Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI (https://www.trojaner-board.de/117543-avira-meldet-w32-patched-ua-tr-atraps-gen2-tr-small-fi.html)

kjkjjj1108 18.06.2012 15:41
Avira meldet W32/Patched.UA TR/ATRAPS.Gen2 und TR/Small.FI
 
Hallo liebe Helfer in der Not,

seit Donnerstag letzter Woche meldet AVIRA (wie bei so vielen anderen hier auf dem board) in kurzen Abständen die Funde "W32/Patched.UA", "TR/ATRAPS.Gen2" und "TR/Small.FI".
Ich bin sehr froh, dass ich Euch gefunden habe und hoffe, Ihr könnt mir helfen. Damit dieses auch möglich ist, habe ich mich sklavisch an die Anweisungen gehalten und poste jetzt hier die Ergebnisse meiner SCANS:

AVIRA
Code:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 18. Juni 2012  09:48

Es wird nach 3844536 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows (TM) Vista Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : MEPHISTO

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE    : 12.3.0.15    466896 Bytes  08.05.2012 17:53:26
AVSCAN.DLL    : 12.3.0.15      66256 Bytes  08.05.2012 17:53:25
LUKE.DLL      : 12.3.0.15      68304 Bytes  08.05.2012 17:53:40
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 17:53:43
AVREG.DLL      : 12.3.0.17    232200 Bytes  10.05.2012 18:39:42
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 08:24:16
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 09:20:19
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 09:28:26
VBASE005.VDF  : 7.11.29.136  2166272 Bytes  10.05.2012 18:39:39
VBASE006.VDF  : 7.11.29.137    2048 Bytes  10.05.2012 18:39:39
VBASE007.VDF  : 7.11.29.138    2048 Bytes  10.05.2012 18:39:40
VBASE008.VDF  : 7.11.29.139    2048 Bytes  10.05.2012 18:39:40
VBASE009.VDF  : 7.11.29.140    2048 Bytes  10.05.2012 18:39:40
VBASE010.VDF  : 7.11.29.141    2048 Bytes  10.05.2012 18:39:40
VBASE011.VDF  : 7.11.29.142    2048 Bytes  10.05.2012 18:39:40
VBASE012.VDF  : 7.11.29.143    2048 Bytes  10.05.2012 18:39:40
VBASE013.VDF  : 7.11.29.144    2048 Bytes  10.05.2012 18:39:40
VBASE014.VDF  : 7.11.30.3    198144 Bytes  14.05.2012 17:56:08
VBASE015.VDF  : 7.11.30.69    186368 Bytes  17.05.2012 17:56:12
VBASE016.VDF  : 7.11.30.143  223744 Bytes  21.05.2012 17:56:19
VBASE017.VDF  : 7.11.30.207  287744 Bytes  23.05.2012 17:56:32
VBASE018.VDF  : 7.11.31.57    188416 Bytes  28.05.2012 17:56:39
VBASE019.VDF  : 7.11.31.111  214528 Bytes  30.05.2012 09:24:38
VBASE020.VDF  : 7.11.31.151  116736 Bytes  31.05.2012 09:24:38
VBASE021.VDF  : 7.11.31.205  134144 Bytes  03.06.2012 13:29:29
VBASE022.VDF  : 7.11.32.9    169472 Bytes  05.06.2012 07:49:22
VBASE023.VDF  : 7.11.32.85    155648 Bytes  08.06.2012 19:00:48
VBASE024.VDF  : 7.11.32.133  127488 Bytes  11.06.2012 19:45:46
VBASE025.VDF  : 7.11.32.171  182784 Bytes  12.06.2012 19:45:51
VBASE026.VDF  : 7.11.32.251  119296 Bytes  14.06.2012 11:45:43
VBASE027.VDF  : 7.11.32.252    2048 Bytes  14.06.2012 11:45:43
VBASE028.VDF  : 7.11.32.253    2048 Bytes  14.06.2012 11:45:43
VBASE029.VDF  : 7.11.32.254    2048 Bytes  14.06.2012 11:45:43
VBASE030.VDF  : 7.11.32.255    2048 Bytes  14.06.2012 11:45:44
VBASE031.VDF  : 7.11.33.62    105472 Bytes  18.06.2012 07:45:39
Engineversion  : 8.2.10.92
AEVDF.DLL      : 8.1.2.8      106867 Bytes  03.06.2012 09:24:45
AESCRIPT.DLL  : 8.1.4.26      450939 Bytes  15.06.2012 11:47:18
AESCN.DLL      : 8.1.8.2      131444 Bytes  30.01.2012 10:20:48
AESBX.DLL      : 8.2.5.12      606578 Bytes  15.06.2012 11:47:30
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL    : 8.2.16.18    807287 Bytes  15.06.2012 11:47:09
AEOFFICE.DLL  : 8.1.2.36      201082 Bytes  15.06.2012 11:46:55
AEHEUR.DLL    : 8.1.4.46    4923767 Bytes  15.06.2012 11:46:53
AEHELP.DLL    : 8.1.21.0      254326 Bytes  11.05.2012 18:39:29
AEGEN.DLL      : 8.1.5.30      422261 Bytes  15.06.2012 11:45:48
AEEXP.DLL      : 8.1.0.52      82293 Bytes  15.06.2012 11:47:30
AEEMU.DLL      : 8.1.3.0      393589 Bytes  01.09.2011 21:46:01
AECORE.DLL    : 8.1.25.10    201080 Bytes  03.06.2012 09:24:39
AEBB.DLL      : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 17:53:17
AVPREF.DLL    : 12.3.0.15      51920 Bytes  08.05.2012 17:53:25
AVREP.DLL      : 12.3.0.15    179208 Bytes  08.05.2012 17:53:43
AVARKT.DLL    : 12.3.0.15    211408 Bytes  08.05.2012 17:53:21
AVEVTLOG.DLL  : 12.3.0.15    169168 Bytes  08.05.2012 17:53:24
SQLITE3.DLL    : 3.7.0.1      398288 Bytes  08.05.2012 17:53:42
AVSMTP.DLL    : 12.3.0.15      63440 Bytes  08.05.2012 17:53:28
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 17:53:40
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 17:53:17
RCTEXT.DLL    : 12.3.0.15      98512 Bytes  08.05.2012 17:53:18

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+SPR,

Beginn des Suchlaufs: Montag, 18. Juni 2012  09:48

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Adobe
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\ADOBE SYSTEMS
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Agfa
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\C07ft5Y
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\CyberLink
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\DivXNetworks
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DownloadManager
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\EmbedExtnToClsidMappings
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Jet
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\MediaPlayer
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\RAS AutoDial
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Works
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Nokia
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\RIS
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\S3R521
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
Versteckter Treiber
  [HINWEIS]  Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpntray.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'GarminLifetime.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'WebcamDell.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVDDXSrv.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'DataSafeOnline.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '144' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTLite.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'Toaster.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'DSUpd.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'STSERVICE.EXE' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftservice.EXE' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsswd.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsssrv.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpnas.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'DockLogin.exe' - '22' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Windows\Sysnative\drivers\sptd.sys
  [WARNUNG]  Die Datei konnte nicht geöffnet werden!
Die Registry wurde durchsucht ( '3736' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
C:\DELL\j156m\factory\common_64_SM.7z
  [WARNUNG]  Der Archivheader ist defekt
C:\DELL\j156m\factory\common_PF2.7z
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\Program Files (x86)\Activision\Wolfenstein\SP\base\assets.pk4
  [WARNUNG]  Unerwartetes Dateiende erreicht
C:\Program Files (x86)\Activision\Wolfenstein\SP\base\shaders.pk4
  [WARNUNG]  Unerwartetes Dateiende erreicht
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\Users\* * *\Desktop\avira_free_antivirus_de.exe
  [WARNUNG]  Die Datei ist kennwortgeschützt
C:\Users\* * *\Desktop\HSS-2.07-install-resell3-306-conduit.exe
  [WARNUNG]  Die Version dieses Archives wird nicht unterstützt
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@
  [FUND]      Ist das Trojanische Pferd TR/Small.FI
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen2
C:\Windows\System32\services.exe
  [FUND]      Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA
Beginne mit der Suche in 'D:\' <RECOVERY>

Beginne mit der Desinfektion:
C:\Windows\System32\services.exe
  [FUND]      Enthält Erkennungsmuster des Windows-Virus W32/Patched.UA
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 55055eca.qua erstellt ( QUARANTÄNE )
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen2
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4dcc76d8.qua' verschoben!
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@
  [FUND]      Ist das Trojanische Pferd TR/Small.FI
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1f932c30.qua' verschoben!


