = 8
Description = communication (0x80072745)-Fehler beim Verbinden des Windows Mobile-basierten
 Geräts. (Die Daten enthalten den Fehlercode.).
 
Error - 09.06.2012 10:29:38 | Computer Name = XXXX-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.2.3199,
Zeitstempel: 0x4ee2440b  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
 Zeitstempel: 0x4dace5b9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00056b1d  ID des fehlerhaften
 Prozesses: 0x1064  Startzeit der fehlerhaften Anwendung: 0x01cd46426d597905  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
 8ac6a792-b23f-11e1-a250-bcaec52ab4a0
 
Error - 09.06.2012 14:39:29 | Computer Name = XXXX-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.2.3199,
Zeitstempel: 0x4ee2440b  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
 Zeitstempel: 0x4dace5b9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00056b1d  ID des fehlerhaften
 Prozesses: 0x1e14  Startzeit der fehlerhaften Anwendung: 0x01cd466f32de0263  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
 72195913-b262-11e1-a250-bcaec52ab4a0
 
Error - 15.06.2012 13:15:43 | Computer Name = XXXX-PC | Source = RapiMgr | ID = 8
Description = communication (0x80072745)-Fehler beim Verbinden des Windows Mobile-basierten
 Geräts. (Die Daten enthalten den Fehlercode.).
 
Error - 15.06.2012 16:19:21 | Computer Name = XXXX-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.2.3199,
Zeitstempel: 0x4ee2440b  Name des fehlerhaften Moduls: MSVCR90.dll, Version: 9.0.30729.6161,
 Zeitstempel: 0x4dace5b9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00056b1d  ID des fehlerhaften
 Prozesses: 0x19d4  Startzeit der fehlerhaften Anwendung: 0x01cd4b34242f88cf  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Winamp\winamp.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
Berichtskennung:
 63bfde8d-b727-11e1-9ce5-bcaec52ab4a0
 
Error - 17.06.2012 05:04:21 | Computer Name = XXXX-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 13.0.1.4548 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 179c    Startzeit:
 01cd4c621f1e2b9e    Endzeit: 56    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 6af6b593-b85b-11e1-af74-bcaec52ab4a0 
 
[ System Events ]
Error - 12.06.2012 17:36:15 | Computer Name = XXXX-PC | Source = DCOM | ID = 10010
Description =
 
Error - 14.06.2012 01:43:01 | Computer Name = XXXX-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
 
Error - 16.06.2012 14:41:09 | Computer Name = XXXX-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Radio.fx Server" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 17.06.2012 13:06:59 | Computer Name = XXXX-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.
 
Error - 17.06.2012 13:07:00 | Computer Name = XXXX-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.
 
Error - 17.06.2012 13:07:00 | Computer Name = XXXX-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.
 
Error - 17.06.2012 13:07:01 | Computer Name = XXXX-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.
 
Error - 17.06.2012 13:30:11 | Computer Name = XXXX-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.
 
Error - 17.06.2012 13:30:59 | Computer Name = XXXX-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.
 
Error - 17.06.2012 13:31:03 | Computer Name = XXXX-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR7 gefunden.
 
 
< End of report >
Und zuletzt GMER:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-18 10:47:57
Windows 6.1.7601 Service Pack 1
Running: djm7954s.exe


---- Services - GMER 1.0.15 ----

Service  C:\Windows\SysWOW64\OEMWARE\API (*** hidden *** )                                                                  [AUTO] NMSAccess32A.exe                    <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x27 0x72 0x70 0x48 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x3D 0x27 0xB5 0x19 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x3F 0x23 0xC6 0x47 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x27 0x72 0x70 0x48 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x3D 0x27 0xB5 0x19 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x3F 0x23 0xC6 0x47 ...

---- EOF - GMER 1.0.15 ----
Ich hoffe Ihr könnt mir helfen

Danke im vorraus


Mieserwitz

Hab jetzt mit defrogger mein Virtuelles DVD Laufwerk (Daemon Tools) deaktiviert und AVG Rootkitscan durchgeführt. Keine Funde.

Nach dem reaktivieren wieder 7 Funde diesmal die Datei spgr.sys.
Hängt es etwa mit Daemon Tools zusammen?

Hab dies dazu im Netz gefunden: [FYI] False positive bei Rootkit-Erkennung durch Microsoft Security Essentials

hxxp://de.comp.security.virus.narkive.com/1Sgqskau/fyi-false-positive-bei-rootkit-erkennung-durch-microsoft-security-essentials

cosinus 19.06.2012 13:03
Zitat:
Hängt es etwa mit Daemon Tools zusammen?
Bingo, du hast es erfasst! :D

Mieserwitz 19.06.2012 13:18
OK. Dann bin ich etwas beruhigt.

Was hat eigtl. diese Zeile im gmer log zu bedeuten?

Code:
Service  C:\Windows\SysWOW64\OEMWARE\API (*** hidden *** ) [AUTO] NMSAccess32A.exe  <-- ROOTKIT !!!

cosinus 19.06.2012 14:39
Hm das könnte was anderes sein. nmsaccess kenn ich zB von CDBurnerXP einem freiem Brennprogramm

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Mieserwitz 19.06.2012 20:35
Hier erstmal eset:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=14d04ed6c473f0479fcd8b72b9614ded
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-19 01:27:55
# local_time=2012-06-19 03:27:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 5337212 5337212 0 0
# compatibility_mode=5893 16776574 66 85 5263683 91738954 0 0
# compatibility_mode=8192 67108863 100 0 82 82 0 0
# scanned=284342
# found=0
# cleaned=0
# scan_time=3371
Hier Mlware Bits:
Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.19.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Speedy :: SPEEDY-PC [Administrator]

19.06.2012 22:07:35
mbam-log-2012-06-19 (22-07-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 483206
Laufzeit: 29 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 20.06.2012 10:33
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.

Was ist Defogger?
Der defogger stoppt alle Treiber von Emulatoren. Diese können nämlich GMER oder andere Tools bei den Scan behindern.

Mach nach der Anwendung des defoggers bitte ein neues Log mit GMER.

Mieserwitz 20.06.2012 14:30
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-20 15:28:51
Windows 6.1.7601 Service Pack 1
Running: djm7954s.exe


---- Services - GMER 1.0.15 ----

Service  C:\Windows\SysWOW64\OEMWARE\API (*** hidden *** )                                                                  [AUTO] NMSAccess32A.exe                    <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x28 0x2B 0x7D 0x2C ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x3D 0x27 0xB5 0x19 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0xA0 0x02 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xC0 0x2F 0x97 0x0A ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x28 0x2B 0x7D 0x2C ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x3D 0x27 0xB5 0x19 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0xA0 0x02 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xC0 0x2F 0x97 0x0A ...

---- Files - GMER 1.0.15 ----

File    C:\Users\XXXX\AppData\Roaming\Thunderbird\Profiles\42g4s4xq.default\session.json                                  377 bytes

---- EOF - GMER 1.0.15 ----

cosinus 20.06.2012 14:34
Hast du wirklich alles deaktivieren können über den defogger? Sieht nämlich nicht danach aus!
Mach eine saubere Deinstallation von DaemonTools. Also deinstallieren, Rechner neustarten.
Probier GMER dann bitte nochmal

Mieserwitz 20.06.2012 14:37
Liste der Anhänge anzeigen (Anzahl: 1)
Bei mir sieht gmer aber anders aus:

cosinus 20.06.2012 14:40
Ja im Log sind auch andere Infos...
Mach bitte das was ich vorschlug

Mieserwitz 20.06.2012 14:49
Daemon Tools Deinstalliert, Neustart. Drucker ausgeschaltet (wg. Kartenleseschacht). Netzwerklaufwerk getrennt.

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-20 15:46:54
Windows 6.1.7601 Service Pack 1
Running: djm7954s.exe


---- Services - GMER 1.0.15 ----

Service  C:\Windows\SysWOW64\OEMWARE\API (*** hidden *** )                                                                  [AUTO] NMSAccess32A.exe                    <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x28 0x2B 0x7D 0x2C ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x3D 0x27 0xB5 0x19 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0xA0 0x02 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg      HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xC0 0x2F 0x97 0x0A ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0x00 0x00 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x28 0x2B 0x7D 0x2C ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files (x86)\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x3D 0x27 0xB5 0x19 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0xA0 0x02 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg      HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xC0 0x2F 0x97 0x0A ...

---- EOF - GMER 1.0.15 ----
Warum kann ich eigentlich nicht alles in gmer auswählen? So wie auf Deinen Bildern??

cosinus 20.06.2012 15:40
Hm, ich seh die Einträge da immer noch :dummguck:

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Mieserwitz 20.06.2012 16:31
OTL:

Code:
OTL logfile created on: 20.06.2012 17:18:20 - Run 3
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Users\XXXX\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,25 Gb Available Physical Memory | 78,18% Memory free
15,99 Gb Paging File | 14,23 Gb Available in Paging File | 88,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 61,66 Gb Free Space | 55,20% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 408,35 Gb Free Space | 87,67% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 365,56 Gb Free Space | 78,49% Space Free | Partition Type: NTFS
Drive F: | 1397,26 Gb Total Space | 639,90 Gb Free Space | 45,80% Space Free | Partition Type: NTFS
Drive I: | 3,72 Gb Total Space | 3,72 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
Drive M: | 7,40 Gb Total Space | 1,88 Gb Free Space | 25,38% Space Free | Partition Type: FAT32
 
Computer Name: XXXX-PC | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXXX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Windows\SysWOW64\javaw.exe (Oracle Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll ()
MOD - C:\Program Files (x86)\Common Files\Stardock\ODImg.dll ()
MOD - C:\Program Files (x86)\Stardock\ObjectDock\ODImg.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater11.1.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (bgsvcgen) -- C:\Windows\SysWOW64\bgsvcgen.exe (B.H.A Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SKYNET) -- C:\Windows\SysNative\drivers\SkyNET_AMD64.sys (TechniSat Digital, S.A.)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\androidusb.sys (Google Inc)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (cdrbsdrv) -- C:\Windows\SysNative\drivers\cdrbsdrv.sys (B.H.A Corporation)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2418}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2418}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=418&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2418}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2418}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=418&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 01 DD F6 0D 23 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={D5716FDA-B3A9-42E1-B677-4E0DC0EB1B87}&mid=1233be83bf8247d0ae7e6de783ce5d53-a69f8dc3a8ac24c656c806b689e7ae455e04d966&lang=de&ds=AVG&pr=pr&d=2012-04-18 20:40:27&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2418}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=418&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bb81d41b4-b00f-474e-8d90-b48a9a577ab9%7D&mid=1233be83bf8247d0ae7e6de783ce5d53-a69f8dc3a8ac24c656c806b689e7ae455e04d966&ds=AVG&v=11.0.0.9&lang=de&pr=pr&d=2012-04-18%2020%3A40%3A27&sap=ku&q="
 
FF - user.js..browser.search.openintab: false
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.06.11 15:53:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.04.27 13:35:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012.06.12 22:55:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 20:36:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.07 20:17:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.04.18 20:07:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\avgthb@avg.com: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2012.04.18 19:58:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 20:36:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.07 20:17:22 | 000,000,000 | ---D | M]
 