Ende des Suchlaufs: Montag, 18. Juni 2012  11:58
Benötigte Zeit:  2:08:02 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  49476 Verzeichnisse wurden überprüft
 739565 Dateien wurden geprüft
      3 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      3 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      1 Dateien konnten nicht durchsucht werden
 739561 Dateien ohne Befall
  7201 Archive wurden durchsucht
      8 Warnungen
    24 Hinweise
 1110337 Objekte wurden beim Rootkitscan durchsucht
    21 Versteckte Objekte wurden gefunden

Malwarebyte
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.18.03

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
* * * :: MEPHISTO [Administrator]

Schutz: Aktiviert

18.06.2012 12:05:49
mbam-log-2012-06-18 (15-46-16).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 469317
Laufzeit: 3 Stunde(n), 18 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)
OTL.txt
Code:
OTL logfile created on: 18.06.2012 15:56:04 - Run 1
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Users\* * *\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,92% Memory free
8,16 Gb Paging File | 6,06 Gb Available in Paging File | 74,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 38,78 Gb Free Space | 13,68% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 6,79 Gb Free Space | 46,35% Space Free | Partition Type: NTFS
 
Computer Name: MEPHISTO | User Name: * * * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.18 15:55:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\* * *\Desktop\OTL.exe
PRC - [2012.06.14 12:52:26 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012.05.08 19:53:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:53:24 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 19:53:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.07 03:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2012.01.06 20:36:14 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.01.06 16:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2012.01.05 01:02:02 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012.01.05 01:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011.11.08 12:11:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.11.08 12:11:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.01.13 21:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011.01.13 21:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
PRC - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.11.11 18:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008.05.23 21:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.15 22:28:31 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\592a9a12b07b624764df2eca289116d1\System.Web.Services.ni.dll
MOD - [2012.06.15 22:09:19 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 12:19:20 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.06.14 12:18:49 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.06.14 12:18:41 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012.06.14 12:18:22 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.06.14 12:18:19 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012.06.14 11:59:03 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.14 11:58:42 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.14 11:57:50 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.06.03 13:03:51 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012.06.03 12:04:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.06.03 11:23:26 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.06.03 11:22:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0b56e0ea0a4fca560a68607afae65ac9\System.Core.ni.dll
MOD - [2012.06.03 11:21:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.06.03 11:21:03 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.06.03 11:20:57 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.06.03 11:20:43 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.05.29 21:08:31 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012.05.29 20:32:50 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012.05.29 20:28:34 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.29 20:28:15 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a8079623eab0ba9e106436885a0281d\System.Xml.Linq.ni.dll
MOD - [2012.05.29 20:28:13 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.05.29 20:22:22 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.05.29 20:22:21 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\8ec275d60f23035b499a67037212ef4f\System.Security.ni.dll
MOD - [2012.05.29 20:22:14 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.05.29 20:22:02 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.05.29 20:21:49 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012.01.07 03:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2012.01.06 20:38:08 | 000,009,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2011.11.27 20:07:07 | 000,115,137 | ---- | M] () -- C:\Users\* * *\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
MOD - [2011.11.08 12:11:56 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.01.13 21:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
MOD - [2011.01.13 21:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011.01.13 21:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011.01.13 21:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011.01.13 21:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011.01.13 21:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011.01.13 21:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011.01.13 21:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011.01.13 21:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
MOD - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009.11.13 17:15:00 | 000,365,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll
MOD - [2009.11.13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009.11.13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009.11.13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009.11.13 17:15:00 | 000,046,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll
MOD - [2009.11.13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
MOD - [2009.04.09 23:29:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009.03.29 21:40:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.29 21:40:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.03.19 18:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009.03.19 18:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008.12.21 20:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008.11.26 23:45:44 | 000,918,528 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2012.06.14 12:52:27 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 19:53:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:53:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.06 20:39:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2012.01.06 20:36:14 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.01.05 01:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.01.05 01:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 19:53:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 19:53:42 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss)
DRV:64bit: - [2011.02.28 23:36:54 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.01.03 10:38:36 | 000,145,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.05.15 20:50:33 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.06 18:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009.04.10 22:39:38 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser)
DRV:64bit: - [2009.04.10 22:03:34 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.03.19 18:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.03.06 08:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008.12.21 20:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008.12.16 18:56:52 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008.11.26 23:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008.11.26 23:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008.11.25 16:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.10.28 17:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008.10.07 19:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2008.09.15 19:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008.09.15 19:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008.09.15 19:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008.02.25 10:59:14 | 000,112,512 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2008.01.21 04:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007.11.14 10:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006.11.01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV - [2011.05.12 20:10:40 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.berlin.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {8A98EB80-7689-498B-B39E-4BE93D32F3AB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{8A98EB80-7689-498B-B39E-4BE93D32F3AB}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EPSON BX300F Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_SF814.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON BX300F Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_S2B63.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {30A3CCA5-F34C-4E87-BB57-5A2F2C935E14} file:///E:/CDVIEWER/CdViewer.cab (AMI DicomDir TreeView Control 2.0)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F040E6-32BA-49E5-A291-E98C7A3EE46A}: NameServer = 150.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F06AA57A-B93B-4C3C-8287-D83B1100F386}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\* * *\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\* * *\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.13 10:54:38 | 000,000,000 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{283ef8a8-9d5d-11de-9546-002219f779e2}\Shell\AutoRun\command - "" = F:\.\MigWiz\migsetup.exe
O33 - MountPoints2\{2bd949b1-933a-11de-abd8-002219f779e2}\Shell\AutoRun\command - "" = F:\.\dae_player.exe
O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\AutoRun\command - "" = •Ë
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\explore\Command - "" = RECYCLER\INFO.exe
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\open\Command - "" = RECYCLER\INFO.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.18 15:55:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\* * *\Desktop\OTL.exe
[2012.06.15 20:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.15 19:35:29 | 000,000,000 | ---D | C] -- C:\Users\* * *\AppData\Roaming\Malwarebytes
[2012.06.15 19:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.15 19:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.15 19:35:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.15 19:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.13 11:37:14 | 000,000,000 | ---D | C] -- C:\Users\* * *\Desktop\20120613dawanda
[2012.06.11 14:24:25 | 000,000,000 | ---D | C] -- C:\Users\* * *\Documents\Beihilfe
[2012.06.03 11:45:06 | 000,000,000 | ---D | C] -- C:\Users\* * *\Documents\Gebrauchsanweisungen Babysitter
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.18 15:58:17 | 001,454,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.18 15:58:17 | 000,632,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.18 15:58:17 | 000,599,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.18 15:58:17 | 000,127,714 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.18 15:58:17 | 000,105,164 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.18 15:55:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\* * *\Desktop\OTL.exe
[2012.06.18 15:51:06 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.18 15:51:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 15:51:02 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.18 15:50:54 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.06.18 15:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.18 15:50:42 | 4289,576,960 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.18 15:49:27 | 000,000,188 | ---- | M] () -- C:\Users\* * *\defogger_reenable
[2012.06.18 15:28:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.18 15:21:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.15 22:03:00 | 000,405,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.15 19:35:21 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.14 13:04:01 | 000,000,732 | ---- | M] () -- C:\Users\* * *\AppData\Local\d3d9caps64.dat
[2012.06.13 11:55:33 | 000,144,896 | ---- | M] () -- C:\Users\* * *\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.12 12:22:58 | 000,011,523 | ---- | M] () -- C:\Users\* * *\Desktop\100.jpg
[2012.06.11 10:20:08 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
 
========== Files Created - No Company Name ==========
 
[2012.06.18 15:49:27 | 000,000,188 | ---- | C] () -- C:\Users\* * *\defogger_reenable
[2012.06.18 15:48:46 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\80000000.@
[2012.06.18 11:58:39 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@
[2012.06.18 11:58:38 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@
[2012.06.15 19:35:21 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.12 12:23:12 | 000,011,523 | ---- | C] () -- C:\Users\* * *\Desktop\100.jpg
[2012.01.13 22:29:17 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\@
[2012.01.13 22:29:17 | 000,002,048 | -HS- | C] () -- C:\Users\* * *\AppData\Local\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\@
[2011.12.13 17:53:03 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.12.13 17:53:02 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.12.13 17:53:02 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.12.13 17:53:02 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.12.13 17:53:02 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.12.13 17:53:02 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.12.13 17:53:02 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.12.13 17:53:02 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.12.13 17:53:02 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.12.13 17:53:02 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.12.13 17:53:02 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.12.13 17:53:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.12.13 17:53:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.12.13 17:53:02 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.12.13 17:53:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.12.13 17:53:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.12.13 17:53:02 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.12.13 17:53:02 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.12.13 17:53:02 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.12.13 17:51:37 | 000,000,025 | ---- | C] () -- C:\Windows\CDEBX300DEFGIPS.ini
[2011.12.08 17:55:07 | 000,000,732 | ---- | C] () -- C:\Users\* * *\AppData\Local\d3d9caps64.dat
[2011.11.13 10:43:16 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2011.11.13 10:43:16 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2011.11.13 10:43:15 | 000,559,104 | ---- | C] () -- C:\Windows\SysWow64\lame.exe
[2011.11.13 10:43:15 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.11.13 10:43:12 | 000,693,765 | ---- | C] () -- C:\Users\* * *\AppData\Roaming\unins000.exe
[2011.11.13 10:43:12 | 000,007,900 | ---- | C] () -- C:\Users\* * *\AppData\Roaming\unins000.dat
[2011.11.02 19:48:53 | 000,000,000 | ---- | C] () -- C:\Users\* * *\AppData\Local\{29BC51ED-79B0-47D1-B13C-F2FA9DD19CFE}
[2011.05.29 10:53:14 | 000,038,443 | ---- | C] () -- C:\Users\* * *\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.03.02 23:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.03.02 23:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.02 23:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.02 23:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.02 23:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== LOP Check ==========
 
[2011.11.13 10:44:02 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\concept design
[2011.12.30 17:12:55 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\DAEMON Tools Lite
[2011.12.13 17:59:12 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\EPSON
[2010.09.03 18:08:36 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\FileZilla
[2012.03.25 10:40:25 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\GARMIN
[2011.09.18 22:55:35 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\MyPhoneExplorer
[2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Nokia
[2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Nokia Ovi Suite
[2010.03.28 20:08:37 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\PC Suite
[2011.03.06 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\PCDr
[2011.05.29 11:11:58 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Samsung
[2009.10.28 22:33:49 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Template
[2009.10.11 17:00:24 | 000,000,000 | ---D | M] -- C:\Users\* * *\AppData\Roaming\Thunderbird
[2012.06.11 10:20:08 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.18 15:49:57 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.18 15:50:54 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 

< End of report >
OTL Extras

Code:
OTL Extras logfile created on: 18.06.2012 15:56:04 - Run 1
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Users\* * *\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,35 Gb Available Physical Memory | 58,92% Memory free
8,16 Gb Paging File | 6,06 Gb Available in Paging File | 74,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 38,78 Gb Free Space | 13,68% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 6,79 Gb Free Space | 46,35% Space Free | Partition Type: NTFS
 
Computer Name: MEPHISTO | User Name: * * * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 95 78 CE FD CF D6 CA 01  [binary data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E87F997C-3E93-6DAD-1AE6-619002BA9623}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem  (05/22/2008 7.00.0.1)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem  (05/22/2008 3.8)
"CCleaner" = CCleaner
"Creative OA008" = Integrated Webcam Driver (1.04.01.0601) 
"Dell Support Center" = Dell Support Center
"EPSON BX300F Series" = EPSON BX300F Series Printer Uninstall
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MyDefrag v4.3.1_is1" = MyDefrag v4.3.1
"SynTPDeinstKey" = Dell Touchpad
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0CE69E03-1021-EB74-0836-C706CADC213A}" = Catalyst Control Center Localization Korean
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{0E13CAA3-B5FC-48C0-AA4A-26F5CD0C371C}" = Garmin Lifetime Updater
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15F7FA6D-8FC5-08FD-2727-8AE6811A2A0D}" = CCC Help Russian
"{180BEABD-453E-4047-96B4-4F86EE605589}" = CCC Help Danish
"{181A0114-24D5-9E74-0138-4C8C27ED3EAC}" = Catalyst Control Center Graphics Light
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1E5196FA-47EF-F0C7-847B-960F3349E9B5}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2094F083-B28B-AFFD-4075-49E803BE17B7}" = CCC Help Italian
"{2116C03A-7111-9669-8009-9FD7F5AABA20}" = Catalyst Control Center Graphics Full New
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23467AA2-058A-1064-40C5-E0E0533C2D7D}" = Catalyst Control Center Localization French
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 29
"{26B29DE2-7759-F8BB-FB10-98142B343C8C}" = CCC Help Korean
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{2FB28284-51D3-C991-3940-694B1B629F2B}" = Catalyst Control Center Localization German
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3945F4B5-0FAD-38E3-B39B-2F497550C847}" = CCC Help French
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F6107B9-D211-EBCC-EA41-BD2FAC156A23}" = Catalyst Control Center Localization Japanese
"{3FD8C713-B1D5-D973-5351-50A918C02749}" = Catalyst Control Center Core Implementation
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{586DD9D2-09B2-D1DB-AD2A-95194A771C49}" = CCC Help Dutch
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C16A05F-C202-578A-108C-AFA4D9167CCC}" = Catalyst Control Center Localization Spanish
"{6C6D7326-770A-812B-B104-442F71A826F8}" = Catalyst Control Center Localization Russian
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EA1C352-4D16-5A9F-7751-D7AE08AA7F63}" = Catalyst Control Center Localization Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72085899-3540-2F67-F5C7-46FF826A235F}" = CCC Help German
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74622EDD-7879-3185-976D-A6098420D889}" = CCC Help Portuguese
"{7505BBE5-CB0C-5027-1228-15CC7C26C4C3}" = CCC Help English
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76C4BA9A-BFA5-151D-8A39-AA0E74041F83}" = Catalyst Control Center Localization Danish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A5C01F-E04C-9616-2E3D-D78CF889712B}" = Catalyst Control Center Graphics Full Existing
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79D34E3B-8826-170B-8B3D-A9CD9C2D28F5}" = ccc-core-static
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CDF0744-7A0D-961B-3695-49756E822FC4}" = Catalyst Control Center Localization Swedish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8247BD1D-C258-DBEE-3225-B9F0214763AB}" = CCC Help Japanese
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92491D2C-D9E9-5FDD-64CD-82D5688872A9}" = Catalyst Control Center Localization Italian
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EF77B2D-FF26-9237-BBAB-127110FD65CC}" = Catalyst Control Center Localization Portuguese
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACB08AF2-DFE9-C179-8BC9-E3209F3EBC28}" = CCC Help Chinese Traditional
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BB5F88FC-5D66-9316-0E48-E411941A8A74}" = Catalyst Control Center Graphics Previews Vista
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C17280C4-8BF2-946A-9C51-EEB2CD216D89}" = Catalyst Control Center Graphics Previews Common
"{C5D85C24-A56B-6954-77F1-B25A4B4E7B52}" = CCC Help Spanish
"{C8C5CE76-860E-B5FA-27EA-C52C74DDBD2D}" = Catalyst Control Center Localization Finnish
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDCFA0B9-06DA-C47E-2CF1-37C5F25DF753}" = Catalyst Control Center InstallProxy
"{D071B7C5-07A2-D000-05B8-2DE6A63249D9}" = Catalyst Control Center Localization Norwegian
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D2D3882A-3624-2963-EA08-27589DBCEF8A}" = CCC Help Norwegian
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8E8C42E-E817-C7DA-1A81-BFD8388B4014}" = CCC Help Swedish
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{EFD537AE-0530-8887-DC9C-433E113547D7}" = Catalyst Control Center Localization Chinese Standard
"{F081ED08-77AE-8019-D554-904EF4F88FC1}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F133ACD4-CFCF-BADD-4AC5-9408E2E7FD74}" = Catalyst Control Center Localization Dutch
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FB56BF24-6AB9-AC55-5B7A-D3657D2F4A38}" = Skins
"{FF6E1E83-CD7F-49E9-AE8C-D9804372D1FC}_is1" = CD goes MP3 7 Platinum
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"Company of Heroes" = Company of Heroes - Opposing Fronts
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DivX Content Uploader" = DivX Content Uploader
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON Stylus Office BX300F_TX300F Benutzerhandbuch" = EPSON Stylus Office BX300F_TX300F Handbuch
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HotspotShield" = Hotspot Shield 2.24
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mobile Partner" = Mobile Partner
"MPE" = MyPhoneExplorer
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.01.2012 08:15:02 | Computer Name = mephisto | Source = Windows Search Service | ID = 3013
Description =
 
Error - 09.01.2012 17:56:38 | Computer Name = mephisto | Source = EventSystem | ID = 4621
Description =
 
Error - 13.01.2012 16:21:14 | Computer Name = mephisto | Source = WinMgmt | ID = 10
Description =
 
Error - 13.01.2012 16:32:02 | Computer Name = mephisto | Source = Perflib | ID = 1010
Description =
 
Error - 13.01.2012 16:32:04 | Computer Name = mephisto | Source = Perflib | ID = 1008
Description =
 
Error - 13.01.2012 19:45:34 | Computer Name = mephisto | Source = EventSystem | ID = 4621
Description =
 
Error - 15.01.2012 09:47:57 | Computer Name = mephisto | Source = WinMgmt | ID = 10
Description =
 
Error - 15.01.2012 15:13:39 | Computer Name = mephisto | Source = WinMgmt | ID = 10
Description =
 
Error - 15.01.2012 15:22:05 | Computer Name = mephisto | Source = Perflib | ID = 1010
Description =
 
Error - 15.01.2012 15:22:06 | Computer Name = mephisto | Source = Perflib | ID = 1008
Description =
 
[ Broadcom Wireless LAN Events ]
Error - 26.04.2012 06:17:07 | Computer Name = mephisto | Source = WLAN-Tray | ID = 0
Description = 12:17:06, Thu, Apr 26, 12 Error - Unable to gain access to user store

 
[ Dell Events ]
Error - 21.01.2012 07:41:46 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 21.01.2012 07:43:53 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 21.01.2012 07:43:53 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 21.01.2012 07:48:55 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 21.01.2012 07:48:55 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 25.01.2012 12:52:24 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 25.01.2012 12:52:24 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 30.03.2012 13:10:07 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 30.03.2012 13:10:07 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
Error - 02.04.2012 14:16:38 | Computer Name = mephisto | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ Media Center Events ]
Error - 09.09.2010 07:13:18 | Computer Name = mephisto | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme:
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
[ System Events ]
Error - 15.06.2012 16:03:46 | Computer Name = mephisto | Source = Service Control Manager | ID = 7023
Description =
 
Error - 15.06.2012 16:03:46 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description =
 
Error - 15.06.2012 16:03:46 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description =
 
Error - 16.06.2012 04:28:39 | Computer Name = mephisto | Source = Service Control Manager | ID = 7023
Description =
 
Error - 16.06.2012 04:28:39 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description =
 
Error - 16.06.2012 04:28:39 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description =
 
Error - 18.06.2012 05:21:01 | Computer Name = mephisto | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 18.06.2012 09:51:59 | Computer Name = mephisto | Source = Service Control Manager | ID = 7023
Description =
 
Error - 18.06.2012 09:51:59 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description =
 
Error - 18.06.2012 09:51:59 | Computer Name = mephisto | Source = Service Control Manager | ID = 7003
Description =
 
 
< End of report >
Ich hoffe inständig, dass Ihr mir helfen könnt...
Vielen Dank für Eure Bemühungen
Ilka

cosinus 19.06.2012 13:34
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

kjkjjj1108 20.06.2012 08:53
Hallo Arne,
danke, dass Du mir hilfst.
Wir haben am Freitag schon einmal mit Malwarebytes gescannt. Allerdings bestand das Problem da schon. Hier aber trotzdem die Log-Files:

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.15.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Ingo Buchholz :: MEPHISTO [Administrator]