[2012.05.01 22:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Extensions
[2012.05.27 11:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\1x2m12al.default\extensions
[2012.05.01 22:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.27 13:35:52 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012.04.18 23:12:36 | 000,275,540 | ---- | M] () (No name found) -- C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1X2M12AL.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012.04.18 23:12:36 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\XXXX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1X2M12AL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.16 20:36:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.04.18 20:03:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.12 22:55:00 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.04.18 20:03:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.18 20:03:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.18 20:03:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.01 22:39:59 | 000,002,515 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012.04.18 20:03:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.18 20:03:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jAnrufmonitor 5.0.lnk = C:\Eigenes Zeug\JAnrufmonitor\jam.exe ()
O4 - Startup: C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\RSLSP.dll (Ratajik Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\RSLSP.dll (Ratajik Software)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BF53AE7-6E02-46B4-9A31-4675D95E1C87}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA3B2C80-3DAD-4EDA-BE89-E6D7E7ED8C0A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (AnyDiscHelp.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.03 21:54:57 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HD Writer.lnk - C:\PROGRA~2\COMMON~1\PANASO~1\HDWRIT~1\HDWRIT~1.EXE - (Panasonic Corporation)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VR-NetWorld Auftragsprüfung.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^XXXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk -  - File not found
MsConfig:64bit - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig:64bit - StartUpReg: Akamai NetSession Interface - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: EPSON Stylus DX9400F Series - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATICFE.EXE (SEIKO EPSON CORPORATION)
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig:64bit - StartUpReg: Wondershare Helper Compact.exe - hkey= - key= - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\SysWOW64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.20 17:17:06 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe
[2012.06.18 15:13:39 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.06.18 15:12:54 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Dropbox
[2012.06.18 14:43:42 | 000,145,504 | ---- | C] (B.H.A Corporation) -- C:\Windows\SysWow64\bgsvcgen.exe
[2012.06.18 14:43:42 | 000,059,488 | ---- | C] (B.H.A Corporation) -- C:\Windows\SysWow64\GenSvcInst.exe
[2012.06.18 14:43:42 | 000,039,208 | ---- | C] (B.H.A Corporation) -- C:\Windows\SysNative\drivers\cdrbsdrv.sys
[2012.06.18 14:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2012.06.18 14:42:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic
[2012.06.18 10:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.18 10:53:01 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.18 10:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.17 19:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools&More
[2012.06.17 19:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tools&More
[2012.06.17 19:21:59 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.06.16 22:27:07 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Google
[2012.06.16 20:41:24 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Tobit
[2012.06.16 20:41:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tobit
[2012.06.16 19:18:41 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Macromedia
[2012.06.15 18:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012.06.12 22:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nLite
[2012.06.12 22:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\nLite
[2012.06.11 16:40:29 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\FRITZ!
[2012.06.11 16:40:29 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\FRITZ!
[2012.06.11 15:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.06.08 00:30:30 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\America's Army 3
[2012.06.08 00:15:22 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\PunkBuster
[2012.06.07 20:33:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012.06.07 19:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2012.05.31 19:25:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.05.31 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Wondershare
[2012.05.31 19:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2012.05.31 19:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2012.05.31 19:25:39 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\Wondershare Video Editor
[2012.05.31 19:25:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2012.05.31 19:19:22 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Ashampoo
[2012.05.31 19:18:18 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\ashampoo
[2012.05.31 19:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2012.05.31 19:18:17 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012.05.31 19:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2012.05.31 18:49:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2012.05.27 20:41:23 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Apps
[2012.05.27 12:31:10 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\ID3-TagIT 3
[2012.05.27 12:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ID3-TagIT 3
[2012.05.27 12:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ID3-TagIT 3
[2012.05.27 12:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ID3-TagIT 3
[2012.05.25 21:13:49 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\CoSoSys
[2012.05.25 21:07:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.05.22 22:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StationRipper
[2012.05.22 20:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2012.05.22 20:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 8 Qt
[2012.05.22 20:06:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2012.05.22 19:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2012.05.22 19:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.20 17:17:23 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.20 17:17:23 | 000,656,246 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.20 17:17:23 | 000,616,792 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.20 17:17:23 | 000,130,620 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.20 17:17:23 | 000,106,914 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.20 15:49:04 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.20 15:49:04 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.20 15:40:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.20 15:40:43 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.20 15:37:13 | 000,041,940 | ---- | M] () -- C:\Users\XXXX\Desktop\Unbenannt.png
[2012.06.20 15:21:55 | 000,000,188 | ---- | M] () -- C:\Users\XXXX\defogger_reenable
[2012.06.20 09:02:43 | 100,553,675 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.06.18 18:58:24 | 000,351,163 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.06.18 15:15:54 | 000,001,002 | ---- | M] () -- C:\Users\XXXX\Desktop\Dropbox.lnk
[2012.06.18 14:43:44 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\HD Writer AE 2.0.lnk
[2012.06.18 14:01:14 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2012.06.18 10:53:02 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.18 10:14:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Desktop\OTL.exe
[2012.06.18 09:52:10 | 000,302,592 | ---- | M] () -- C:\Users\XXXX\Desktop\djm7954s.exe
[2012.06.14 07:29:25 | 000,411,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.11 16:32:05 | 000,066,647 | ---- | M] () -- C:\Users\XXXX\Desktop\Forum - CHIP Online - Malware-Basics.pdf
[2012.06.08 00:22:31 | 000,298,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.05 23:03:13 | 000,716,977 | ---- | M] () -- C:\Users\XXXX\Desktop\003.jpg
[2012.06.04 18:07:38 | 000,158,220 | ---- | M] () -- C:\Users\XXXX\Desktop\001.jpg
[2012.06.02 21:14:03 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk
[2012.05.31 19:25:47 | 000,001,202 | ---- | M] () -- C:\Users\XXXX\Desktop\Wondershare Video Editor.lnk
[2012.05.31 19:20:55 | 000,001,233 | ---- | M] () -- C:\Users\XXXX\Desktop\Ashampoo Photo Commander 8.lnk
[2012.05.31 19:18:17 | 000,001,371 | ---- | M] () -- C:\Users\XXXX\Desktop\Ashampoo Burning Studio Elements.lnk
[2012.05.29 17:03:45 | 000,625,911 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012.05.28 12:35:24 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.05.22 22:50:06 | 000,001,254 | ---- | M] () -- C:\Users\Public\Desktop\StationRipper.lnk
[2012.05.22 20:06:58 | 000,000,083 | -HS- | M] () -- C:\ProgramData\.zreglib
 
========== Files Created - No Company Name ==========
 
[2012.06.20 15:41:09 | 000,302,592 | ---- | C] () -- C:\Users\XXXX\Desktop\djm7954s.exe
[2012.06.20 15:35:54 | 000,041,940 | ---- | C] () -- C:\Users\XXXX\Desktop\Unbenannt.png
[2012.06.20 15:21:55 | 000,000,188 | ---- | C] () -- C:\Users\XXXX\defogger_reenable
[2012.06.18 15:15:54 | 000,001,002 | ---- | C] () -- C:\Users\XXXX\Desktop\Dropbox.lnk
[2012.06.18 14:43:44 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\HD Writer AE 2.0.lnk
[2012.06.18 10:53:02 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.16 20:41:04 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2012.06.11 16:32:03 | 000,066,647 | ---- | C] () -- C:\Users\XXXX\Desktop\Forum - CHIP Online - Malware-Basics.pdf
[2012.06.08 00:22:31 | 000,298,280 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.04 21:14:44 | 000,716,977 | ---- | C] () -- C:\Users\XXXX\Desktop\003.jpg
[2012.06.04 18:06:52 | 000,158,220 | ---- | C] () -- C:\Users\XXXX\Desktop\001.jpg
[2012.05.31 19:25:47 | 000,001,202 | ---- | C] () -- C:\Users\XXXX\Desktop\Wondershare Video Editor.lnk
[2012.05.31 19:20:55 | 000,001,233 | ---- | C] () -- C:\Users\XXXX\Desktop\Ashampoo Photo Commander 8.lnk
[2012.05.31 19:18:17 | 000,001,371 | ---- | C] () -- C:\Users\XXXX\Desktop\Ashampoo Burning Studio Elements.lnk
[2012.05.22 22:50:06 | 000,001,254 | ---- | C] () -- C:\Users\Public\Desktop\StationRipper.lnk
[2012.05.22 19:53:54 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.05.16 22:01:04 | 000,000,152 | ---- | C] () -- C:\Windows\SysWow64\RSLSP.ini
[2012.05.16 21:52:57 | 000,034,814 | ---- | C] () -- C:\Users\XXXX\AppData\Local\dt.dat
[2012.04.18 23:50:20 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012.04.18 23:47:44 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.04.18 23:19:26 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.18 19:48:45 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
 
========== LOP Check ==========
 
[2012.04.18 23:03:02 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Acronis
[2012.05.31 19:21:03 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Ashampoo
[2012.04.18 19:58:38 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\AVG2012
[2012.05.25 21:13:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\CoSoSys
[2012.06.18 14:58:41 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools Lite
[2012.06.19 14:34:39 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Dropbox
[2012.04.22 13:37:12 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Foxit Software
[2012.05.06 11:49:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\FreeMoviesToDVD
[2012.06.11 16:40:29 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\FRITZ!
[2012.04.18 20:33:34 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.05.27 12:43:55 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\ID3-TagIT 3
[2012.04.18 20:19:19 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Leadertech
[2012.04.23 20:20:44 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Power Kasse
[2012.06.19 00:10:09 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\SoftGrid Client
[2012.04.18 20:05:02 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Softland
[2012.05.07 20:31:24 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\streamripper
[2012.04.18 20:05:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Sync App Settings
[2012.04.23 18:40:18 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\TeamViewer
[2012.04.18 23:06:20 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Thunderbird
[2012.06.16 20:47:04 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Tobit
[2012.04.18 23:20:17 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\TP
[2012.06.13 18:51:04 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\uTorrent
[2009.07.14 07:08:49 | 000,026,334 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.18 23:03:02 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Acronis
[2012.04.18 20:41:21 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Adobe
[2012.05.31 19:21:03 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Ashampoo
[2012.04.18 19:58:38 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\AVG2012
[2012.05.25 21:13:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\CoSoSys
[2012.05.01 16:30:26 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\CyberLink
[2012.06.18 14:58:41 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DAEMON Tools Lite
[2012.05.01 22:49:59 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\DivX
[2012.06.19 14:34:39 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Dropbox
[2012.06.03 21:38:23 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\dvdcss
[2012.04.22 13:37:12 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Foxit Software
[2012.05.06 11:49:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\FreeMoviesToDVD
[2012.06.11 16:40:29 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\FRITZ!
[2012.04.18 20:33:34 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.05.27 12:43:55 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\ID3-TagIT 3
[2012.04.18 19:47:40 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Identities
[2012.04.18 23:53:07 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\InstallShield
[2012.04.18 20:19:19 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Leadertech
[2012.04.18 20:17:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Logishrd
[2012.04.18 20:19:23 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Logitech
[2012.04.18 20:41:21 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Macromedia
[2012.04.25 17:58:27 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Media Center Programs