Schutz: Aktiviert

15.06.2012 19:41:08
mbam-log-2012-06-15 (19-41-08).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 469903
Laufzeit: 1 Stunde(n), 6 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
2012/06/15 19:36:14 +0200        MEPHISTO        ***        MESSAGE        Starting protection
2012/06/15 19:36:15 +0200        MEPHISTO        ***        MESSAGE        Executing scheduled update:  Daily
2012/06/15 19:36:16 +0200        MEPHISTO        ***        MESSAGE        Database already up-to-date
2012/06/15 19:36:19 +0200        MEPHISTO        ***        MESSAGE        Protection started successfully
2012/06/15 19:36:22 +0200        MEPHISTO        ***        MESSAGE        Starting IP protection
2012/06/15 19:36:27 +0200        MEPHISTO        ***        MESSAGE        IP Protection started successfully
2012/06/15 19:41:12 +0200        MEPHISTO        ***        IP-BLOCK        78.41.203.119 (Type: outgoing, Port: 55115, Process: svchost.exe)
2012/06/15 19:52:10 +0200        MEPHISTO        ***        IP-BLOCK        78.41.203.119 (Type: outgoing, Port: 55167, Process: svchost.exe)
2012/06/15 19:52:11 +0200        MEPHISTO        ***        IP-BLOCK        78.41.203.119 (Type: outgoing, Port: 55168, Process: svchost.exe)
2012/06/15 20:03:04 +0200        MEPHISTO        ***        IP-BLOCK        78.41.203.119 (Type: outgoing, Port: 55178, Process: svchost.exe)
2012/06/15 20:08:33 +0200        MEPHISTO        ***        IP-BLOCK        78.41.203.119 (Type: outgoing, Port: 55188, Process: svchost.exe)
2012/06/15 20:08:41 +0200        MEPHISTO        ***        IP-BLOCK        78.41.203.119 (Type: outgoing, Port: 55191, Process: svchost.exe)
2012/06/15 20:19:48 +0200        MEPHISTO        ***        IP-BLOCK        78.41.203.119 (Type: outgoing, Port: 55205, Process: svchost.exe)
2012/06/15 20:25:26 +0200        MEPHISTO        ***        IP-BLOCK        78.41.203.119 (Type: outgoing, Port: 55217, Process: svchost.exe)
2012/06/15 20:25:26 +0200        MEPHISTO        ***        IP-BLOCK        78.41.203.119 (Type: outgoing, Port: 55218, Process: svchost.exe)
2012/06/15 20:30:55 +0200        MEPHISTO        ***        IP-BLOCK        78.41.203.119 (Type: outgoing, Port: 55223, Process: svchost.exe)
2012/06/15 20:30:55 +0200        MEPHISTO        ***        IP-BLOCK        78.41.203.119 (Type: outgoing, Port: 55227, Process: svchost.exe)
2012/06/15 20:42:10 +0200        MEPHISTO        ***        IP-BLOCK        78.41.203.119 (Type: outgoing, Port: 55250, Process: svchost.exe)
2012/06/15 20:47:39 +0200        MEPHISTO        ***        IP-BLOCK        78.41.203.119 (Type: outgoing, Port: 55259, Process: svchost.exe)
2012/06/15 20:54:49 +0200        MEPHISTO        ***        DETECTION        C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@        Rootkit.0Access        QUARANTINE
2012/06/15 20:58:28 +0200        MEPHISTO        ***        DETECTION        C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@        Rootkit.0Access        DENY
2012/06/15 20:58:50 +0200        MEPHISTO        ***        IP-BLOCK        78.41.203.119 (Type: outgoing, Port: 55639, Process: svchost.exe)
2012/06/15 22:06:17 +0200        MEPHISTO        ***        MESSAGE        Starting protection
2012/06/15 22:06:25 +0200        MEPHISTO        ***        MESSAGE        Protection started successfully
2012/06/15 22:06:28 +0200        MEPHISTO        ***        MESSAGE        Starting IP protection
2012/06/15 22:06:28 +0200        MEPHISTO        ***        ERROR        IP protection failed:  FwpmEngineOpen0 failed with error code 1753
Code:
2012/06/16 10:30:29 +0200        MEPHISTO        ***        MESSAGE        Starting protection
2012/06/16 10:30:33 +0200        MEPHISTO        ***        MESSAGE        Protection started successfully
2012/06/16 10:30:36 +0200        MEPHISTO        ***        MESSAGE        Starting IP protection
2012/06/16 10:30:36 +0200        MEPHISTO        ***        ERROR        IP protection failed:  FwpmEngineOpen0 failed with error code 1753
Code:
2012/06/18 09:45:55 +0200        MEPHISTO        ***        DETECTION        C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@        Rootkit.0Access        QUARANTINE
2012/06/18 09:46:06 +0200        MEPHISTO        ***        DETECTION        C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@        Rootkit.0Access        DENY
2012/06/18 10:44:21 +0200        MEPHISTO        ***        MESSAGE        Executing scheduled update:  Daily
2012/06/18 10:44:22 +0200        MEPHISTO        ***        ERROR        Scheduled update failed:  Host not found failed with error code 0
2012/06/18 11:58:40 +0200        MEPHISTO        ***        DETECTION        C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@        Rootkit.0Access        DENY
2012/06/18 12:05:35 +0200        MEPHISTO        ***        MESSAGE        Starting database refresh
2012/06/18 12:05:47 +0200        MEPHISTO        ***        MESSAGE        Database refreshed successfully
2012/06/18 15:53:42 +0200        MEPHISTO        ***        MESSAGE        Starting protection
2012/06/18 15:53:49 +0200        MEPHISTO        ***        MESSAGE        Protection started successfully
2012/06/18 15:53:52 +0200        MEPHISTO        ***        MESSAGE        Starting IP protection
2012/06/18 15:53:52 +0200        MEPHISTO        ***        ERROR        IP protection failed:  FwpmEngineOpen0 failed with error code 1753
2012/06/18 15:53:52 +0200        MEPHISTO        ***        MESSAGE        Starting IP protection
2012/06/18 15:53:52 +0200        MEPHISTO        ***        ERROR        IP protection failed:  FwpmEngineOpen0 failed with error code 1753
2012/06/18 16:13:29 +0200        MEPHISTO        ***        MESSAGE        Starting IP protection
2012/06/18 16:13:29 +0200        MEPHISTO        ***        ERROR        IP protection failed:  FwpmEngineOpen0 failed with error code 1753
2012/06/18 21:34:50 +0200        MEPHISTO        ***        MESSAGE        Starting protection
2012/06/18 21:34:55 +0200        MEPHISTO        ***        MESSAGE        Protection started successfully
2012/06/18 21:34:59 +0200        MEPHISTO        ***        MESSAGE        Starting IP protection
2012/06/18 21:34:59 +0200        MEPHISTO        ***        ERROR        IP protection failed:  FwpmEngineOpen0 failed with error code 1753
2012/06/18 21:55:07 +0200        MEPHISTO        ***        DETECTION        C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@        Rootkit.0Access        QUARANTINE
2012/06/18 21:58:16 +0200        MEPHISTO        ***        DETECTION        C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@        Rootkit.0Access        ALLOW
2012/06/18 21:58:16 +0200        MEPHISTO        ***        DETECTION        C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@        Rootkit.0Access        ALLOW
Code:
2012/06/20 09:38:56 +0200        MEPHISTO        ***        MESSAGE        Starting protection
2012/06/20 09:39:04 +0200        MEPHISTO        ***        MESSAGE        Protection started successfully
2012/06/20 09:39:07 +0200        MEPHISTO        ***        MESSAGE        Starting IP protection
2012/06/20 09:39:07 +0200        MEPHISTO        ***        ERROR        IP protection failed:  FwpmEngineOpen0 failed with error code 1753
2012/06/20 09:44:38 +0200        MEPHISTO        ***        MESSAGE        Executing scheduled update:  Daily
2012/06/20 09:45:03 +0200        MEPHISTO        ***        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.06.18.03 to version v2012.06.20.02
2012/06/20 09:45:03 +0200        MEPHISTO        ***        MESSAGE        Starting database refresh
2012/06/20 09:45:09 +0200        MEPHISTO        ***        MESSAGE        Database refreshed successfully
Vor Freitag hatten wir nur Antivir laufen. Das früheste an Logfiles, was ich noch bekommen kann, ist allerdings vom ersten Fund am Donnerstag:
Code:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 14. Juni 2012  12:50

Es wird nach 3833951 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows (TM) Vista Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : MEPHISTO