[2012.06.16 19:18:41 | 000,000,000 | --SD | M] -- C:\Users\XXXX\AppData\Roaming\Microsoft
[2012.04.18 20:03:15 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Mozilla
[2012.05.06 13:30:58 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\NVIDIA
[2012.04.23 20:20:44 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Power Kasse
[2012.06.19 00:10:09 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\SoftGrid Client
[2012.04.18 20:05:02 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Softland
[2012.05.07 20:31:24 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\streamripper
[2012.04.18 20:05:49 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Sync App Settings
[2012.04.23 18:40:18 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\TeamViewer
[2012.04.18 23:06:20 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Thunderbird
[2012.06.16 20:47:04 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Tobit
[2012.04.18 23:20:17 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\TP
[2012.06.13 18:51:04 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\uTorrent
[2012.06.17 22:00:59 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\vlc
[2012.05.07 20:32:06 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\Winamp
[2012.04.18 19:59:29 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.06.14 04:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\XXXX\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.06.14 04:09:00 | 000,874,440 | ---- | M] (Dropbox, Inc.) -- C:\Users\XXXX\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.06.14 04:09:06 | 000,181,776 | ---- | M] (Dropbox, Inc.) -- C:\Users\XXXX\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.04.18 20:24:51 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\XXXX\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.05.06 13:31:19 | 000,029,926 | R--- | M] () -- C:\Users\XXXX\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.02.04 16:25:20 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=D78D83DA933FB75ADE969C81D91FB2EB -- C:\Program Files (x86)\Panasonic\HD Writer AE 2.0\Core\EventLog\EventLog.dll
[2010.02.04 16:25:20 | 000,043,520 | ---- | M] (Panasonic Corporation) MD5=D78D83DA933FB75ADE969C81D91FB2EB -- C:\Program Files (x86)\Panasonic\HD Writer AE 2.0\Core\Spec\AVCHD\BDCore\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus 20.06.2012 22:21
Für meine Begriffe ist der Rechner vermüllt bzw. toolbarverseucht ;)
Aber ich will jetzt erstmal nicht einen Nebenkriegsschauplatz eröffnen, großartig andere schlimme Dinge seh ich da so nämlich nicht. Mich interessiert dieses mögliche Rootkit.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Mieserwitz 20.06.2012 23:33
Code:
ComboFix 12-06-20.02 - XXXX 21.06.2012  0:10.1.6 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8190.6581 [GMT 2:00]
ausgeführt von:: c:\users\XXXX\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\70B7469D0060A362.log
c:\windows\IsUn0407.exe
F:\MEINBA~1.TIB
f:\temp\swtlib-32\swt-gdip-win32-3707.dll
f:\temp\swtlib-32\swt-win32-3707.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-20 bis 2012-06-20  ))))))))))))))))))))))))))))))
.
.
2012-06-19 07:55 . 2012-06-19 07:55        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-19 07:55 . 2012-06-19 07:55        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-19 07:40 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-19 07:40 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-19 07:40 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-19 07:40 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-19 07:40 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-19 07:40 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-19 07:40 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-19 07:40 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-19 07:40 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-18 13:12 . 2012-06-19 12:34        --------        d-----w-        c:\users\XXXX\AppData\Roaming\Dropbox
2012-06-18 12:43 . 2007-06-15 10:57        59488        ----a-w-        c:\windows\SysWow64\GenSvcInst.exe
2012-06-18 12:43 . 2007-06-15 10:57        145504        ----a-w-        c:\windows\SysWow64\bgsvcgen.exe
2012-06-18 12:43 . 2006-08-25 12:36        39208        ----a-w-        c:\windows\system32\drivers\cdrbsdrv.sys
2012-06-18 12:42 . 2012-06-18 12:42        --------        d-----w-        c:\program files (x86)\Panasonic
2012-06-18 08:53 . 2012-06-18 08:53        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-18 08:53 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-17 17:22 . 2012-06-17 17:22        --------        d-----w-        c:\program files (x86)\Tools&More
2012-06-17 17:21 . 2012-06-17 17:21        --------        d-----w-        c:\windows\Downloaded Installations
2012-06-16 20:27 . 2012-06-16 20:27        --------        d-----w-        c:\users\XXXX\AppData\Local\Google
2012-06-16 18:41 . 2012-06-16 18:47        --------        d-----w-        c:\users\XXXX\AppData\Roaming\Tobit
2012-06-16 18:41 . 2012-06-16 18:41        --------        d-----w-        c:\program files (x86)\Common Files\Tobit
2012-06-16 18:41 . 2012-01-03 09:38        2681344        ----a-w-        c:\windows\SysWow64\dvmsg.dll
2012-06-16 17:18 . 2012-06-16 17:18        --------        d-----w-        c:\users\XXXX\AppData\Local\Macromedia
2012-06-15 16:47 . 2012-06-15 16:47        --------        d-----w-        c:\programdata\Logitech
2012-06-13 17:26 . 2012-04-24 05:37        1462272        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-12 20:50 . 2012-06-13 16:40        --------        d-----w-        c:\program files (x86)\nLite
2012-06-11 14:40 . 2012-06-11 14:40        --------        d-----w-        c:\users\XXXX\AppData\Local\FRITZ!
2012-06-11 14:40 . 2012-06-11 14:40        --------        d-----w-        c:\users\XXXX\AppData\Roaming\FRITZ!
2012-06-07 22:22 . 2012-06-07 22:22        298280        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-06-07 22:15 . 2012-06-07 22:15        --------        d-----w-        c:\users\XXXX\AppData\Local\PunkBuster
2012-06-07 18:33 . 2012-06-07 18:35        --------        d-----w-        c:\program files (x86)\Common Files\Steam
2012-06-07 17:36 . 2012-06-16 21:06        --------        d-----w-        c:\program files (x86)\Common Files\Akamai
2012-06-07 09:38 . 2012-06-07 09:38        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 09:38 . 2012-06-07 09:38        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-05-31 17:25 . 2012-05-31 17:25        --------        d-----w-        c:\windows\Sun
2012-05-31 17:25 . 2012-05-31 17:25        --------        d-----w-        c:\users\XXXX\AppData\Local\Wondershare
2012-05-31 17:25 . 2012-05-31 17:25        --------        d-----w-        c:\program files (x86)\Common Files\Wondershare
2012-05-31 17:25 . 2012-05-31 17:25        --------        d-----w-        c:\program files (x86)\Wondershare
2012-05-31 17:19 . 2012-05-31 17:21        --------        d-----w-        c:\users\XXXX\AppData\Roaming\Ashampoo
2012-05-31 17:18 . 2012-05-31 17:19        --------        d-----w-        c:\users\XXXX\AppData\Local\ashampoo
2012-05-31 17:18 . 2012-05-31 17:18        --------        d-----w-        c:\programdata\ashampoo
2012-05-31 17:18 . 2012-05-31 17:20        --------        d-----w-        c:\program files (x86)\Ashampoo
2012-05-27 18:41 . 2012-05-27 18:41        --------        d-----w-        c:\users\XXXX\AppData\Local\Apps
2012-05-27 10:31 . 2012-05-27 10:43        --------        d-----w-        c:\users\XXXX\AppData\Roaming\ID3-TagIT 3
2012-05-27 10:30 . 2012-05-27 10:30        --------        d-----w-        c:\programdata\ID3-TagIT 3
2012-05-27 10:30 . 2012-05-27 10:30        --------        d-----w-        c:\program files (x86)\ID3-TagIT 3
2012-05-25 19:13 . 2012-05-25 19:13        --------        d-----w-        c:\users\XXXX\AppData\Roaming\CoSoSys
2012-05-25 19:07 . 2012-05-25 19:07        --------        d-----w-        c:\windows\system32\appmgmt
2012-05-22 18:13 . 2012-05-22 18:14        --------        d-----w-        c:\program files (x86)\DVDFab 8 Qt
2012-05-22 18:06 . 2012-05-22 18:14        --------        d-----w-        c:\program files (x86)\Elaborate Bytes
2012-05-22 17:53 . 2012-05-22 17:53        --------        d-----w-        c:\programdata\SlySoft
2012-05-22 17:51 . 2012-05-22 18:13        --------        d-----w-        c:\program files (x86)\SlySoft
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 12:01 . 2012-04-18 18:21        560184        ----a-w-        c:\windows\system32\drivers\sptd.sys
2012-06-15 16:46 . 2012-04-18 18:18        18960        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2012-04-29 12:11 . 2012-04-29 12:11        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-29 12:11 . 2012-04-29 12:11        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-29 12:11 . 2012-04-29 12:11        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-19 14:22 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2012-04-19 14:22 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2012-04-19 02:50 . 2012-04-19 02:50        28480        ----a-w-        c:\windows\system32\drivers\avgidsha.sys
2012-04-18 21:29 . 2011-03-28 16:36        19352        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-18 21:00 . 2012-04-18 21:00        279136        ----a-w-        c:\windows\system32\drivers\afcdp.sys
2012-04-18 21:00 . 2012-04-18 21:00        1263200        ----a-w-        c:\windows\system32\drivers\tdrpm273.sys
2012-04-18 21:00 . 2012-04-18 21:00        970336        ----a-w-        c:\windows\system32\drivers\timntr.sys
2012-04-18 21:00 . 2012-04-18 21:00        277088        ----a-w-        c:\windows\system32\drivers\snapman.sys
2012-04-18 20:57 . 2012-04-18 20:57        637848        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-04-18 20:57 . 2012-04-18 20:57        567696        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-04-18 20:50 . 2012-04-18 20:50        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-18 20:50 . 2012-04-18 20:50        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2012-04-18 20:50 . 2012-04-18 20:50        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2012-04-18 20:50 . 2012-04-18 20:50        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-18 20:50 . 2012-04-18 20:50        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2012-04-18 20:50 . 2012-04-18 20:50        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2012-04-18 20:50 . 2012-04-18 20:50        367104        ----a-w-        c:\windows\SysWow64\html.iec
2012-04-18 20:50 . 2012-04-18 20:50        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2012-04-18 20:50 . 2012-04-18 20:50        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-04-18 20:50 . 2012-04-18 20:50        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2012-04-18 20:50 . 2012-04-18 20:50        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-04-18 20:50 . 2012-04-18 20:50        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2012-04-18 20:50 . 2012-04-18 20:50        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-04-18 20:50 . 2012-04-18 20:50        222208        ----a-w-        c:\windows\system32\msls31.dll
2012-04-18 20:50 . 2012-04-18 20:50        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2012-04-18 20:50 . 2012-04-18 20:50        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2012-04-18 20:50 . 2012-04-18 20:50        12288        ----a-w-        c:\windows\system32\mshta.exe
2012-04-18 20:50 . 2012-04-18 20:50        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2012-04-18 20:50 . 2012-04-18 20:50        114176        ----a-w-        c:\windows\system32\admparse.dll
2012-04-18 20:50 . 2012-04-18 20:50        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2012-04-18 20:50 . 2012-04-18 20:50        49664        ----a-w-        c:\windows\system32\imgutil.dll
2012-04-18 20:50 . 2012-04-18 20:50        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-04-18 20:50 . 2012-04-18 20:50        85504        ----a-w-        c:\windows\system32\iesetup.dll
2012-04-18 20:50 . 2012-04-18 20:50        76800        ----a-w-        c:\windows\system32\tdc.ocx
2012-04-18 20:50 . 2012-04-18 20:50        603648        ----a-w-        c:\windows\system32\vbscript.dll
2012-04-18 20:50 . 2012-04-18 20:50        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-04-18 20:50 . 2012-04-18 20:50        448512        ----a-w-        c:\windows\system32\html.iec
2012-04-18 20:50 . 2012-04-18 20:50        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2012-04-18 20:50 . 2012-04-18 20:50        165888        ----a-w-        c:\windows\system32\iexpress.exe
2012-04-18 20:50 . 2012-04-18 20:50        160256        ----a-w-        c:\windows\system32\wextract.exe
2012-04-18 20:50 . 2012-04-18 20:50        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-04-18 20:50 . 2012-04-18 20:50        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2012-04-18 18:24 . 2012-04-18 18:24        53248        ----a-r-        c:\users\XXXX\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-18 18:15 . 2012-04-18 18:15        521448        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-30 11:35 . 2012-05-12 08:30        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 20:55        2068536        ----a-w-        c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
.
c:\users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
jAnrufmonitor 5.0.lnk - c:\eigenes zeug\JAnrufmonitor\jam.exe [2012-1-20 45056]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2012-4-18 3450608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-04-18 3975088]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-03-23 2321520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET_AMD64.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 11:43        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://web.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
LSP: c:\windows\system32\RSLSP.dll
TCP: DhcpNameServer = 192.168.178.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\1x2m12al.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb81d41b4-b00f-474e-8d90-b48a9a577ab9%7D&mid=1233be83bf8247d0ae7e6de783ce5d53-a69f8dc3a8ac24c656c806b689e7ae455e04d966&ds=AVG&v=11.0.0.9&lang=de&pr=pr&d=2012-04-18%2020%3A40%3A27&sap=ku&q=
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
Toolbar-10 - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NMSAccess32A.exe]
"ImagePath"="c:\windows\SysWOW64\OEMWARE\API"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-21  00:26:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-20 22:26
.
Vor Suchlauf: 9 Verzeichnis(se), 66.518.753.280 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 51.527.602.176 Bytes frei
.
- - End Of File - - 790FF3E1ED969F3E3CB550E34E9D2AD4

cosinus 20.06.2012 23:52
Code:
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\MEINBA~1.TIB
Auweia..:balla:
Machst du mit Acronis Backups auf das jetzige Laufwerk F? :eek:

Mieserwitz 21.06.2012 08:57
Das war mein "Faulenzer" Backup. Also gleich nach der Installation hab ich ein Backup erstellt. Danach nicht mehr. Ich halte nix vom Wiederherstellen bzw. zurücksetzen. Dann lieber ne Neuinstallation oder ein Backup gleich nach der Installati


Ist Acronis schlecht? Ich hab eigentlich immer Acronis.

cosinus 21.06.2012 11:40
Nein das war nur ein Hinweis, dass CF das Image gelöscht hat!

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Mieserwitz 21.06.2012 11:47
Code:
12:43:58.0060 5892        TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
12:43:58.0070 5892        ============================================================
12:43:58.0070 5892        Current date / time: 2012/06/21 12:43:58.0070
12:43:58.0070 5892        SystemInfo:
12:43:58.0070 5892       
12:43:58.0070 5892        OS Version: 6.1.7601 ServicePack: 1.0
12:43:58.0070 5892        Product type: Workstation
12:43:58.0070 5892        ComputerName: XXXX-PC
12:43:58.0071 5892        UserName: XXXX
12:43:58.0071 5892        Windows directory: C:\Windows
12:43:58.0071 5892        System windows directory: C:\Windows
12:43:58.0071 5892        Running under WOW64
12:43:58.0071 5892        Processor architecture: Intel x64
12:43:58.0071 5892        Number of processors: 6
12:43:58.0071 5892        Page size: 0x1000
12:43:58.0071 5892        Boot type: Normal boot
12:43:58.0071 5892        ============================================================
12:43:58.0246 5892        Drive \Device\Harddisk3\DR3 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:43:58.0261 5892        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:44:03.0622 5892        Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:44:03.0648 5892        Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:44:03.0661 5892        Drive \Device\Harddisk4\DR6 - Size: 0x3BF700000 (14.99 Gb), SectorSize: 0x200, Cylinders: 0x7A4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:44:03.0665 5892        Drive \Device\Harddisk5\DR5 - Size: 0xEE400000 (3.72 Gb), SectorSize: 0x200, Cylinders: 0x1E5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:44:03.0668 5892        ============================================================
12:44:03.0668 5892        \Device\Harddisk3\DR3:
12:44:03.0670 5892        MBR partitions:
12:44:03.0670 5892        \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:44:03.0670 5892        \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
12:44:03.0670 5892        \Device\Harddisk0\DR0:
12:44:03.0670 5892        MBR partitions:
12:44:03.0670 5892        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
12:44:03.0670 5892        \Device\Harddisk1\DR1:
12:44:03.0670 5892        MBR partitions:
12:44:03.0670 5892        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
12:44:03.0670 5892        \Device\Harddisk2\DR2:
12:44:03.0670 5892        MBR partitions:
12:44:03.0670 5892        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
12:44:03.0670 5892        \Device\Harddisk4\DR6:
12:44:03.0671 5892        MBR partitions:
12:44:03.0671 5892        \Device\Harddisk4\DR6\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DF9800
12:44:03.0671 5892        \Device\Harddisk5\DR5:
12:44:03.0672 5892        MBR partitions:
12:44:03.0672 5892        \Device\Harddisk5\DR5\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x771FC1
12:44:03.0672 5892        ============================================================
12:44:03.0674 5892        C: <-> \Device\Harddisk3\DR3\Partition1
12:44:03.0695 5892        D: <-> \Device\Harddisk0\DR0\Partition0
12:44:03.0721 5892        E: <-> \Device\Harddisk1\DR1\Partition0
12:44:03.0764 5892        F: <-> \Device\Harddisk2\DR2\Partition0
12:44:03.0764 5892        ============================================================
12:44:03.0764 5892        Initialize success
12:44:03.0764 5892        ============================================================
12:44:59.0579 2236        ============================================================
12:44:59.0579 2236        Scan started
12:44:59.0579 2236        Mode: Manual; SigCheck; TDLFS;
12:44:59.0579 2236        ============================================================
12:45:00.0395 2236        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:45:00.0459 2236        1394ohci - ok
12:45:00.0470 2236        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:45:00.0481 2236        ACPI - ok
12:45:00.0484 2236        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:45:00.0502 2236        AcpiPmi - ok
12:45:00.0533 2236        AcrSch2Svc      (cab6b4c7c86648b5c119b5d42e71a27d) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
12:45:00.0553 2236        AcrSch2Svc - ok
12:45:00.0569 2236        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:45:00.0583 2236        adp94xx - ok
12:45:00.0593 2236        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:45:00.0605 2236        adpahci - ok
12:45:00.0612 2236        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:45:00.0621 2236        adpu320 - ok
12:45:00.0627 2236        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:45:00.0672 2236        AeLookupSvc - ok
12:45:00.0683 2236        afcdp          (cc946c4ebf60cb6dc8816e5f8a941ead) C:\Windows\system32\DRIVERS\afcdp.sys
12:45:00.0700 2236        afcdp - ok
12:45:00.0829 2236        afcdpsrv        (149e8ca66ceade0d17ac4028a567499f) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
12:45:00.0906 2236        afcdpsrv - ok
12:45:00.0944 2236        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:45:00.0958 2236        AFD - ok
12:45:00.0962 2236        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:45:00.0970 2236        agp440 - ok
12:45:00.0974 2236        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:45:00.0983 2236        ALG - ok
12:45:00.0986 2236        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:45:00.0993 2236        aliide - ok
12:45:00.0996 2236        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:45:01.0003 2236        amdide - ok
12:45:01.0007 2236        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:45:01.0016 2236        AmdK8 - ok
12:45:01.0020 2236        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:45:01.0028 2236        AmdPPM - ok
12:45:01.0033 2236        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:45:01.0042 2236        amdsata - ok
12:45:01.0049 2236        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:45:01.0059 2236        amdsbs - ok
12:45:01.0062 2236        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:45:01.0069 2236        amdxata - ok
12:45:01.0072 2236        androidusb      (363571bc0c79e394e69300d1f2e3ddae) C:\Windows\system32\Drivers\androidusb.sys
12:45:01.0079 2236        androidusb - ok
12:45:01.0086 2236        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:45:01.0109 2236        AppID - ok
12:45:01.0112 2236        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:45:01.0136 2236        AppIDSvc - ok
12:45:01.0141 2236        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:45:01.0163 2236        Appinfo - ok
12:45:01.0172 2236        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:45:01.0181 2236        AppMgmt - ok
12:45:01.0186 2236        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:45:01.0194 2236        arc - ok
12:45:01.0199 2236        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:45:01.0207 2236        arcsas - ok
12:45:01.0210 2236        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:45:01.0233 2236        AsyncMac - ok
12:45:01.0236 2236        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:45:01.0243 2236        atapi - ok
12:45:01.0267 2236        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:45:01.0299 2236        AudioEndpointBuilder - ok
12:45:01.0304 2236        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:45:01.0331 2236        AudioSrv - ok
12:45:01.0336 2236        Avgfwfd        (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
12:45:01.0342 2236        Avgfwfd - ok
12:45:01.0403 2236        avgfws          (3f246752bc1309f71a737c6a90dd5295) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
12:45:01.0438 2236        avgfws - ok
12:45:01.0570 2236        AVGIDSAgent    (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
12:45:01.0670 2236        AVGIDSAgent - ok
12:45:01.0699 2236        AVGIDSDriver    (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
12:45:01.0711 2236        AVGIDSDriver - ok
12:45:01.0714 2236        AVGIDSFilter    (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
12:45:01.0725 2236        AVGIDSFilter - ok
12:45:01.0728 2236        AVGIDSHA        (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
12:45:01.0739 2236        AVGIDSHA - ok
12:45:01.0748 2236        Avgldx64        (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
12:45:01.0762 2236        Avgldx64 - ok
12:45:01.0766 2236        Avgmfx64        (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
12:45:01.0776 2236        Avgmfx64 - ok
12:45:01.0779 2236        Avgrkx64        (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
12:45:01.0789 2236        Avgrkx64 - ok
12:45:01.0801 2236        Avgtdia        (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
12:45:01.0816 2236        Avgtdia - ok
12:45:01.0828 2236        avgwd          (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
12:45:01.0840 2236        avgwd - ok
12:45:01.0846 2236        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:45:01.0858 2236        AxInstSV - ok
12:45:01.0872 2236        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:45:01.0885 2236        b06bdrv - ok
12:45:01.0894 2236        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:45:01.0905 2236        b57nd60a - ok
12:45:01.0912 2236        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:45:01.0920 2236        BDESVC - ok
12:45:01.0923 2236        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:45:01.0946 2236        Beep - ok
12:45:01.0970 2236        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:45:02.0001 2236        BFE - ok
12:45:02.0022 2236        bgsvcgen        (acc9c8c560c567fad6f79c977ab2ea09) C:\Windows\SysWOW64\bgsvcgen.exe
12:45:02.0030 2236        bgsvcgen - ok
12:45:02.0057 2236        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:45:02.0091 2236        BITS - ok
12:45:02.0097 2236        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:45:02.0105 2236        blbdrive - ok
12:45:02.0110 2236        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:45:02.0117 2236        bowser - ok
12:45:02.0120 2236        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:45:02.0138 2236        BrFiltLo - ok
12:45:02.0141 2236        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:45:02.0150 2236        BrFiltUp - ok
12:45:02.0155 2236        BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:45:02.0179 2236        BridgeMP - ok
12:45:02.0185 2236        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:45:02.0210 2236        Browser - ok
12:45:02.0219 2236        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:45:02.0229 2236        Brserid - ok
12:45:02.0233 2236        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:45:02.0243 2236        BrSerWdm - ok
12:45:02.0246 2236        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:45:02.0255 2236        BrUsbMdm - ok
12:45:02.0257 2236        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:45:02.0265 2236        BrUsbSer - ok
12:45:02.0270 2236        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:45:02.0279 2236        BTHMODEM - ok
12:45:02.0286 2236        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:45:02.0310 2236        bthserv - ok
12:45:02.0316 2236        catchme - ok
12:45:02.0321 2236        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:45:02.0345 2236        cdfs - ok
12:45:02.0350 2236        cdrbsdrv        (9edd76d0800a022ae10b9243d0224e72) C:\Windows\system32\drivers\cdrbsdrv.sys
12:45:02.0360 2236        cdrbsdrv - ok
12:45:02.0366 2236        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:45:02.0376 2236        cdrom - ok
12:45:02.0382 2236        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:45:02.0407 2236        CertPropSvc - ok
12:45:02.0410 2236        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:45:02.0421 2236        circlass - ok
12:45:02.0434 2236        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:45:02.0447 2236        CLFS - ok
12:45:02.0453 2236        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:45:02.0461 2236        clr_optimization_v2.0.50727_32 - ok
12:45:02.0467 2236        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:45:02.0475 2236        clr_optimization_v2.0.50727_64 - ok
12:45:02.0484 2236        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:45:02.0496 2236        clr_optimization_v4.0.30319_32 - ok
12:45:02.0504 2236        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:45:02.0512 2236        clr_optimization_v4.0.30319_64 - ok
12:45:02.0515 2236        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:45:02.0524 2236        CmBatt - ok
12:45:02.0527 2236        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:45:02.0534 2236        cmdide - ok
12:45:02.0549 2236        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:45:02.0569 2236        CNG - ok
12:45:02.0573 2236        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:45:02.0580 2236        Compbatt - ok
12:45:02.0583 2236        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:45:02.0594 2236        CompositeBus - ok
12:45:02.0596 2236        COMSysApp - ok
12:45:02.0600 2236        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:45:02.0607 2236        crcdisk - ok
12:45:02.0616 2236        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:45:02.0626 2236        CryptSvc - ok
12:45:02.0645 2236        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:45:02.0662 2236        CSC - ok
12:45:02.0684 2236        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:45:02.0711 2236        CscService - ok
12:45:02.0741 2236        cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:45:02.0756 2236        cvhsvc - ok
12:45:02.0794 2236        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:45:02.0823 2236        DcomLaunch - ok
12:45:02.0836 2236        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:45:02.0862 2236        defragsvc - ok
12:45:02.0869 2236        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:45:02.0893 2236        DfsC - ok
12:45:02.0906 2236        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:45:02.0933 2236        Dhcp - ok
12:45:02.0937 2236        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:45:02.0960 2236        discache - ok
12:45:02.0965 2236        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:45:02.0973 2236        Disk - ok
12:45:02.0980 2236        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:45:02.0990 2236        Dnscache - ok
12:45:02.0999 2236        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:45:03.0024 2236        dot3svc - ok
12:45:03.0031 2236        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:45:03.0055 2236        DPS - ok
12:45:03.0058 2236        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:45:03.0067 2236        drmkaud - ok
12:45:03.0101 2236        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:45:03.0124 2236        DXGKrnl - ok
12:45:03.0130 2236        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:45:03.0154 2236        EapHost - ok
12:45:03.0234 2236        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:45:03.0277 2236        ebdrv - ok
12:45:03.0299 2236        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:45:03.0308 2236        EFS - ok
12:45:03.0331 2236        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:45:03.0349 2236        ehRecvr - ok
12:45:03.0355 2236        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:45:03.0364 2236        ehSched - ok
12:45:03.0382 2236        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:45:03.0396 2236        elxstor - ok
12:45:03.0399 2236        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:45:03.0406 2236        ErrDev - ok
12:45:03.0425 2236        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:45:03.0455 2236        EventSystem - ok
12:45:03.0463 2236        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:45:03.0499 2236        exfat - ok
12:45:03.0506 2236        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:45:03.0531 2236        fastfat - ok
12:45:03.0551 2236        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:45:03.0566 2236        Fax - ok
12:45:03.0570 2236        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:45:03.0578 2236        fdc - ok
12:45:03.0581 2236        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:45:03.0604 2236        fdPHost - ok
12:45:03.0608 2236        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:45:03.0632 2236        FDResPub - ok
12:45:03.0636 2236        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:45:03.0643 2236        FileInfo - ok
12:45:03.0646 2236        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:45:03.0670 2236        Filetrace - ok
12:45:03.0673 2236        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:45:03.0680 2236        flpydisk - ok
12:45:03.0691 2236        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:45:03.0703 2236        FltMgr - ok
12:45:03.0734 2236        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:45:03.0755 2236        FontCache - ok
12:45:03.0760 2236        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:45:03.0766 2236        FontCache3.0.0.0 - ok
12:45:03.0771 2236        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:45:03.0779 2236        FsDepends - ok
12:45:03.0782 2236        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:45:03.0789 2236        Fs_Rec - ok
12:45:03.0799 2236        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:45:03.0813 2236        fvevol - ok
12:45:03.0817 2236        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:45:03.0825 2236        gagp30kx - ok
12:45:03.0853 2236        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:45:03.0886 2236        gpsvc - ok
12:45:03.0889 2236        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:45:03.0896 2236        hcw85cir - ok
12:45:03.0908 2236        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:45:03.0920 2236        HdAudAddService - ok
12:45:03.0927 2236        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:45:03.0937 2236        HDAudBus - ok
12:45:03.0940 2236        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:45:03.0948 2236        HidBatt - ok
12:45:03.0953 2236        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:45:03.0963 2236        HidBth - ok
12:45:03.0967 2236        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:45:03.0977 2236        HidIr - ok
12:45:03.0980 2236        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:45:04.0004 2236        hidserv - ok
12:45:04.0008 2236        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:45:04.0015 2236        HidUsb - ok