Versionsinformationen:
BUILD.DAT      : 12.0.0.1125    41829 Bytes  02.05.2012 16:34:00
AVSCAN.EXE    : 12.3.0.15    466896 Bytes  08.05.2012 17:53:26
AVSCAN.DLL    : 12.3.0.15      66256 Bytes  08.05.2012 17:53:25
LUKE.DLL      : 12.3.0.15      68304 Bytes  08.05.2012 17:53:40
AVSCPLR.DLL    : 12.3.0.14      97032 Bytes  08.05.2012 17:53:43
AVREG.DLL      : 12.3.0.17    232200 Bytes  10.05.2012 18:39:42
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 09:07:39
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 08:24:16
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 09:20:19
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 09:28:26
VBASE005.VDF  : 7.11.29.136  2166272 Bytes  10.05.2012 18:39:39
VBASE006.VDF  : 7.11.29.137    2048 Bytes  10.05.2012 18:39:39
VBASE007.VDF  : 7.11.29.138    2048 Bytes  10.05.2012 18:39:40
VBASE008.VDF  : 7.11.29.139    2048 Bytes  10.05.2012 18:39:40
VBASE009.VDF  : 7.11.29.140    2048 Bytes  10.05.2012 18:39:40
VBASE010.VDF  : 7.11.29.141    2048 Bytes  10.05.2012 18:39:40
VBASE011.VDF  : 7.11.29.142    2048 Bytes  10.05.2012 18:39:40
VBASE012.VDF  : 7.11.29.143    2048 Bytes  10.05.2012 18:39:40
VBASE013.VDF  : 7.11.29.144    2048 Bytes  10.05.2012 18:39:40
VBASE014.VDF  : 7.11.30.3    198144 Bytes  14.05.2012 17:56:08
VBASE015.VDF  : 7.11.30.69    186368 Bytes  17.05.2012 17:56:12
VBASE016.VDF  : 7.11.30.143  223744 Bytes  21.05.2012 17:56:19
VBASE017.VDF  : 7.11.30.207  287744 Bytes  23.05.2012 17:56:32
VBASE018.VDF  : 7.11.31.57    188416 Bytes  28.05.2012 17:56:39
VBASE019.VDF  : 7.11.31.111  214528 Bytes  30.05.2012 09:24:38
VBASE020.VDF  : 7.11.31.151  116736 Bytes  31.05.2012 09:24:38
VBASE021.VDF  : 7.11.31.205  134144 Bytes  03.06.2012 13:29:29
VBASE022.VDF  : 7.11.32.9    169472 Bytes  05.06.2012 07:49:22
VBASE023.VDF  : 7.11.32.85    155648 Bytes  08.06.2012 19:00:48
VBASE024.VDF  : 7.11.32.133  127488 Bytes  11.06.2012 19:45:46
VBASE025.VDF  : 7.11.32.171  182784 Bytes  12.06.2012 19:45:51
VBASE026.VDF  : 7.11.32.172    2048 Bytes  12.06.2012 19:45:51
VBASE027.VDF  : 7.11.32.173    2048 Bytes  12.06.2012 19:45:51
VBASE028.VDF  : 7.11.32.174    2048 Bytes  12.06.2012 19:45:51
VBASE029.VDF  : 7.11.32.175    2048 Bytes  12.06.2012 19:45:51
VBASE030.VDF  : 7.11.32.176    2048 Bytes  12.06.2012 19:45:51
VBASE031.VDF  : 7.11.32.208    65024 Bytes  13.06.2012 20:32:54
Engineversion  : 8.2.10.80
AEVDF.DLL      : 8.1.2.8      106867 Bytes  03.06.2012 09:24:45
AESCRIPT.DLL  : 8.1.4.24      450939 Bytes  03.06.2012 09:24:45
AESCN.DLL      : 8.1.8.2      131444 Bytes  30.01.2012 10:20:48
AESBX.DLL      : 8.2.5.10      606580 Bytes  29.05.2012 17:59:14
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 21:16:06
AEPACK.DLL    : 8.2.16.16    807288 Bytes  29.05.2012 17:58:49
AEOFFICE.DLL  : 8.1.2.28      201082 Bytes  26.04.2012 17:11:24
AEHEUR.DLL    : 8.1.4.36    4874615 Bytes  03.06.2012 09:24:45
AEHELP.DLL    : 8.1.21.0      254326 Bytes  11.05.2012 18:39:29
AEGEN.DLL      : 8.1.5.28      422260 Bytes  26.04.2012 17:11:18
AEEXP.DLL      : 8.1.0.44      82293 Bytes  29.05.2012 17:59:17
AEEMU.DLL      : 8.1.3.0      393589 Bytes  01.09.2011 21:46:01
AECORE.DLL    : 8.1.25.10    201080 Bytes  03.06.2012 09:24:39
AEBB.DLL      : 8.1.1.0        53618 Bytes  01.09.2011 21:46:01
AVWINLL.DLL    : 12.3.0.15      27344 Bytes  08.05.2012 17:53:17
AVPREF.DLL    : 12.3.0.15      51920 Bytes  08.05.2012 17:53:25
AVREP.DLL      : 12.3.0.15    179208 Bytes  08.05.2012 17:53:43
AVARKT.DLL    : 12.3.0.15    211408 Bytes  08.05.2012 17:53:21
AVEVTLOG.DLL  : 12.3.0.15    169168 Bytes  08.05.2012 17:53:24
SQLITE3.DLL    : 3.7.0.1      398288 Bytes  08.05.2012 17:53:42
AVSMTP.DLL    : 12.3.0.15      63440 Bytes  08.05.2012 17:53:28
NETNT.DLL      : 12.3.0.15      17104 Bytes  08.05.2012 17:53:40
RCIMAGE.DLL    : 12.3.0.15    4447952 Bytes  08.05.2012 17:53:17
RCTEXT.DLL    : 12.3.0.15      98512 Bytes  08.05.2012 17:53:18

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4fd9b0b1\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+SPR,

Beginn des Suchlaufs: Donnerstag, 14. Juni 2012  12:50

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'InstallFlashPlayer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'java.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jp2launcher.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AcroBroker.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Photoshop.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil32_11_3_300_257_ActiveX.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpntray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GarminLifetime.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ONENOTEM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WebcamDell.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVDDXSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DataSafeOnline.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTLite.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Toaster.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DSUpd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'STSERVICE.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftservice.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsswd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hsssrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'openvpnas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DockLogin.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\***\AppData\Local\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\n'
C:\Users\***\AppData\Local\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\n
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen2
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55816bc8.qua' verschoben!


Ende des Suchlaufs: Donnerstag, 14. Juni 2012  12:51
Benötigte Zeit: 00:59 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    39 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    38 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen
      1 Hinweise


Danke Ilka

cosinus 20.06.2012 10:07
Code:
"ESET Online Scanner" = ESET Online Scanner v3
Wo ist das Log vom ESET Scanner?

kjkjjj1108 20.06.2012 13:18
Hallo Arne,

das vom Freitag finde ich nicht mehr, ich scanne jetzt nochmal.
Code:
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@        Win64/Sirefef.AI trojan        cleaned by deleting - quarantined
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\80000000.@        Win64/Sirefef.AE trojan        cleaned by deleting - quarantined
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@        Win64/Sirefef.AH trojan        cleaned by deleting - quarantined
Gruss Ilka

cosinus 20.06.2012 15:17
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

kjkjjj1108 20.06.2012 17:52
Hallo Arne,

hier der OTL-File:

Code:
OTL logfile created on: 20.06.2012 17:28:13 - Run 3
OTL by OldTimer - Version 3.2.49.0    Folder = C:\Users\Ingo Buchholz\Desktop\trojaner-board
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 46,55% Memory free
8,21 Gb Paging File | 5,83 Gb Available in Paging File | 70,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,40 Gb Total Space | 39,42 Gb Free Space | 13,91% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 6,79 Gb Free Space | 46,35% Space Free | Partition Type: NTFS
 
Computer Name: MEPHISTO | User Name: Ingo Buchholz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.18 15:55:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ingo Buchholz\Desktop\trojaner-board\OTL.exe
PRC - [2012.06.14 12:52:26 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012.05.08 19:53:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:53:24 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 19:53:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.07 03:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2012.01.06 20:36:14 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.01.06 16:30:00 | 001,446,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2012.01.05 01:02:02 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2012.01.05 01:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011.11.08 12:11:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.01.13 21:54:26 | 000,464,856 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011.01.13 21:42:12 | 003,811,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
PRC - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
PRC - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Programme\Dell\DellDock\DockLogin.exe
PRC - [2008.11.11 18:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008.05.23 21:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.15 22:28:31 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\592a9a12b07b624764df2eca289116d1\System.Web.Services.ni.dll
MOD - [2012.06.15 22:09:19 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 12:19:20 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.06.14 12:18:49 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.06.14 12:18:41 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012.06.14 12:18:22 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.06.14 12:18:19 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012.06.14 11:59:03 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.14 11:58:42 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.14 11:57:50 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.06.03 13:03:51 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012.06.03 12:04:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.06.03 11:23:26 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.06.03 11:22:03 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0b56e0ea0a4fca560a68607afae65ac9\System.Core.ni.dll
MOD - [2012.06.03 11:21:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.06.03 11:21:03 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.06.03 11:20:57 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.06.03 11:20:43 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.05.29 20:32:50 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012.05.29 20:28:15 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a8079623eab0ba9e106436885a0281d\System.Xml.Linq.ni.dll
MOD - [2012.05.29 20:28:13 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.05.29 20:22:22 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.05.29 20:22:21 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\8ec275d60f23035b499a67037212ef4f\System.Security.ni.dll
MOD - [2012.05.29 20:22:14 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.05.29 20:22:02 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.05.29 20:21:49 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012.01.07 03:45:28 | 000,660,296 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2012.01.06 20:38:08 | 000,009,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2011.01.13 21:42:02 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2011.01.13 21:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
MOD - [2011.01.13 21:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2011.01.13 21:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2011.01.13 21:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2011.01.13 21:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2011.01.13 21:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2011.01.13 21:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2011.01.13 21:37:04 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2011.01.13 21:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
MOD - [2009.11.13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009.11.13 17:15:00 | 000,365,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll
MOD - [2009.11.13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009.11.13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009.11.13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009.11.13 17:15:00 | 000,046,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll
MOD - [2009.11.13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
MOD - [2009.04.09 23:29:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009.03.29 21:40:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.29 21:40:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.03.19 18:26:10 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009.03.19 18:25:42 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008.12.21 20:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008.11.26 23:45:44 | 000,918,528 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2012.06.14 12:52:27 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 19:53:40 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:53:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.06 20:39:12 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2012.01.06 20:36:14 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.01.05 01:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012.01.05 01:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.01.13 21:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 19:53:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 19:53:42 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\taphss.sys -- (taphss)
DRV:64bit: - [2011.02.28 23:36:54 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2011.01.03 10:38:36 | 000,177,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.01.03 10:38:36 | 000,157,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.01.03 10:38:36 | 000,145,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011.01.03 10:38:36 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.05.15 20:50:33 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.06 18:03:00 | 000,313,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys -- (OA008Vid)
DRV:64bit: - [2009.04.10 22:39:38 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser)
DRV:64bit: - [2009.04.10 22:03:34 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.03.19 18:26:24 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.03.06 08:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys -- (OA008Ufd)
DRV:64bit: - [2008.12.21 20:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008.12.16 18:56:52 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008.11.26 23:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2008.11.26 23:45:50 | 004,824,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008.11.25 16:56:58 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.10.28 17:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008.10.07 19:49:52 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2008.09.15 19:11:04 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008.09.15 19:11:00 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008.09.15 19:10:58 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008.02.25 10:59:14 | 000,112,512 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2008.01.21 04:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2007.11.14 10:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006.11.01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV - [2011.05.12 20:10:40 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Programme\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.berlin.de/
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes,DefaultScope = {8A98EB80-7689-498B-B39E-4BE93D32F3AB}
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{8A98EB80-7689-498B-B39E-4BE93D32F3AB}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA THUNDERBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [EPSON BX300F Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_SF814.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [EPSON BX300F Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_S2B63.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {30A3CCA5-F34C-4E87-BB57-5A2F2C935E14} file:///E:/CDVIEWER/CdViewer.cab (AMI DicomDir TreeView Control 2.0)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F040E6-32BA-49E5-A291-E98C7A3EE46A}: NameServer = 150.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F06AA57A-B93B-4C3C-8287-D83B1100F386}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ingo Buchholz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ingo Buchholz\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.13 10:54:38 | 000,000,000 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{283ef8a8-9d5d-11de-9546-002219f779e2}\Shell\AutoRun\command - "" = F:\.\MigWiz\migsetup.exe
O33 - MountPoints2\{2bd949b1-933a-11de-abd8-002219f779e2}\Shell\AutoRun\command - "" = F:\.\dae_player.exe
O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\AutoRun\command - "" = ·Ë
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\explore\Command - "" = RECYCLER\INFO.exe
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\open\Command - "" = RECYCLER\INFO.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {50F7C24B-06C3-4DDB-BD23-2BBEC900379A} - Internet Explorer
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.20 11:57:59 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012.06.20 11:40:57 | 000,000,000 | ---D | C] -- C:\Users\Ingo Buchholz\Desktop\trojaner-board
[2012.06.15 20:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.15 19:35:29 | 000,000,000 | ---D | C] -- C:\Users\Ingo Buchholz\AppData\Roaming\Malwarebytes
[2012.06.15 19:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.15 19:35:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.15 19:35:19 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.15 19:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.13 11:37:14 | 000,000,000 | ---D | C] -- C:\Users\Ingo Buchholz\Desktop\20120613dawanda
[2012.06.11 14:24:25 | 000,000,000 | ---D | C] -- C:\Users\Ingo Buchholz\Documents\Beihilfe
[2012.06.03 11:45:06 | 000,000,000 | ---D | C] -- C:\Users\Ingo Buchholz\Documents\Gebrauchsanweisungen Babysitter
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.20 17:28:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.20 17:28:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.20 17:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.20 17:21:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.20 11:00:07 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.06.20 10:21:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.20 09:35:51 | 001,454,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.20 09:35:51 | 000,632,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.20 09:35:51 | 000,598,596 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.20 09:35:51 | 000,127,714 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.20 09:35:51 | 000,104,610 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.20 09:28:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.20 09:28:43 | 4289,576,960 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.18 15:49:27 | 000,000,188 | ---- | M] () -- C:\Users\Ingo Buchholz\defogger_reenable
[2012.06.15 22:03:00 | 000,405,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.14 13:04:01 | 000,000,732 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Local\d3d9caps64.dat
[2012.06.13 11:55:33 | 000,144,896 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.12 12:22:58 | 000,011,523 | ---- | M] () -- C:\Users\Ingo Buchholz\100.jpg
[2012.06.11 10:20:08 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
 