12:45:04.0020 2236        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:45:04.0043 2236        hkmsvc - ok
12:45:04.0052 2236        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:45:04.0063 2236        HomeGroupListener - ok
12:45:04.0071 2236        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:45:04.0082 2236        HomeGroupProvider - ok
12:45:04.0086 2236        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:45:04.0094 2236        HpSAMD - ok
12:45:04.0119 2236        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:45:04.0160 2236        HTTP - ok
12:45:04.0163 2236        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:45:04.0170 2236        hwpolicy - ok
12:45:04.0175 2236        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:45:04.0183 2236        i8042prt - ok
12:45:04.0198 2236        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:45:04.0211 2236        iaStorV - ok
12:45:04.0239 2236        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:45:04.0260 2236        idsvc - ok
12:45:04.0264 2236        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:45:04.0271 2236        iirsp - ok
12:45:04.0302 2236        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:45:04.0337 2236        IKEEXT - ok
12:45:04.0341 2236        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:45:04.0348 2236        intelide - ok
12:45:04.0352 2236        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:45:04.0360 2236        intelppm - ok
12:45:04.0366 2236        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:45:04.0390 2236        IPBusEnum - ok
12:45:04.0394 2236        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:45:04.0417 2236        IpFilterDriver - ok
12:45:04.0436 2236        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:45:04.0467 2236        iphlpsvc - ok
12:45:04.0471 2236        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:45:04.0480 2236        IPMIDRV - ok
12:45:04.0485 2236        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:45:04.0510 2236        IPNAT - ok
12:45:04.0513 2236        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:45:04.0523 2236        IRENUM - ok
12:45:04.0526 2236        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:45:04.0533 2236        isapnp - ok
12:45:04.0543 2236        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:45:04.0554 2236        iScsiPrt - ok
12:45:04.0558 2236        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:45:04.0565 2236        kbdclass - ok
12:45:04.0569 2236        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:45:04.0577 2236        kbdhid - ok
12:45:04.0580 2236        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:04.0587 2236        KeyIso - ok
12:45:04.0592 2236        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:45:04.0600 2236        KSecDD - ok
12:45:04.0607 2236        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:45:04.0617 2236        KSecPkg - ok
12:45:04.0620 2236        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:45:04.0643 2236        ksthunk - ok
12:45:04.0654 2236        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:45:04.0681 2236        KtmRm - ok
12:45:04.0692 2236        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:45:04.0718 2236        LanmanServer - ok
12:45:04.0724 2236        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:45:04.0749 2236        LanmanWorkstation - ok
12:45:04.0762 2236        LBTServ        (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:45:04.0777 2236        LBTServ - ok
12:45:04.0783 2236        LEqdUsb        (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
12:45:04.0794 2236        LEqdUsb - ok
12:45:04.0798 2236        LHidEqd        (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
12:45:04.0808 2236        LHidEqd - ok
12:45:04.0812 2236        LHidFilt        (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:45:04.0823 2236        LHidFilt - ok
12:45:04.0833 2236        LightScribeService (fcbdcc6f1801e32244235608e1277752) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
12:45:04.0837 2236        LightScribeService ( UnsignedFile.Multi.Generic ) - warning
12:45:04.0837 2236        LightScribeService - detected UnsignedFile.Multi.Generic (1)
12:45:04.0841 2236        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:45:04.0864 2236        lltdio - ok
12:45:04.0874 2236        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:45:04.0901 2236        lltdsvc - ok
12:45:04.0904 2236        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:45:04.0927 2236        lmhosts - ok
12:45:04.0931 2236        LMouFilt        (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:45:04.0942 2236        LMouFilt - ok
12:45:04.0949 2236        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:45:04.0957 2236        LSI_FC - ok
12:45:04.0963 2236        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:45:04.0971 2236        LSI_SAS - ok
12:45:04.0975 2236        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:45:04.0982 2236        LSI_SAS2 - ok
12:45:04.0988 2236        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:45:04.0996 2236        LSI_SCSI - ok
12:45:05.0001 2236        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:45:05.0025 2236        luafv - ok
12:45:05.0029 2236        LUsbFilt        (29c733e1de824670dc9315cfc9bdbcd3) C:\Windows\system32\Drivers\LUsbFilt.Sys
12:45:05.0040 2236        LUsbFilt - ok
12:45:05.0048 2236        MarvinBus      (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
12:45:05.0057 2236        MarvinBus - ok
12:45:05.0063 2236        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
12:45:05.0074 2236        MBAMProtector - ok
12:45:05.0095 2236        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:45:05.0110 2236        MBAMService - ok
12:45:05.0114 2236        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:45:05.0124 2236        Mcx2Svc - ok
12:45:05.0127 2236        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:45:05.0134 2236        megasas - ok
12:45:05.0143 2236        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:45:05.0154 2236        MegaSR - ok
12:45:05.0159 2236        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:45:05.0184 2236        MMCSS - ok
12:45:05.0188 2236        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:45:05.0211 2236        Modem - ok
12:45:05.0215 2236        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:45:05.0224 2236        monitor - ok
12:45:05.0227 2236        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:45:05.0235 2236        mouclass - ok
12:45:05.0238 2236        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:45:05.0245 2236        mouhid - ok
12:45:05.0251 2236        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:45:05.0259 2236        mountmgr - ok
12:45:05.0266 2236        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:45:05.0274 2236        MozillaMaintenance - ok
12:45:05.0281 2236        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:45:05.0291 2236        mpio - ok
12:45:05.0295 2236        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:45:05.0319 2236        mpsdrv - ok
12:45:05.0349 2236        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:45:05.0384 2236        MpsSvc - ok
12:45:05.0391 2236        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:45:05.0403 2236        MRxDAV - ok
12:45:05.0410 2236        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:45:05.0421 2236        mrxsmb - ok
12:45:05.0432 2236        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:45:05.0444 2236        mrxsmb10 - ok
12:45:05.0450 2236        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:45:05.0458 2236        mrxsmb20 - ok
12:45:05.0462 2236        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:45:05.0469 2236        msahci - ok
12:45:05.0475 2236        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:45:05.0484 2236        msdsm - ok
12:45:05.0491 2236        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:45:05.0501 2236        MSDTC - ok
12:45:05.0507 2236        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:45:05.0530 2236        Msfs - ok
12:45:05.0533 2236        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:45:05.0565 2236        mshidkmdf - ok
12:45:05.0568 2236        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:45:05.0575 2236        msisadrv - ok
12:45:05.0582 2236        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:45:05.0607 2236        MSiSCSI - ok
12:45:05.0610 2236        msiserver - ok
12:45:05.0613 2236        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:45:05.0637 2236        MSKSSRV - ok
12:45:05.0640 2236        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:45:05.0662 2236        MSPCLOCK - ok
12:45:05.0665 2236        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:45:05.0688 2236        MSPQM - ok
12:45:05.0702 2236        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:45:05.0715 2236        MsRPC - ok
12:45:05.0720 2236        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:45:05.0728 2236        mssmbios - ok
12:45:05.0730 2236        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:45:05.0755 2236        MSTEE - ok
12:45:05.0757 2236        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:45:05.0765 2236        MTConfig - ok
12:45:05.0768 2236        MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
12:45:05.0774 2236        MTsensor - ok
12:45:05.0778 2236        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:45:05.0786 2236        Mup - ok
12:45:05.0801 2236        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:45:05.0830 2236        napagent - ok
12:45:05.0841 2236        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:45:05.0855 2236        NativeWifiP - ok
12:45:05.0888 2236        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:45:05.0911 2236        NDIS - ok
12:45:05.0914 2236        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:45:05.0937 2236        NdisCap - ok
12:45:05.0941 2236        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:45:05.0964 2236        NdisTapi - ok
12:45:05.0968 2236        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:45:05.0990 2236        Ndisuio - ok
12:45:05.0998 2236        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:45:06.0021 2236        NdisWan - ok
12:45:06.0026 2236        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:45:06.0048 2236        NDProxy - ok
12:45:06.0052 2236        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:45:06.0076 2236        NetBIOS - ok
12:45:06.0086 2236        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:45:06.0112 2236        NetBT - ok
12:45:06.0116 2236        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:06.0123 2236        Netlogon - ok
12:45:06.0137 2236        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:45:06.0167 2236        Netman - ok
12:45:06.0183 2236        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:45:06.0213 2236        netprofm - ok
12:45:06.0220 2236        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:45:06.0227 2236        NetTcpPortSharing - ok
12:45:06.0231 2236        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:45:06.0239 2236        nfrd960 - ok
12:45:06.0251 2236        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:45:06.0278 2236        NlaSvc - ok
12:45:06.0295 2236        NMSAccess32A.exe - ok
12:45:06.0300 2236        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:45:06.0323 2236        Npfs - ok
12:45:06.0327 2236        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:45:06.0351 2236        nsi - ok
12:45:06.0354 2236        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:45:06.0377 2236        nsiproxy - ok
12:45:06.0435 2236        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:45:06.0471 2236        Ntfs - ok
12:45:06.0495 2236        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:45:06.0521 2236        Null - ok
12:45:06.0525 2236        nusb3hub        (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
12:45:06.0533 2236        nusb3hub - ok
12:45:06.0540 2236        nusb3xhc        (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:45:06.0548 2236        nusb3xhc - ok
12:45:06.0555 2236        NVHDA          (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
12:45:06.0567 2236        NVHDA - ok
12:45:06.0909 2236        nvlddmkm        (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:45:07.0147 2236        nvlddmkm - ok
12:45:07.0179 2236        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:45:07.0188 2236        nvraid - ok
12:45:07.0195 2236        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:45:07.0204 2236        nvstor - ok
12:45:07.0233 2236        NVSvc          (d6731031aa1f7bb8a3921a93e9d5a838) C:\Windows\system32\nvvsvc.exe
12:45:07.0259 2236        NVSvc - ok
12:45:07.0265 2236        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:45:07.0274 2236        nv_agp - ok
12:45:07.0291 2236        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:45:07.0303 2236        odserv - ok
12:45:07.0308 2236        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:45:07.0317 2236        ohci1394 - ok
12:45:07.0323 2236        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:45:07.0330 2236        ose - ok
12:45:07.0461 2236        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:45:07.0544 2236        osppsvc - ok
12:45:07.0578 2236        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:45:07.0590 2236        p2pimsvc - ok
12:45:07.0604 2236        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:45:07.0617 2236        p2psvc - ok
12:45:07.0624 2236        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:45:07.0632 2236        Parport - ok
12:45:07.0637 2236        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:45:07.0645 2236        partmgr - ok
12:45:07.0653 2236        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:45:07.0667 2236        PcaSvc - ok
12:45:07.0675 2236        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:45:07.0685 2236        pci - ok
12:45:07.0687 2236        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:45:07.0694 2236        pciide - ok
12:45:07.0702 2236        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:45:07.0712 2236        pcmcia - ok
12:45:07.0716 2236        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:45:07.0723 2236        pcw - ok
12:45:07.0741 2236        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:45:07.0774 2236        PEAUTH - ok
12:45:07.0809 2236        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:45:07.0832 2236        PeerDistSvc - ok
12:45:07.0852 2236        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:45:07.0861 2236        PerfHost - ok
12:45:07.0919 2236        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:45:07.0959 2236        pla - ok
12:45:07.0973 2236        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:45:07.0987 2236        PlugPlay - ok
12:45:07.0990 2236        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:45:07.0998 2236        PNRPAutoReg - ok
12:45:08.0009 2236        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:45:08.0019 2236        PNRPsvc - ok
12:45:08.0036 2236        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:45:08.0064 2236        PolicyAgent - ok
12:45:08.0074 2236        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:45:08.0101 2236        Power - ok
12:45:08.0109 2236        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:45:08.0133 2236        PptpMiniport - ok
12:45:08.0137 2236        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:45:08.0146 2236        Processor - ok
12:45:08.0153 2236        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:45:08.0164 2236        ProfSvc - ok
12:45:08.0167 2236        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:08.0174 2236        ProtectedStorage - ok
12:45:08.0181 2236        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:45:08.0204 2236        Psched - ok
12:45:08.0244 2236        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:45:08.0273 2236        ql2300 - ok
12:45:08.0299 2236        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:45:08.0308 2236        ql40xx - ok
12:45:08.0318 2236        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:45:08.0333 2236        QWAVE - ok
12:45:08.0336 2236        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:45:08.0347 2236        QWAVEdrv - ok
12:45:08.0357 2236        RapiMgr        (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
12:45:08.0367 2236        RapiMgr - ok
12:45:08.0370 2236        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:45:08.0393 2236        RasAcd - ok
12:45:08.0397 2236        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:45:08.0421 2236        RasAgileVpn - ok
12:45:08.0426 2236        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:45:08.0452 2236        RasAuto - ok
12:45:08.0458 2236        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:45:08.0481 2236        Rasl2tp - ok
12:45:08.0493 2236        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:45:08.0520 2236        RasMan - ok
12:45:08.0525 2236        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:45:08.0549 2236        RasPppoe - ok
12:45:08.0553 2236        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:45:08.0578 2236        RasSstp - ok
12:45:08.0590 2236        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:45:08.0616 2236        rdbss - ok
12:45:08.0619 2236        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:45:08.0629 2236        rdpbus - ok
12:45:08.0631 2236        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:45:08.0654 2236        RDPCDD - ok
12:45:08.0663 2236        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:45:08.0671 2236        RDPDR - ok
12:45:08.0674 2236        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:45:08.0697 2236        RDPENCDD - ok
12:45:08.0702 2236        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:45:08.0724 2236        RDPREFMP - ok
12:45:08.0732 2236        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:45:08.0742 2236        RDPWD - ok
12:45:08.0751 2236        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:45:08.0762 2236        rdyboost - ok
12:45:08.0767 2236        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:45:08.0792 2236        RemoteAccess - ok
12:45:08.0799 2236        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:45:08.0825 2236        RemoteRegistry - ok
12:45:08.0831 2236        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:45:08.0856 2236        RpcEptMapper - ok
12:45:08.0859 2236        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:45:08.0867 2236        RpcLocator - ok
12:45:08.0886 2236        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:45:08.0911 2236        RpcSs - ok
12:45:08.0916 2236        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:45:08.0940 2236        rspndr - ok
12:45:08.0956 2236        RTL8167        (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:45:08.0973 2236        RTL8167 - ok
12:45:08.0975 2236        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:45:08.0982 2236        s3cap - ok
12:45:08.0985 2236        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:08.0992 2236        SamSs - ok
12:45:08.0997 2236        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:45:09.0006 2236        sbp2port - ok
12:45:09.0014 2236        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:45:09.0040 2236        SCardSvr - ok
12:45:09.0044 2236        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:45:09.0067 2236        scfilter - ok
12:45:09.0102 2236        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:45:09.0141 2236        Schedule - ok
12:45:09.0148 2236        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:45:09.0170 2236        SCPolicySvc - ok
12:45:09.0178 2236        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:45:09.0188 2236        SDRSVC - ok
12:45:09.0193 2236        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:45:09.0216 2236        secdrv - ok
12:45:09.0220 2236        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:45:09.0243 2236        seclogon - ok
12:45:09.0247 2236        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:45:09.0271 2236        SENS - ok
12:45:09.0274 2236        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:45:09.0283 2236        SensrSvc - ok
12:45:09.0286 2236        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:45:09.0294 2236        Serenum - ok
12:45:09.0298 2236        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:45:09.0306 2236        Serial - ok
12:45:09.0309 2236        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:45:09.0316 2236        sermouse - ok
12:45:09.0326 2236        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:45:09.0351 2236        SessionEnv - ok
12:45:09.0354 2236        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:45:09.0363 2236        sffdisk - ok
12:45:09.0366 2236        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:45:09.0375 2236        sffp_mmc - ok
12:45:09.0378 2236        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:45:09.0388 2236        sffp_sd - ok
12:45:09.0390 2236        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:45:09.0398 2236        sfloppy - ok
12:45:09.0420 2236        Sftfs          (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
12:45:09.0436 2236        Sftfs - ok
12:45:09.0458 2236        sftlist        (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:45:09.0476 2236        sftlist - ok
12:45:09.0485 2236        Sftplay        (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:45:09.0495 2236        Sftplay - ok
12:45:09.0498 2236        Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:45:09.0504 2236        Sftredir - ok
12:45:09.0507 2236        Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
12:45:09.0513 2236        Sftvol - ok
12:45:09.0522 2236        sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:45:09.0532 2236        sftvsa - ok
12:45:09.0543 2236        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:45:09.0571 2236        SharedAccess - ok
12:45:09.0584 2236        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:45:09.0611 2236        ShellHWDetection - ok
12:45:09.0615 2236        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:45:09.0623 2236        SiSRaid2 - ok
12:45:09.0627 2236        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:45:09.0635 2236        SiSRaid4 - ok
12:45:09.0654 2236        SKYNET          (8082dace8988825b52433f2379af9458) C:\Windows\system32\DRIVERS\SkyNET_AMD64.SYS
12:45:09.0672 2236        SKYNET - ok
12:45:09.0678 2236        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:45:09.0702 2236        Smb - ok
12:45:09.0716 2236        snapman        (b2c19ae46c5a109679b4fb38058df05a) C:\Windows\system32\DRIVERS\snapman.sys
12:45:09.0730 2236        snapman - ok
12:45:09.0733 2236        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:45:09.0742 2236        SNMPTRAP - ok
12:45:09.0745 2236        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:45:09.0752 2236        spldr - ok
12:45:09.0773 2236        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:45:09.0805 2236        Spooler - ok
12:45:09.0924 2236        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:45:10.0034 2236        sppsvc - ok
12:45:10.0058 2236        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:45:10.0083 2236        sppuinotify - ok
12:45:10.0085 2236        sptd - ok
12:45:10.0106 2236        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:45:10.0122 2236        srv - ok
12:45:10.0138 2236        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:45:10.0152 2236        srv2 - ok
12:45:10.0160 2236        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:45:10.0170 2236        srvnet - ok
12:45:10.0179 2236        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:45:10.0206 2236        SSDPSRV - ok
12:45:10.0210 2236        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:45:10.0235 2236        SstpSvc - ok
12:45:10.0238 2236        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:45:10.0246 2236        stexstor - ok
12:45:10.0266 2236        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:45:10.0286 2236        stisvc - ok
12:45:10.0290 2236        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:45:10.0298 2236        storflt - ok
12:45:10.0301 2236        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
12:45:10.0309 2236        StorSvc - ok
12:45:10.0312 2236        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:45:10.0320 2236        storvsc - ok
12:45:10.0323 2236        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:45:10.0330 2236        swenum - ok
12:45:10.0347 2236        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:45:10.0379 2236        swprv - ok
12:45:10.0431 2236        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:45:10.0465 2236        SysMain - ok
12:45:10.0489 2236        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:45:10.0502 2236        TabletInputService - ok
12:45:10.0512 2236        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:45:10.0539 2236        TapiSrv - ok
12:45:10.0544 2236        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:45:10.0569 2236        TBS - ok
12:45:10.0627 2236        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:45:10.0662 2236        Tcpip - ok
12:45:10.0733 2236        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:45:10.0759 2236        TCPIP6 - ok
12:45:10.0785 2236        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:45:10.0808 2236        tcpipreg - ok
12:45:10.0813 2236        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:45:10.0820 2236        TDPIPE - ok
12:45:10.0862 2236        tdrpman273      (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
12:45:10.0894 2236        tdrpman273 - ok
12:45:10.0897 2236        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:45:10.0905 2236        TDTCP - ok
12:45:10.0911 2236        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:45:10.0934 2236        tdx - ok
12:45:11.0004 2236        TeamViewer7    (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
12:45:11.0049 2236        TeamViewer7 - ok
12:45:11.0073 2236        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:45:11.0081 2236        TermDD - ok
12:45:11.0101 2236        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:45:11.0133 2236        TermService - ok
12:45:11.0136 2236        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:45:11.0148 2236        Themes - ok
12:45:11.0153 2236        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:45:11.0176 2236        THREADORDER - ok
12:45:11.0207 2236        timounter      (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
12:45:11.0232 2236        timounter - ok
12:45:11.0239 2236        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:45:11.0264 2236        TrkWks - ok
12:45:11.0272 2236        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:45:11.0297 2236        TrustedInstaller - ok
12:45:11.0302 2236        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:45:11.0324 2236        tssecsrv - ok
12:45:11.0330 2236        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:45:11.0338 2236        TsUsbFlt - ok
12:45:11.0344 2236        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:45:11.0367 2236        tunnel - ok
12:45:11.0371 2236        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:45:11.0379 2236        uagp35 - ok
12:45:11.0390 2236        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:45:11.0416 2236        udfs - ok
12:45:11.0423 2236        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:45:11.0432 2236        UI0Detect - ok
12:45:11.0437 2236        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:45:11.0444 2236        uliagpkx - ok
12:45:11.0448 2236        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:45:11.0457 2236        umbus - ok
12:45:11.0459 2236        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:45:11.0467 2236        UmPass - ok
12:45:11.0475 2236        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:45:11.0485 2236        UmRdpService - ok
12:45:11.0498 2236        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:45:11.0527 2236        upnphost - ok
12:45:11.0532 2236        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:45:11.0541 2236        usbccgp - ok
12:45:11.0546 2236        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:45:11.0556 2236        usbcir - ok
12:45:11.0560 2236        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:45:11.0567 2236        usbehci - ok
12:45:11.0579 2236        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:45:11.0591 2236        usbhub - ok
12:45:11.0595 2236        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
12:45:11.0602 2236        usbohci - ok
12:45:11.0605 2236        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:45:11.0615 2236        usbprint - ok
12:45:11.0619 2236        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:45:11.0628 2236        usbscan - ok
12:45:11.0633 2236        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:45:11.0641 2236        USBSTOR - ok
12:45:11.0644 2236        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:45:11.0652 2236        usbuhci - ok
12:45:11.0655 2236        usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
12:45:11.0663 2236        usb_rndisx - ok
12:45:11.0667 2236        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:45:11.0691 2236        UxSms - ok
12:45:11.0695 2236        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:45:11.0702 2236        VaultSvc - ok
12:45:11.0705 2236        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:45:11.0712 2236        vdrvroot - ok
12:45:11.0729 2236        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:45:11.0758 2236        vds - ok
12:45:11.0761 2236        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:45:11.0771 2236        vga - ok
12:45:11.0774 2236        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:45:11.0799 2236        VgaSave - ok
12:45:11.0807 2236        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:45:11.0816 2236        vhdmp - ok
12:45:11.0819 2236        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:45:11.0827 2236        viaide - ok
12:45:11.0836 2236        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:45:11.0846 2236        vmbus - ok
12:45:11.0849 2236        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:45:11.0856 2236        VMBusHID - ok
12:45:11.0861 2236        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:45:11.0868 2236        volmgr - ok
12:45:11.0884 2236        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:45:11.0897 2236        volmgrx - ok
12:45:11.0909 2236        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:45:11.0921 2236        volsnap - ok
12:45:11.0930 2236        vpcbus          (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
12:45:11.0940 2236        vpcbus - ok
12:45:11.0945 2236        vpcnfltr        (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
12:45:11.0953 2236        vpcnfltr - ok
12:45:11.0958 2236        vpcusb          (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
12:45:11.0967 2236        vpcusb - ok
12:45:11.0978 2236        vpcvmm          (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
12:45:11.0991 2236        vpcvmm - ok
12:45:11.0997 2236        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:45:12.0007 2236        vsmraid - ok
12:45:12.0058 2236        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:45:12.0107 2236        VSS - ok
12:45:12.0135 2236        vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
12:45:12.0155 2236        vToolbarUpdater11.1.0 - ok
12:45:12.0178 2236        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:45:12.0187 2236        vwifibus - ok
12:45:12.0201 2236        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:45:12.0230 2236        W32Time - ok
12:45:12.0235 2236        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:45:12.0243 2236        WacomPen - ok
12:45:12.0249 2236        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:12.0272 2236        WANARP - ok
12:45:12.0274 2236        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:45:12.0296 2236        Wanarpv6 - ok
12:45:12.0342 2236        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:45:12.0378 2236        wbengine - ok
12:45:12.0404 2236        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:45:12.0418 2236        WbioSrvc - ok
12:45:12.0433 2236        WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
12:45:12.0446 2236        WcesComm - ok
12:45:12.0458 2236        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:45:12.0474 2236        wcncsvc - ok
12:45:12.0478 2236        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:45:12.0486 2236        WcsPlugInService - ok
12:45:12.0491 2236        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:45:12.0498 2236        Wd - ok
12:45:12.0517 2236        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:45:12.0533 2236        Wdf01000 - ok
12:45:12.0539 2236        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:45:12.0552 2236        WdiServiceHost - ok
12:45:12.0555 2236        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:45:12.0566 2236        WdiSystemHost - ok
12:45:12.0577 2236        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:45:12.0593 2236        WebClient - ok
12:45:12.0601 2236        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:45:12.0628 2236        Wecsvc - ok
12:45:12.0633 2236        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:45:12.0658 2236        wercplsupport - ok
12:45:12.0663 2236        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:45:12.0688 2236        WerSvc - ok
12:45:12.0693 2236        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:45:12.0716 2236        WfpLwf - ok
12:45:12.0719 2236        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:45:12.0726 2236        WIMMount - ok
12:45:12.0729 2236        WinDefend - ok
12:45:12.0734 2236        WinHttpAutoProxySvc - ok
12:45:12.0747 2236        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:45:12.0772 2236        Winmgmt - ok
12:45:12.0840 2236        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:45:12.0891 2236        WinRM - ok
12:45:12.0937 2236        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:45:12.0959 2236        Wlansvc - ok
12:45:13.0036 2236        wlidsvc        (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:45:13.0085 2236        wlidsvc - ok
12:45:13.0108 2236        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:45:13.0115 2236        WmiAcpi - ok
12:45:13.0126 2236        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:45:13.0137 2236        wmiApSrv - ok
12:45:13.0140 2236        WMPNetworkSvc - ok
12:45:13.0145 2236        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:45:13.0152 2236        WPCSvc - ok
12:45:13.0158 2236        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:45:13.0168 2236        WPDBusEnum - ok
12:45:13.0172 2236        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:45:13.0195 2236        ws2ifsl - ok
12:45:13.0200 2236        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:45:13.0212 2236        wscsvc - ok
12:45:13.0215 2236        WSearch - ok
12:45:13.0279 2236        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:45:13.0321 2236        wuauserv - ok
12:45:13.0346 2236        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:45:13.0370 2236        WudfPf - ok
12:45:13.0378 2236        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:45:13.0402 2236        WUDFRd - ok
12:45:13.0407 2236        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:45:13.0430 2236        wudfsvc - ok
12:45:13.0439 2236        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:45:13.0454 2236        WwanSvc - ok
12:45:13.0466 2236        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3
12:45:13.0556 2236        \Device\Harddisk3\DR3 - ok
12:45:13.0558 2236        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:45:13.0613 2236        \Device\Harddisk0\DR0 - ok
12:45:13.0629 2236        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
12:45:13.0908 2236        \Device\Harddisk1\DR1 - ok
12:45:13.0927 2236        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
12:45:14.0007 2236        \Device\Harddisk2\DR2 - ok
12:45:14.0016 2236        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk4\DR6
12:45:14.0168 2236        \Device\Harddisk4\DR6 - ok
12:45:14.0177 2236        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
12:45:18.0647 2236        \Device\Harddisk5\DR5 - ok
12:45:18.0653 2236        Boot (0x1200)  (52f04af99918c91567351ea9df844fda) \Device\Harddisk3\DR3\Partition0
12:45:18.0654 2236        \Device\Harddisk3\DR3\Partition0 - ok
12:45:18.0658 2236        Boot (0x1200)  (6e52c5a0635a2f3cffa86c8a9779b759) \Device\Harddisk3\DR3\Partition1
12:45:18.0659 2236        \Device\Harddisk3\DR3\Partition1 - ok
12:45:18.0663 2236        Boot (0x1200)  (9c663e82fdba2c6f07f00270bd7eb317) \Device\Harddisk0\DR0\Partition0
12:45:18.0664 2236        \Device\Harddisk0\DR0\Partition0 - ok
12:45:18.0681 2236        Boot (0x1200)  (41ec0699c9dfbf87b8dd5e0ff2e87e3a) \Device\Harddisk1\DR1\Partition0
12:45:18.0683 2236        \Device\Harddisk1\DR1\Partition0 - ok
12:45:18.0713 2236        Boot (0x1200)  (42a9fdbc231a558ac61520d4e0b3f7a6) \Device\Harddisk2\DR2\Partition0
12:45:18.0714 2236        \Device\Harddisk2\DR2\Partition0 - ok
12:45:18.0718 2236        Boot (0x1200)  (7a975f142c2ee56036da1d7d2d54c0a2) \Device\Harddisk4\DR6\Partition0
12:45:18.0719 2236        \Device\Harddisk4\DR6\Partition0 - ok
12:45:18.0725 2236        Boot (0x1200)  (db3837faea7ca5d9e06e62eaecb03ed5) \Device\Harddisk5\DR5\Partition0
12:45:18.0728 2236        \Device\Harddisk5\DR5\Partition0 - ok
12:45:18.0728 2236        ============================================================
12:45:18.0729 2236        Scan finished
12:45:18.0729 2236        ============================================================
12:45:18.0765 1600        Detected object count: 1
12:45:18.0765 1600        Actual detected object count: 1
12:45:33.0862 1600        LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
12:45:33.0862 1600        LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:45:42.0368 3168        Deinitialize success