========== Files Created - No Company Name ==========
 
[2012.06.20 13:33:01 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\800000cb.@
[2012.06.20 13:33:00 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\80000000.@
[2012.06.20 13:32:59 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U\00000001.@
[2012.06.18 15:49:27 | 000,000,188 | ---- | C] () -- C:\Users\Ingo Buchholz\defogger_reenable
[2012.06.12 12:23:12 | 000,011,523 | ---- | C] () -- C:\Users\Ingo Buchholz\100.jpg
[2012.01.13 22:29:17 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\@
[2012.01.13 22:29:17 | 000,002,048 | -HS- | C] () -- C:\Users\Ingo Buchholz\AppData\Local\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\@
[2011.12.13 17:53:03 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.12.13 17:53:02 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.12.13 17:53:02 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.12.13 17:53:02 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.12.13 17:53:02 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.12.13 17:53:02 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.12.13 17:53:02 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.12.13 17:53:02 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.12.13 17:53:02 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.12.13 17:53:02 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.12.13 17:53:02 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.12.13 17:53:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.12.13 17:53:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.12.13 17:53:02 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.12.13 17:53:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.12.13 17:53:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.12.13 17:53:02 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.12.13 17:53:02 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.12.13 17:53:02 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.12.13 17:51:37 | 000,000,025 | ---- | C] () -- C:\Windows\CDEBX300DEFGIPS.ini
[2011.12.08 17:55:07 | 000,000,732 | ---- | C] () -- C:\Users\Ingo Buchholz\AppData\Local\d3d9caps64.dat
[2011.11.13 10:43:16 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2011.11.13 10:43:16 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2011.11.13 10:43:15 | 000,559,104 | ---- | C] () -- C:\Windows\SysWow64\lame.exe
[2011.11.13 10:43:15 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.11.13 10:43:12 | 000,693,765 | ---- | C] () -- C:\Users\Ingo Buchholz\AppData\Roaming\unins000.exe
[2011.11.13 10:43:12 | 000,007,900 | ---- | C] () -- C:\Users\Ingo Buchholz\AppData\Roaming\unins000.dat
[2011.11.02 19:48:53 | 000,000,000 | ---- | C] () -- C:\Users\Ingo Buchholz\AppData\Local\{29BC51ED-79B0-47D1-B13C-F2FA9DD19CFE}
[2011.05.29 10:53:14 | 000,038,443 | ---- | C] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.03.02 23:57:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.03.02 23:57:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.02 23:57:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.02 23:57:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.02 23:57:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== LOP Check ==========
 
[2011.11.13 10:44:02 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\concept design
[2011.12.30 17:12:55 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\DAEMON Tools Lite
[2011.12.13 17:59:12 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\EPSON
[2010.09.03 18:08:36 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\FileZilla
[2012.03.25 10:40:25 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\GARMIN
[2011.09.18 22:55:35 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\MyPhoneExplorer
[2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Nokia
[2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Nokia Ovi Suite
[2010.03.28 20:08:37 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\PC Suite
[2011.03.06 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr
[2011.05.29 11:11:58 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung
[2009.10.28 22:33:49 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Template
[2009.10.11 17:00:24 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Thunderbird
[2012.06.11 10:20:08 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.06.18 21:58:21 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.20 11:00:07 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.15 13:49:27 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Adobe
[2011.12.30 20:20:21 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Apple Computer
[2009.08.27 21:09:01 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\ATI
[2011.10.23 22:09:39 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Avira
[2011.11.13 10:44:02 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\concept design
[2009.09.22 23:13:30 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Creative
[2010.05.20 06:33:05 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\CyberLink
[2011.12.30 17:12:55 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\DAEMON Tools Lite
[2011.05.26 22:03:43 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Dell
[2010.05.20 20:44:45 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\DivX
[2012.01.17 21:10:30 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\dvdcss
[2011.12.13 17:59:12 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\EPSON
[2010.09.03 18:08:36 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\FileZilla
[2012.03.25 10:40:25 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\GARMIN
[2009.08.27 21:07:52 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Identities
[2011.12.13 17:53:00 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\InstallShield
[2009.09.21 21:54:55 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Macromedia
[2012.06.15 19:35:29 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Malwarebytes
[2006.11.02 17:07:25 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Media Center Programs
[2010.06.26 17:24:27 | 000,000,000 | --SD | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Microsoft
[2009.10.11 17:00:25 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Mozilla
[2011.09.18 22:55:35 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\MyPhoneExplorer
[2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Nokia
[2011.06.07 22:32:16 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Nokia Ovi Suite
[2010.03.28 20:08:37 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\PC Suite
[2011.03.06 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr
[2009.10.11 22:39:57 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Roxio
[2011.05.29 11:11:58 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung
[2012.06.20 17:28:07 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Skype
[2011.11.07 20:21:34 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\skypePM
[2009.10.11 17:00:33 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Talkback
[2009.10.28 22:33:49 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Template
[2009.10.11 17:00:24 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\Thunderbird
[2012.03.30 19:28:24 | 000,000,000 | ---D | M] -- C:\Users\Ingo Buchholz\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2010.02.13 23:59:46 | 008,653,312 | ---- | M] (Dell, Inc.                                                  ) -- C:\Users\Ingo Buchholz\AppData\Roaming\DataSafeDotNet.exe
[2011.11.13 10:42:28 | 000,693,765 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\unins000.exe
[2011.05.26 21:59:35 | 054,781,576 | ---- | M] (Dell Inc) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5830_10_64_01.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\2a5e80c9-67eb-418f-a720-b36df0d47aca\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\42b6e642-85a1-49e1-bf3a-5b4fb741040d\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\44ecb15f-9d0a-45b3-9d7f-f1318d97fe07\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\49a13dfb-8a79-47be-8c41-b3c4b92c4cdd\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\814e6ed2-9606-4518-8dbe-605edb7cbc35\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\840bf6ca-ed55-4a57-ab42-8daeed010db3\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\8800af62-10de-41ca-b6c7-5d0e1689cee4\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\964d4a99-1185-4863-8401-41999c71990d\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\b93d6cab-5887-424c-bf66-71f5bd3e369d\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\d220d1f9-8229-4577-9906-b875ad739b6d\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\f253dfb5-7845-47f7-a8d7-e8ccf0d0e944\DellSignedAppUpdaterRules\AddCertificate.exe
[2010.10.12 13:36:00 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Ingo Buchholz\AppData\Roaming\PCDr\Update\Rules\f953c0a2-d065-4574-8fd1-c3c9b1dc51c4\DellSignedAppUpdaterRules\AddCertificate.exe
[2011.09.29 09:19:14 | 000,929,680 | ---- | M] (Samsung) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011.09.29 09:19:18 | 000,278,928 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011.09.16 04:58:14 | 000,285,696 | ---- | M] (Samsung) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2011.09.29 09:19:16 | 003,508,112 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.09.16 04:56:02 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2011.09.16 04:56:02 | 000,283,648 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011.09.16 04:56:04 | 000,666,624 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011.09.29 09:19:20 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011.09.16 04:55:38 | 000,106,408 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2011.09.16 04:55:38 | 000,101,288 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2011.09.29 09:19:24 | 000,131,984 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011.09.29 09:19:26 | 000,020,880 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011.09.29 09:19:28 | 004,662,392 | ---- | M] () -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.09.16 04:54:38 | 024,111,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2011.09.29 09:19:30 | 000,364,432 | ---- | M] (ml) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2011.11.08 12:11:58 | 000,392,080 | ---- | M] (ml) -- C:\Users\Ingo Buchholz\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.30 12:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 00:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.30 12:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 00:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 00:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.10 23:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 00:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 00:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 04:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >
Danke und einen schönen Feierabend
Ilka