cosinus 21.06.2012 13:31
Code:
12:45:06.0295 2236        NMSAccess32A.exe - ok
Hm, Kaspersky sagt der wäre ok :confused:

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NMSAccess32A.exe]
"ImagePath"=-

Dirlook::
c:\windows\SysWOW64\OEMWARE\API
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Mieserwitz 21.06.2012 14:37
Code:
ComboFix 12-06-21.01 - XXXX 21.06.2012  15:22:38.2.6 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8190.6394 [GMT 2:00]
ausgeführt von:: c:\users\XXXX\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\XXXX\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\temp\swtlib-32\swt-gdip-win32-3707.dll
f:\temp\swtlib-32\swt-win32-3707.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-21 bis 2012-06-21  ))))))))))))))))))))))))))))))
.
.
2012-06-19 07:55 . 2012-06-19 07:55        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-19 07:55 . 2012-06-19 07:55        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-19 07:40 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-19 07:40 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-19 07:40 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-19 07:40 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-19 07:40 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-19 07:40 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-19 07:40 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-19 07:40 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-19 07:40 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-18 13:12 . 2012-06-19 12:34        --------        d-----w-        c:\users\XXXX\AppData\Roaming\Dropbox
2012-06-18 12:43 . 2007-06-15 10:57        59488        ----a-w-        c:\windows\SysWow64\GenSvcInst.exe
2012-06-18 12:43 . 2007-06-15 10:57        145504        ----a-w-        c:\windows\SysWow64\bgsvcgen.exe
2012-06-18 12:43 . 2006-08-25 12:36        39208        ----a-w-        c:\windows\system32\drivers\cdrbsdrv.sys
2012-06-18 12:42 . 2012-06-18 12:42        --------        d-----w-        c:\program files (x86)\Panasonic
2012-06-18 08:53 . 2012-06-18 08:53        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-18 08:53 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-17 17:22 . 2012-06-17 17:22        --------        d-----w-        c:\program files (x86)\Tools&More
2012-06-17 17:21 . 2012-06-17 17:21        --------        d-----w-        c:\windows\Downloaded Installations
2012-06-16 20:27 . 2012-06-16 20:27        --------        d-----w-        c:\users\XXXX\AppData\Local\Google
2012-06-16 18:41 . 2012-06-16 18:47        --------        d-----w-        c:\users\XXXX\AppData\Roaming\Tobit
2012-06-16 18:41 . 2012-06-16 18:41        --------        d-----w-        c:\program files (x86)\Common Files\Tobit
2012-06-16 18:41 . 2012-01-03 09:38        2681344        ----a-w-        c:\windows\SysWow64\dvmsg.dll
2012-06-16 17:18 . 2012-06-16 17:18        --------        d-----w-        c:\users\XXXX\AppData\Local\Macromedia
2012-06-15 16:47 . 2012-06-15 16:47        --------        d-----w-        c:\programdata\Logitech
2012-06-13 17:26 . 2012-04-24 05:37        1462272        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-12 20:50 . 2012-06-13 16:40        --------        d-----w-        c:\program files (x86)\nLite
2012-06-11 14:40 . 2012-06-11 14:40        --------        d-----w-        c:\users\XXXX\AppData\Local\FRITZ!
2012-06-11 14:40 . 2012-06-11 14:40        --------        d-----w-        c:\users\XXXX\AppData\Roaming\FRITZ!
2012-06-07 22:22 . 2012-06-07 22:22        298280        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-06-07 22:15 . 2012-06-07 22:15        --------        d-----w-        c:\users\XXXX\AppData\Local\PunkBuster
2012-06-07 18:33 . 2012-06-07 18:35        --------        d-----w-        c:\program files (x86)\Common Files\Steam
2012-06-07 17:36 . 2012-06-16 21:06        --------        d-----w-        c:\program files (x86)\Common Files\Akamai
2012-06-07 09:38 . 2012-06-07 09:38        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 09:38 . 2012-06-07 09:38        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-05-31 17:25 . 2012-05-31 17:25        --------        d-----w-        c:\windows\Sun
2012-05-31 17:25 . 2012-05-31 17:25        --------        d-----w-        c:\users\XXXX\AppData\Local\Wondershare
2012-05-31 17:25 . 2012-05-31 17:25        --------        d-----w-        c:\program files (x86)\Common Files\Wondershare
2012-05-31 17:25 . 2012-05-31 17:25        --------        d-----w-        c:\program files (x86)\Wondershare
2012-05-31 17:19 . 2012-05-31 17:21        --------        d-----w-        c:\users\XXXX\AppData\Roaming\Ashampoo
2012-05-31 17:18 . 2012-05-31 17:19        --------        d-----w-        c:\users\XXXX\AppData\Local\ashampoo
2012-05-31 17:18 . 2012-05-31 17:18        --------        d-----w-        c:\programdata\ashampoo
2012-05-31 17:18 . 2012-05-31 17:20        --------        d-----w-        c:\program files (x86)\Ashampoo
2012-05-27 18:41 . 2012-05-27 18:41        --------        d-----w-        c:\users\XXXX\AppData\Local\Apps
2012-05-27 10:31 . 2012-05-27 10:43        --------        d-----w-        c:\users\XXXX\AppData\Roaming\ID3-TagIT 3
2012-05-27 10:30 . 2012-05-27 10:30        --------        d-----w-        c:\programdata\ID3-TagIT 3
2012-05-27 10:30 . 2012-05-27 10:30        --------        d-----w-        c:\program files (x86)\ID3-TagIT 3
2012-05-25 19:13 . 2012-05-25 19:13        --------        d-----w-        c:\users\XXXX\AppData\Roaming\CoSoSys
2012-05-25 19:07 . 2012-05-25 19:07        --------        d-----w-        c:\windows\system32\appmgmt
2012-05-22 18:13 . 2012-05-22 18:14        --------        d-----w-        c:\program files (x86)\DVDFab 8 Qt
2012-05-22 18:06 . 2012-05-22 18:14        --------        d-----w-        c:\program files (x86)\Elaborate Bytes
2012-05-22 17:53 . 2012-05-22 17:53        --------        d-----w-        c:\programdata\SlySoft
2012-05-22 17:51 . 2012-05-22 18:13        --------        d-----w-        c:\program files (x86)\SlySoft
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 12:01 . 2012-04-18 18:21        560184        ----a-w-        c:\windows\system32\drivers\sptd.sys
2012-06-15 16:46 . 2012-04-18 18:18        18960        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2012-04-29 12:11 . 2012-04-29 12:11        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-29 12:11 . 2012-04-29 12:11        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-29 12:11 . 2012-04-29 12:11        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-19 14:22 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2012-04-19 14:22 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2012-04-19 02:50 . 2012-04-19 02:50        28480        ----a-w-        c:\windows\system32\drivers\avgidsha.sys
2012-04-18 21:29 . 2011-03-28 16:36        19352        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-18 21:00 . 2012-04-18 21:00        279136        ----a-w-        c:\windows\system32\drivers\afcdp.sys
2012-04-18 21:00 . 2012-04-18 21:00        1263200        ----a-w-        c:\windows\system32\drivers\tdrpm273.sys
2012-04-18 21:00 . 2012-04-18 21:00        970336        ----a-w-        c:\windows\system32\drivers\timntr.sys
2012-04-18 21:00 . 2012-04-18 21:00        277088        ----a-w-        c:\windows\system32\drivers\snapman.sys
2012-04-18 20:57 . 2012-04-18 20:57        637848        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-04-18 20:57 . 2012-04-18 20:57        567696        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-04-18 20:50 . 2012-04-18 20:50        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-18 20:50 . 2012-04-18 20:50        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2012-04-18 20:50 . 2012-04-18 20:50        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2012-04-18 20:50 . 2012-04-18 20:50        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-18 20:50 . 2012-04-18 20:50        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2012-04-18 20:50 . 2012-04-18 20:50        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2012-04-18 20:50 . 2012-04-18 20:50        367104        ----a-w-        c:\windows\SysWow64\html.iec
2012-04-18 20:50 . 2012-04-18 20:50        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2012-04-18 20:50 . 2012-04-18 20:50        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-04-18 20:50 . 2012-04-18 20:50        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2012-04-18 20:50 . 2012-04-18 20:50        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-04-18 20:50 . 2012-04-18 20:50        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2012-04-18 20:50 . 2012-04-18 20:50        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-04-18 20:50 . 2012-04-18 20:50        222208        ----a-w-        c:\windows\system32\msls31.dll
2012-04-18 20:50 . 2012-04-18 20:50        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2012-04-18 20:50 . 2012-04-18 20:50        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2012-04-18 20:50 . 2012-04-18 20:50        12288        ----a-w-        c:\windows\system32\mshta.exe
2012-04-18 20:50 . 2012-04-18 20:50        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2012-04-18 20:50 . 2012-04-18 20:50        114176        ----a-w-        c:\windows\system32\admparse.dll
2012-04-18 20:50 . 2012-04-18 20:50        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2012-04-18 20:50 . 2012-04-18 20:50        49664        ----a-w-        c:\windows\system32\imgutil.dll
2012-04-18 20:50 . 2012-04-18 20:50        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-04-18 20:50 . 2012-04-18 20:50        85504        ----a-w-        c:\windows\system32\iesetup.dll
2012-04-18 20:50 . 2012-04-18 20:50        76800        ----a-w-        c:\windows\system32\tdc.ocx
2012-04-18 20:50 . 2012-04-18 20:50        603648        ----a-w-        c:\windows\system32\vbscript.dll
2012-04-18 20:50 . 2012-04-18 20:50        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-04-18 20:50 . 2012-04-18 20:50        448512        ----a-w-        c:\windows\system32\html.iec
2012-04-18 20:50 . 2012-04-18 20:50        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2012-04-18 20:50 . 2012-04-18 20:50        165888        ----a-w-        c:\windows\system32\iexpress.exe
2012-04-18 20:50 . 2012-04-18 20:50        160256        ----a-w-        c:\windows\system32\wextract.exe
2012-04-18 20:50 . 2012-04-18 20:50        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-04-18 20:50 . 2012-04-18 20:50        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2012-04-18 18:24 . 2012-04-18 18:24        53248        ----a-r-        c:\users\XXXX\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-18 18:15 . 2012-04-18 18:15        521448        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-30 11:35 . 2012-05-12 08:30        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\SysWOW64\OEMWARE\API ----
.
2012-04-18 21:53 . 2011-01-18 10:29        163840        ----a-w-        c:\windows\SysWOW64\OEMWARE\API\OEMPDF.dll
2012-04-18 21:53 . 2010-06-02 09:22        528384        ----a-w-        c:\windows\SysWOW64\OEMWARE\API\OEMFX3.dll
2012-04-18 21:53 . 2011-01-18 09:29        352256        ----a-w-        c:\windows\SysWOW64\OEMWARE\API\OEMBURN2.dll
2012-04-18 21:53 . 2009-01-12 06:15        71096        ----a-w-        c:\windows\SysWOW64\OEMWARE\API\NMSAccess32A.exe
2012-04-18 21:53 . 2009-07-20 01:52        1242552        ----a-w-        c:\windows\SysWOW64\OEMWARE\API\NMSDVDXU.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-06-20_22.24.36  )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-21 13:30 . 2012-06-21 13:30        13330              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-20 22:20 . 2012-06-20 22:20        13330              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-06-20 13:19        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-21 13:31        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-21 13:31        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-20 13:19        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-18 18:31 . 2012-06-21 07:56        34270              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-21 07:56        34340              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-18 17:54 . 2012-06-21 07:56        5810              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-626165826-1394388628-393875434-1000_UserData.bin
- 2012-06-20 22:21 . 2012-06-20 22:21        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-21 13:31 . 2012-06-21 13:31        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-06-20 13:19        409600              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-21 13:31        409600              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:36 . 2012-06-20 15:17        616792              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-21 12:29        616792              c:\windows\system32\perfh009.dat
- 2009-07-14 17:58 . 2012-06-20 15:17        656246              c:\windows\system32\perfh007.dat
+ 2009-07-14 17:58 . 2012-06-21 12:29        656246              c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2012-06-20 15:17        106914              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-21 12:29        106914              c:\windows\system32\perfc009.dat
+ 2009-07-14 17:58 . 2012-06-21 12:29        130620              c:\windows\system32\perfc007.dat
- 2009-07-14 17:58 . 2012-06-20 15:17        130620              c:\windows\system32\perfc007.dat
+ 2009-07-14 05:01 . 2012-06-21 13:30        351496              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-20 22:20        351496              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-18 18:26 . 2012-06-21 13:30        30486072              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-626165826-1394388628-393875434-1000-8192.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 20:55        2068536        ----a-w-        c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
.
c:\users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
jAnrufmonitor 5.0.lnk - c:\eigenes zeug\JAnrufmonitor\jam.exe [2012-1-20 45056]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2012-4-18 3450608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 NMSAccess32A.exe;NMSAccess; [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-04-18 3975088]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-03-23 2321520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET_AMD64.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 11:43        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://web.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
LSP: c:\windows\system32\RSLSP.dll
TCP: DhcpNameServer = 0.0.0.0
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\1x2m12al.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb81d41b4-b00f-474e-8d90-b48a9a577ab9%7D&mid=1233be83bf8247d0ae7e6de783ce5d53-a69f8dc3a8ac24c656c806b689e7ae455e04d966&ds=AVG&v=11.0.0.9&lang=de&pr=pr&d=2012-04-18%2020%3A40%3A27&sap=ku&q=
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-21  15:33:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-21 13:33
ComboFix2.txt  2012-06-20 22:26
.
Vor Suchlauf: 14 Verzeichnis(se), 51.214.925.824 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 51.128.492.032 Bytes frei
.
- - End Of File - - F25BEF7EE518734BB1E761A1323EA970

cosinus 21.06.2012 15:07
Und nochmal, bin mir aber fast sicher, dass das mit irgendeinem Brennprogramm zusammenhängt ;)

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.


Code:
Filelook::
c:\windows\SysWOW64\OEMWARE\API\OEMPDF.dll
c:\windows\SysWOW64\OEMWARE\API\OEMFX3.dll
c:\windows\SysWOW64\OEMWARE\API\OEMBURN2.dll
c:\windows\SysWOW64\OEMWARE\API\NMSAccess32A.exe
c:\windows\SysWOW64\OEMWARE\API\NMSDVDXU.dll
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Mieserwitz 21.06.2012 15:43
Code:
ComboFix 12-06-21.01 - XXXX 21.06.2012  16:24:30.3.6 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8190.6629 [GMT 2:00]
ausgeführt von:: c:\users\XXXX\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\XXXX\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\temp\swtlib-32\swt-gdip-win32-3707.dll
f:\temp\swtlib-32\swt-win32-3707.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-21 bis 2012-06-21  ))))))))))))))))))))))))))))))
.
.
2012-06-19 07:55 . 2012-06-19 07:55        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-19 07:55 . 2012-06-19 07:55        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-19 07:40 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-19 07:40 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-19 07:40 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-19 07:40 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-19 07:40 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-19 07:40 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-19 07:40 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-19 07:40 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-19 07:40 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-18 13:12 . 2012-06-19 12:34        --------        d-----w-        c:\users\XXXX\AppData\Roaming\Dropbox
2012-06-18 12:43 . 2007-06-15 10:57        59488        ----a-w-        c:\windows\SysWow64\GenSvcInst.exe
2012-06-18 12:43 . 2007-06-15 10:57        145504        ----a-w-        c:\windows\SysWow64\bgsvcgen.exe
2012-06-18 12:43 . 2006-08-25 12:36        39208        ----a-w-        c:\windows\system32\drivers\cdrbsdrv.sys
2012-06-18 12:42 . 2012-06-18 12:42        --------        d-----w-        c:\program files (x86)\Panasonic
2012-06-18 08:53 . 2012-06-18 08:53        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-18 08:53 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-17 17:22 . 2012-06-17 17:22        --------        d-----w-        c:\program files (x86)\Tools&More
2012-06-17 17:21 . 2012-06-17 17:21        --------        d-----w-        c:\windows\Downloaded Installations
2012-06-16 20:27 . 2012-06-16 20:27        --------        d-----w-        c:\users\XXXX\AppData\Local\Google
2012-06-16 18:41 . 2012-06-16 18:47        --------        d-----w-        c:\users\XXXX\AppData\Roaming\Tobit
2012-06-16 18:41 . 2012-06-16 18:41        --------        d-----w-        c:\program files (x86)\Common Files\Tobit
2012-06-16 18:41 . 2012-01-03 09:38        2681344        ----a-w-        c:\windows\SysWow64\dvmsg.dll
2012-06-16 17:18 . 2012-06-16 17:18        --------        d-----w-        c:\users\XXXX\AppData\Local\Macromedia
2012-06-15 16:47 . 2012-06-15 16:47        --------        d-----w-        c:\programdata\Logitech
2012-06-13 17:26 . 2012-04-24 05:37        1462272        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-12 20:50 . 2012-06-13 16:40        --------        d-----w-        c:\program files (x86)\nLite
2012-06-11 14:40 . 2012-06-11 14:40        --------        d-----w-        c:\users\XXXX\AppData\Local\FRITZ!
2012-06-11 14:40 . 2012-06-11 14:40        --------        d-----w-        c:\users\XXXX\AppData\Roaming\FRITZ!
2012-06-07 22:22 . 2012-06-07 22:22        298280        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-06-07 22:15 . 2012-06-07 22:15        --------        d-----w-        c:\users\XXXX\AppData\Local\PunkBuster
2012-06-07 18:33 . 2012-06-07 18:35        --------        d-----w-        c:\program files (x86)\Common Files\Steam
2012-06-07 17:36 . 2012-06-16 21:06        --------        d-----w-        c:\program files (x86)\Common Files\Akamai
2012-06-07 09:38 . 2012-06-07 09:38        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 09:38 . 2012-06-07 09:38        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-05-31 17:25 . 2012-05-31 17:25        --------        d-----w-        c:\windows\Sun
2012-05-31 17:25 . 2012-05-31 17:25        --------        d-----w-        c:\users\XXXX\AppData\Local\Wondershare
2012-05-31 17:25 . 2012-05-31 17:25        --------        d-----w-        c:\program files (x86)\Common Files\Wondershare
2012-05-31 17:25 . 2012-05-31 17:25        --------        d-----w-        c:\program files (x86)\Wondershare
2012-05-31 17:19 . 2012-05-31 17:21        --------        d-----w-        c:\users\XXXX\AppData\Roaming\Ashampoo
2012-05-31 17:18 . 2012-05-31 17:19        --------        d-----w-        c:\users\XXXX\AppData\Local\ashampoo
2012-05-31 17:18 . 2012-05-31 17:18        --------        d-----w-        c:\programdata\ashampoo
2012-05-31 17:18 . 2012-05-31 17:20        --------        d-----w-        c:\program files (x86)\Ashampoo
2012-05-27 18:41 . 2012-05-27 18:41        --------        d-----w-        c:\users\XXXX\AppData\Local\Apps
2012-05-27 10:31 . 2012-05-27 10:43        --------        d-----w-        c:\users\XXXX\AppData\Roaming\ID3-TagIT 3
2012-05-27 10:30 . 2012-05-27 10:30        --------        d-----w-        c:\programdata\ID3-TagIT 3
2012-05-27 10:30 . 2012-05-27 10:30        --------        d-----w-        c:\program files (x86)\ID3-TagIT 3
2012-05-25 19:13 . 2012-05-25 19:13        --------        d-----w-        c:\users\XXXX\AppData\Roaming\CoSoSys
2012-05-25 19:07 . 2012-05-25 19:07        --------        d-----w-        c:\windows\system32\appmgmt
2012-05-22 18:13 . 2012-05-22 18:14        --------        d-----w-        c:\program files (x86)\DVDFab 8 Qt
2012-05-22 18:06 . 2012-05-22 18:14        --------        d-----w-        c:\program files (x86)\Elaborate Bytes
2012-05-22 17:53 . 2012-05-22 17:53        --------        d-----w-        c:\programdata\SlySoft
2012-05-22 17:51 . 2012-05-22 18:13        --------        d-----w-        c:\program files (x86)\SlySoft
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 12:01 . 2012-04-18 18:21        560184        ----a-w-        c:\windows\system32\drivers\sptd.sys
2012-06-15 16:46 . 2012-04-18 18:18        18960        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2012-04-29 12:11 . 2012-04-29 12:11        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-04-29 12:11 . 2012-04-29 12:11        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-04-29 12:11 . 2012-04-29 12:11        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-19 14:22 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2012-04-19 14:22 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2012-04-19 02:50 . 2012-04-19 02:50        28480        ----a-w-        c:\windows\system32\drivers\avgidsha.sys
2012-04-18 21:29 . 2011-03-28 16:36        19352        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-18 21:00 . 2012-04-18 21:00        279136        ----a-w-        c:\windows\system32\drivers\afcdp.sys
2012-04-18 21:00 . 2012-04-18 21:00        1263200        ----a-w-        c:\windows\system32\drivers\tdrpm273.sys
2012-04-18 21:00 . 2012-04-18 21:00        970336        ----a-w-        c:\windows\system32\drivers\timntr.sys
2012-04-18 21:00 . 2012-04-18 21:00        277088        ----a-w-        c:\windows\system32\drivers\snapman.sys
2012-04-18 20:57 . 2012-04-18 20:57        637848        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-04-18 20:57 . 2012-04-18 20:57        567696        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-04-18 20:50 . 2012-04-18 20:50        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-04-18 20:50 . 2012-04-18 20:50        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2012-04-18 20:50 . 2012-04-18 20:50        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2012-04-18 20:50 . 2012-04-18 20:50        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2012-04-18 20:50 . 2012-04-18 20:50        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2012-04-18 20:50 . 2012-04-18 20:50        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2012-04-18 20:50 . 2012-04-18 20:50        367104        ----a-w-        c:\windows\SysWow64\html.iec
2012-04-18 20:50 . 2012-04-18 20:50        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2012-04-18 20:50 . 2012-04-18 20:50        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-04-18 20:50 . 2012-04-18 20:50        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2012-04-18 20:50 . 2012-04-18 20:50        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-04-18 20:50 . 2012-04-18 20:50        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2012-04-18 20:50 . 2012-04-18 20:50        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-04-18 20:50 . 2012-04-18 20:50        222208        ----a-w-        c:\windows\system32\msls31.dll
2012-04-18 20:50 . 2012-04-18 20:50        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2012-04-18 20:50 . 2012-04-18 20:50        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2012-04-18 20:50 . 2012-04-18 20:50        12288        ----a-w-        c:\windows\system32\mshta.exe
2012-04-18 20:50 . 2012-04-18 20:50        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2012-04-18 20:50 . 2012-04-18 20:50        114176        ----a-w-        c:\windows\system32\admparse.dll
2012-04-18 20:50 . 2012-04-18 20:50        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2012-04-18 20:50 . 2012-04-18 20:50        49664        ----a-w-        c:\windows\system32\imgutil.dll
2012-04-18 20:50 . 2012-04-18 20:50        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-04-18 20:50 . 2012-04-18 20:50        85504        ----a-w-        c:\windows\system32\iesetup.dll
2012-04-18 20:50 . 2012-04-18 20:50        76800        ----a-w-        c:\windows\system32\tdc.ocx
2012-04-18 20:50 . 2012-04-18 20:50        603648        ----a-w-        c:\windows\system32\vbscript.dll
2012-04-18 20:50 . 2012-04-18 20:50        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-04-18 20:50 . 2012-04-18 20:50        448512        ----a-w-        c:\windows\system32\html.iec
2012-04-18 20:50 . 2012-04-18 20:50        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2012-04-18 20:50 . 2012-04-18 20:50        165888        ----a-w-        c:\windows\system32\iexpress.exe
2012-04-18 20:50 . 2012-04-18 20:50        160256        ----a-w-        c:\windows\system32\wextract.exe
2012-04-18 20:50 . 2012-04-18 20:50        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-04-18 20:50 . 2012-04-18 20:50        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2012-04-18 18:24 . 2012-04-18 18:24        53248        ----a-r-        c:\users\XXXX\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-04-18 18:15 . 2012-04-18 18:15        521448        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-30 11:35 . 2012-05-12 08:30        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\SysWOW64\OEMWARE\API\NMSAccess32A.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 71096
Created time: 2012-04-18 21:53
Modified time: 2009-01-12 06:15
MD5: AFAE2AB36CE33749D174D54FB1B68D15
SHA1: 862B0C633620908A559D801C9FD11B750B63F24F
.
.
--- c:\windows\SysWOW64\OEMWARE\API\NMSDVDXU.dll ---
Company: NuMedia Soft, Inc.
File Description: NMS DVD Burning SDK - ActiveX Edition
File Version: 1, 0, 1, 4
Product Name: NMS DVD Burning SDK - ActiveX Edition
Copyright: Copyright 2009 - Numedia Soft, Inc.
Original Filename: NMSDVDX.DLL
File size: 1242552
Created time: 2012-04-18 21:53
Modified time: 2009-07-20 01:52
MD5: E8DF0C02268DB9B9CB97BBF31C76EB87
SHA1: 95C436F2C8F33D23E7922CC2CE280A58D2FCC522
.
.
--- c:\windows\SysWOW64\OEMWARE\API\OEMBURN2.dll ---
Company: OEMWARE®
File Description: OEM Brenn Engine
File Version: 2.09.0013
Product Name: OEMBURN2
Copyright: OEMWARE®
Original Filename: OEMBURN2.dll
File size: 352256
Created time: 2012-04-18 21:53
Modified time: 2011-01-18 09:29
MD5: 52750C8C5AC1ABDCD1D9F0CA90B3F658
SHA1: 29AB71D2619FFCE2BAA5E71C3E2076B1F4D745B4
.
.
--- c:\windows\SysWOW64\OEMWARE\API\OEMFX3.dll ---
Company: OEMWARE
File Description: rhvFibu API
File Version: 2.09.0009
Product Name: OEMFX3
Copyright: 2010, OEMWARE
Original Filename: OEMFX3.dll
File size: 528384
Created time: 2012-04-18 21:53
Modified time: 2010-06-02 09:22
MD5: D951EE71E4ED5A5F7F6E320319CCB832
SHA1: 9F59E4FFBA0856A367C22DBF67442C84C5597B05
.
.
--- c:\windows\SysWOW64\OEMWARE\API\OEMPDF.dll ---
Company: OEMWARE
File Description: PDF View and Print
File Version: 2.09.0013
Product Name: OEMPDF
Copyright: OEMWARE
Original Filename: OEMPDF.dll
File size: 163840
Created time: 2012-04-18 21:53
Modified time: 2011-01-18 10:29
MD5: A97842D3946CE596D76BDF26DE559D84
SHA1: 6555F4FF1221E482C32EEC4A81A822CD0C37DB40
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-06-20_22.24.36  )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-21 14:31 . 2012-06-21 14:31        13330              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-20 22:20 . 2012-06-20 22:20        13330              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-06-20 13:19        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-21 13:31        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-21 13:31        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-20 13:19        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-18 18:31 . 2012-06-21 13:38        34366              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-21 13:38        34364              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-18 17:54 . 2012-06-21 13:38        5980              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-626165826-1394388628-393875434-1000_UserData.bin
- 2012-06-20 22:21 . 2012-06-20 22:21        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-21 14:32 . 2012-06-21 14:32        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-06-20 13:19        409600              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-21 13:31        409600              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:36 . 2012-06-20 15:17        616792              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-21 13:57        616792              c:\windows\system32\perfh009.dat
- 2009-07-14 17:58 . 2012-06-20 15:17        656246              c:\windows\system32\perfh007.dat
+ 2009-07-14 17:58 . 2012-06-21 13:57        656246              c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2012-06-20 15:17        106914              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-21 13:57        106914              c:\windows\system32\perfc009.dat
+ 2009-07-14 17:58 . 2012-06-21 13:57        130620              c:\windows\system32\perfc007.dat
- 2009-07-14 17:58 . 2012-06-20 15:17        130620              c:\windows\system32\perfc007.dat
+ 2009-07-14 05:01 . 2012-06-21 14:31        351496              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-20 22:20        351496              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-18 18:26 . 2012-06-21 14:31        30486072              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-626165826-1394388628-393875434-1000-8192.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-12 20:55        2068536        ----a-w-        c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        94208        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-12 1104440]
.
c:\users\XXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
jAnrufmonitor 5.0.lnk - c:\eigenes zeug\JAnrufmonitor\jam.exe [2012-1-20 45056]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2012-4-18 3450608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 NMSAccess32A.exe;NMSAccess; [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-16 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-04-18 3975088]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-03-23 2321520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\DRIVERS\SkyNET_AMD64.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 11:43        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32        97792        ----a-w-        c:\users\XXXX\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://web.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
LSP: c:\windows\system32\RSLSP.dll
TCP: DhcpNameServer = 0.0.0.0
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
FF - ProfilePath - c:\users\XXXX\AppData\Roaming\Mozilla\Firefox\Profiles\1x2m12al.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb81d41b4-b00f-474e-8d90-b48a9a577ab9%7D&mid=1233be83bf8247d0ae7e6de783ce5d53-a69f8dc3a8ac24c656c806b689e7ae455e04d966&ds=AVG&v=11.0.0.9&lang=de&pr=pr&d=2012-04-18%2020%3A40%3A27&sap=ku&q=
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\bgsvcgen.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-21  16:34:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-21 14:34
ComboFix2.txt  2012-06-20 22:26
.
Vor Suchlauf: 14 Verzeichnis(se), 51.217.514.496 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 51.123.740.672 Bytes frei
.
- - End Of File - - 11F509125EB4D8E190103138F1DCFA57
Muß jetzt mal kurz weg. Nicht wundern dass es länger dauert.

cosinus 21.06.2012 18:30
Ich denke du kannst aufatmen, GMER zeigt diese Datei zwar als Rootkit an, aber das wird nichts Böses sein :)

Über die MD5-Prüfsumme von CF:

Code:
--- c:\windows\SysWOW64\OEMWARE\API\NMSAccess32A.exe ---
Created time: 2012-04-18 21:53
Modified time: 2009-01-12 06:15
MD5: AFAE2AB36CE33749D174D54FB1B68D15
SHA1: 862B0C633620908A559D801C9FD11B750B63F24F
Konnte ich diese Datei eindeutig bei Virustotal indentifizieren => https://www.virustotal.com/file/c674...f383/analysis/

Code:
SHA256 : c6740acf9dcb9d7140dc714b41ec315eb9478df26919863d2ed3c87e54dff383
SHA1  : 862b0c633620908a559d801c9fd11b750b63f24f
MD5    : afae2ab36ce33749d174d54fb1b68d15
File size:        69.4 KB ( 71096 bytes )
File name:        NMSAccess32A.exe
File type:        Win32 EXE
Detection ratio:        0 / 43
Analysis date:        2012-03-19 21:29:25 UTC ( 3 Monate ago )

Die Datei stammt von

Code:
signers..................: Numedia Soft, Inc.
                          Thawte Code Signing CA
                          Thawte Premium Server CA
signing date.............: 6:37 PM 1/9/20099

Mieserwitz 21.06.2012 19:46
Super.
Dankeschön.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:46 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131