cosinus 21.06.2012 09:17
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [EPSON BX300F Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_SF814.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-272521431-3735504338-3595803933-1000..\Run: [EPSON BX300F Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE /FU "C:\Windows\TEMP\E_S2B63.tmp" /EF "HKCU" File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1F040E6-32BA-49E5-A291-E98C7A3EE46A}: NameServer = 150.0.0.1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.13 10:54:38 | 000,000,000 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{283ef8a8-9d5d-11de-9546-002219f779e2}\Shell\AutoRun\command - "" = F:\.\MigWiz\migsetup.exe
O33 - MountPoints2\{2bd949b1-933a-11de-abd8-002219f779e2}\Shell\AutoRun\command - "" = F:\.\dae_player.exe
O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell - "" = AutoRun
O33 - MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\AutoRun\command - "" = ·Ë
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\explore\Command - "" = RECYCLER\INFO.exe
O33 - MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\Shell\open\Command - "" = RECYCLER\INFO.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
:Files
C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

kjkjjj1108 21.06.2012 11:17
Hallo und guten Morgen Arne,

gerade habe ich versucht den OTL-Fix zu machen, als mittendrin plötzlich ein Windows-Fenster aufging und die Meldung kam: Es ist ein schwerwiegender Fehler aufgetreten, bitte sichern Sie Ihre Dateien, Windows wird in Kürze heruntergefahren (- oder so ähnlich). Dann kam von OTL die Fehlermeldung, dass dieses nicht mehr funktioniere und der Computer fuhr herunter...

Ich werde den scan jetzt ein 2. Mal starten und hoffe, dass das diesmal klappt.
Beste Grüße und bis später
Ilka

Okay, das ging jetzt schneller als erwartet. Beim Wideröffnen von OTL hat es nur ganz kurz gescannt, dann einen Neustart gemacht und mir das folgende Log-File ausgeworfen:

Code:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Internet Explorer\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
File C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
File C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON BX300F Series not found.
Registry value HKEY_USERS\S-1-5-21-272521431-3735504338-3595803933-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON BX300F Series (Kopie 1) not found.
File move failed. C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A1F040E6-32BA-49E5-A291-E98C7A3EE46A}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File D:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{283ef8a8-9d5d-11de-9546-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{283ef8a8-9d5d-11de-9546-002219f779e2}\ not found.
File F:\.\MigWiz\migsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2bd949b1-933a-11de-abd8-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2bd949b1-933a-11de-abd8-002219f779e2}\ not found.
File F:\.\dae_player.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a13d9a99-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a13d9a99-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a13d9a99-a6e5-11de-883b-002219f779e2}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a13d9aac-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a13d9aac-a6e5-11de-883b-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a13d9aac-a6e5-11de-883b-002219f779e2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a72ff795-0f10-11df-9a37-002219f779e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a72ff795-0f10-11df-9a37-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a72ff795-0f10-11df-9a37-002219f779e2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c68309b6-1095-11df-95b9-002219f779e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c68309b6-1095-11df-95b9-002219f779e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c68309b6-1095-11df-95b9-002219f779e2}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
File ·Ë not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
File C:\RECYCLER\INFO.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fef3df21-b61c-11de-827b-eb6e98e2a277}\ not found.
File C:\RECYCLER\INFO.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
========== FILES ==========
File\Folder C:\Windows\Installer\{f7dd053b-c2ec-720a-7e8c-7b757319021f}\U not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 312622 bytes
->Temporary Internet Files folder emptied: 4672983 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 725 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 179462451 bytes
 
Total Files Cleaned = 176,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.49.0 log created on 06212012_121806

Files\Folders moved on Reboot...
File\Folder C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Gruss Ilka

cosinus 21.06.2012 14:06
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

kjkjjj1108 21.06.2012 15:01
Hier das Logfile des TDSS-Killers:

Code:
15:48:34.0082 4048        TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
15:48:35.0174 4048        ============================================================
15:48:35.0174 4048        Current date / time: 2012/06/21 15:48:35.0174
15:48:35.0174 4048        SystemInfo:
15:48:35.0174 4048       
15:48:35.0174 4048        OS Version: 6.0.6002 ServicePack: 2.0
15:48:35.0174 4048        Product type: Workstation
15:48:35.0174 4048        ComputerName: MEPHISTO
15:48:35.0174 4048        UserName: ***
15:48:35.0174 4048        Windows directory: C:\Windows
15:48:35.0174 4048        System windows directory: C:\Windows
15:48:35.0174 4048        Running under WOW64
15:48:35.0174 4048        Processor architecture: Intel x64
15:48:35.0174 4048        Number of processors: 2
15:48:35.0174 4048        Page size: 0x1000
15:48:35.0174 4048        Boot type: Normal boot
15:48:35.0174 4048        ============================================================
15:48:36.0656 4048        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:48:36.0671 4048        ============================================================
15:48:36.0671 4048        \Device\Harddisk0\DR0:
15:48:36.0671 4048        MBR partitions:
15:48:36.0671 4048        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
15:48:36.0671 4048        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x236CE8EB
15:48:36.0671 4048        ============================================================
15:48:36.0702 4048        C: <-> \Device\Harddisk0\DR0\Partition1
15:48:36.0718 4048        D: <-> \Device\Harddisk0\DR0\Partition0
15:48:36.0718 4048        ============================================================
15:48:36.0718 4048        Initialize success
15:48:36.0718 4048        ============================================================
15:51:29.0385 3788        ============================================================
15:51:29.0385 3788        Scan started
15:51:29.0385 3788        Mode: Manual; SigCheck; TDLFS;
15:51:29.0385 3788        ============================================================
15:51:30.0399 3788        ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
15:51:30.0586 3788        ACPI - ok
15:51:30.0664 3788        Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:51:30.0711 3788        Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
15:51:30.0711 3788        Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
15:51:30.0898 3788        AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:51:30.0914 3788        AdobeFlashPlayerUpdateSvc - ok
15:51:30.0992 3788        adp94xx        (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
15:51:31.0039 3788        adp94xx - ok
15:51:31.0101 3788        adpahci        (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
15:51:31.0148 3788        adpahci - ok
15:51:31.0195 3788        adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
15:51:31.0226 3788        adpu160m - ok
15:51:31.0257 3788        adpu320        (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
15:51:31.0288 3788        adpu320 - ok
15:51:31.0351 3788        AeLookupSvc    (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
15:51:31.0522 3788        AeLookupSvc - ok
15:51:31.0632 3788        AESTFilters    (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
15:51:31.0710 3788        AESTFilters - ok
15:51:31.0788 3788        AFD            (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
15:51:31.0897 3788        AFD - ok
15:51:31.0944 3788        agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
15:51:31.0959 3788        agp440 - ok
15:51:32.0006 3788        aic78xx        (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
15:51:32.0037 3788        aic78xx - ok
15:51:32.0068 3788        ALG            (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
15:51:32.0224 3788        ALG - ok
15:51:32.0240 3788        aliide          (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
15:51:32.0271 3788        aliide - ok
15:51:32.0287 3788        amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
15:51:32.0302 3788        amdide - ok
15:51:32.0318 3788        AmdK8          (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
15:51:32.0396 3788        AmdK8 - ok
15:51:32.0443 3788        androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
15:51:32.0490 3788        androidusb - ok
15:51:32.0661 3788        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:51:32.0677 3788        AntiVirSchedulerService - ok
15:51:32.0708 3788        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:51:32.0724 3788        AntiVirService - ok
15:51:32.0786 3788        Appinfo        (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
15:51:32.0817 3788        Appinfo - ok
15:51:32.0833 3788        arc            (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
15:51:32.0848 3788        arc - ok
15:51:32.0880 3788        arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
15:51:32.0895 3788        arcsas - ok
15:51:32.0926 3788        AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
15:51:33.0004 3788        AsyncMac - ok
15:51:33.0036 3788        atapi          (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
15:51:33.0051 3788        atapi - ok
15:51:33.0192 3788        Ati External Event Utility (00dace1d9a0da60215022c6b1fac1673) C:\Windows\system32\Ati2evxx.exe
15:51:33.0394 3788        Ati External Event Utility - ok
15:51:33.0909 3788        atikmdag        (cef278088637401f07a0064b0b900a32) C:\Windows\system32\DRIVERS\atikmdag.sys
15:51:34.0143 3788        atikmdag - ok
15:51:34.0346 3788        AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:51:34.0486 3788        AudioEndpointBuilder - ok
15:51:34.0502 3788        AudioSrv        (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
15:51:34.0549 3788        AudioSrv - ok
15:51:34.0705 3788        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
15:51:34.0720 3788        avgntflt - ok
15:51:34.0767 3788        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
15:51:34.0783 3788        avipbb - ok
15:51:34.0814 3788        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
15:51:34.0830 3788        avkmgr - ok
15:51:34.0970 3788        BBSvc          (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
15:51:35.0001 3788        BBSvc - ok
15:51:35.0048 3788        BBUpdate        (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
15:51:35.0079 3788        BBUpdate - ok
15:51:35.0126 3788        BCM42RLY        (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
15:51:35.0142 3788        BCM42RLY - ok
15:51:35.0344 3788        BCM43XX        (912012b708a7d8e8ce2ee55afb663dff) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:51:35.0485 3788        BCM43XX - ok
15:51:35.0797 3788        BITS            (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
15:51:35.0953 3788        BITS - ok
15:51:36.0140 3788        blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
15:51:36.0234 3788        blbdrive - ok
15:51:36.0265 3788        bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
15:51:36.0312 3788        bowser - ok
15:51:36.0343 3788        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
15:51:36.0390 3788        BrFiltLo - ok
15:51:36.0405 3788        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
15:51:36.0452 3788        BrFiltUp - ok
15:51:36.0499 3788        Browser        (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
15:51:36.0577 3788        Browser - ok
15:51:36.0608 3788        Brserid        (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
15:51:36.0811 3788        Brserid - ok
15:51:36.0826 3788        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
15:51:36.0920 3788        BrSerWdm - ok
15:51:36.0936 3788        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
15:51:37.0029 3788        BrUsbMdm - ok
15:51:37.0076 3788        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
15:51:37.0170 3788        BrUsbSer - ok
15:51:37.0216 3788        BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
15:51:37.0310 3788        BTHMODEM - ok
15:51:37.0341 3788        cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
15:51:37.0435 3788        cdfs - ok
15:51:37.0466 3788        cdrom          (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
15:51:37.0528 3788        cdrom - ok
15:51:37.0575 3788        CertPropSvc    (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:51:37.0622 3788        CertPropSvc - ok
15:51:37.0638 3788        circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
15:51:37.0716 3788        circlass - ok
15:51:37.0778 3788        CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
15:51:37.0809 3788        CLFS - ok
15:51:37.0918 3788        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:51:37.0950 3788        clr_optimization_v2.0.50727_32 - ok
15:51:37.0996 3788        clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:51:38.0012 3788        clr_optimization_v2.0.50727_64 - ok
15:51:38.0121 3788        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:51:38.0137 3788        clr_optimization_v4.0.30319_32 - ok
15:51:38.0199 3788        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:51:38.0215 3788        clr_optimization_v4.0.30319_64 - ok
15:51:38.0262 3788        CmBatt          (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
15:51:38.0340 3788        CmBatt - ok
15:51:38.0371 3788        cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
15:51:38.0386 3788        cmdide - ok
15:51:38.0418 3788        Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
15:51:38.0433 3788        Compbatt - ok
15:51:38.0449 3788        COMSysApp - ok
15:51:38.0449 3788        crcdisk        (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
15:51:38.0480 3788        crcdisk - ok
15:51:38.0542 3788        CryptSvc        (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
15:51:38.0574 3788        CryptSvc - ok
15:51:38.0636 3788        CtClsFlt        (11f13042577705093612c6a123caf12f) C:\Windows\system32\DRIVERS\CtClsFlt.sys
15:51:38.0683 3788        CtClsFlt - ok
15:51:38.0808 3788        DcomLaunch      (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:51:38.0886 3788        DcomLaunch - ok
15:51:38.0917 3788        DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
15:51:38.0964 3788        DfsC - ok
15:51:39.0307 3788        DFSR            (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
15:51:39.0478 3788        DFSR - ok
15:51:40.0024 3788        Dhcp            (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
15:51:40.0087 3788        Dhcp - ok
15:51:40.0180 3788        disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
15:51:40.0212 3788        disk - ok
15:51:40.0274 3788        Dnscache        (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
15:51:40.0305 3788        Dnscache - ok
15:51:40.0446 3788        DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
15:51:40.0477 3788        DockLoginService ( UnsignedFile.Multi.Generic ) - warning
15:51:40.0477 3788        DockLoginService - detected UnsignedFile.Multi.Generic (1)
15:51:40.0524 3788        dot3svc        (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
15:51:40.0586 3788        dot3svc - ok
15:51:40.0617 3788        DPS            (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
15:51:40.0680 3788        DPS - ok
15:51:40.0726 3788        drmkaud        (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
15:51:40.0789 3788        drmkaud - ok
15:51:40.0898 3788        DXGKrnl        (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
15:51:40.0992 3788        DXGKrnl - ok
15:51:41.0101 3788        e1express      (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
15:51:41.0210 3788        e1express - ok
15:51:41.0241 3788        E1G60          (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
15:51:41.0319 3788        E1G60 - ok
15:51:41.0350 3788        EapHost        (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
15:51:41.0428 3788        EapHost - ok
15:51:41.0491 3788        Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
15:51:41.0522 3788        Ecache - ok
15:51:41.0616 3788        ehRecvr        (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
15:51:41.0647 3788        ehRecvr - ok
15:51:41.0694 3788        ehSched        (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
15:51:41.0725 3788        ehSched - ok
15:51:41.0740 3788        ehstart        (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
15:51:41.0772 3788        ehstart - ok
15:51:41.0818 3788        elxstor        (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
15:51:41.0865 3788        elxstor - ok
15:51:41.0959 3788        EMDMgmt        (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
15:51:42.0099 3788        EMDMgmt - ok
15:51:42.0130 3788        ErrDev          (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
15:51:42.0162 3788        ErrDev - ok
15:51:42.0224 3788        EventSystem    (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
15:51:42.0349 3788        EventSystem - ok
15:51:42.0364 3788        exfat          (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
15:51:42.0427 3788        exfat - ok
15:51:42.0458 3788        fastfat        (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
15:51:42.0520 3788        fastfat - ok
15:51:42.0552 3788        fdc            (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
15:51:42.0598 3788        fdc - ok
15:51:42.0630 3788        fdPHost        (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
15:51:42.0692 3788        fdPHost - ok
15:51:42.0708 3788        FDResPub        (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
15:51:42.0801 3788        FDResPub - ok
15:51:42.0879 3788        FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
15:51:42.0895 3788        FileInfo - ok
15:51:42.0910 3788        Filetrace      (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
15:51:42.0973 3788        Filetrace - ok
15:51:42.0988 3788        flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:51:43.0035 3788        flpydisk - ok
15:51:43.0098 3788        FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
15:51:43.0129 3788        FltMgr - ok
15:51:43.0285 3788        FontCache      (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
15:51:43.0394 3788        FontCache - ok
15:51:43.0550 3788        FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:51:43.0566 3788        FontCache3.0.0.0 - ok
15:51:43.0659 3788        Fs_Rec          (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
15:51:43.0737 3788        Fs_Rec - ok
15:51:43.0768 3788        gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
15:51:43.0784 3788        gagp30kx - ok
15:51:43.0893 3788        gpsvc          (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
15:51:43.0987 3788        gpsvc - ok
15:51:44.0158 3788        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:51:44.0190 3788        gupdate - ok
15:51:44.0205 3788        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:51:44.0221 3788        gupdatem - ok
15:51:44.0283 3788        HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
15:51:44.0330 3788        HdAudAddService - ok
15:51:44.0455 3788        HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:51:44.0689 3788        HDAudBus - ok
15:51:44.0736 3788        HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
15:51:44.0860 3788        HidBth - ok
15:51:44.0892 3788        HidIr          (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
15:51:45.0016 3788        HidIr - ok
15:51:45.0048 3788        hidserv        (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
15:51:45.0110 3788        hidserv - ok
15:51:45.0141 3788        HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
15:51:45.0188 3788        HidUsb - ok
15:51:45.0219 3788        hkmsvc          (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
15:51:45.0282 3788        hkmsvc - ok
15:51:45.0313 3788        HpCISSs        (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
15:51:45.0328 3788        HpCISSs - ok
15:51:45.0484 3788        hshld          (44452f7a09d00573dc6e714874257cc9) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
15:51:45.0531 3788        hshld - ok
15:51:45.0578 3788        HssDrv          (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
15:51:45.0594 3788        HssDrv - ok
15:51:45.0703 3788        HssSrv          (2cfea9c337b699aca38487e8a7438f35) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
15:51:45.0734 3788        HssSrv - ok
15:51:45.0781 3788        HssTrayService  (6b1dc08d22231c9e508a715f07fce7fb) C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
15:51:45.0796 3788        HssTrayService - ok
15:51:45.0812 3788        HssWd - ok
15:51:45.0921 3788        HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
15:51:45.0999 3788        HTTP - ok
15:51:46.0062 3788        hwdatacard      (21f59a1e203f637563c7fff5de2b2b85) C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:51:46.0108 3788        hwdatacard - ok
15:51:46.0124 3788        i2omp          (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
15:51:46.0155 3788        i2omp - ok
15:51:46.0171 3788        i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
15:51:46.0218 3788        i8042prt - ok
15:51:46.0296 3788        iaStorV        (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
15:51:46.0342 3788        iaStorV - ok
15:51:46.0452 3788        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:51:46.0452 3788        IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:51:46.0452 3788        IDriverT - detected UnsignedFile.Multi.Generic (1)
15:51:46.0779 3788        idsvc          (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:51:46.0904 3788        idsvc - ok
15:51:46.0982 3788        iirsp          (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
15:51:46.0998 3788        iirsp - ok
15:51:47.0076 3788        IKEEXT          (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
15:51:47.0200 3788        IKEEXT - ok
15:51:47.0263 3788        intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
15:51:47.0294 3788        intelide - ok
15:51:47.0310 3788        intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
15:51:47.0388 3788        intelppm - ok
15:51:47.0450 3788        IPBusEnum      (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
15:51:47.0544 3788        IPBusEnum - ok
15:51:47.0637 3788        IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:51:47.0715 3788        IpFilterDriver - ok
15:51:47.0715 3788        IpInIp - ok
15:51:47.0746 3788        IPMIDRV        (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
15:51:47.0871 3788        IPMIDRV - ok
15:51:47.0887 3788        IPNAT          (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
15:51:47.0949 3788        IPNAT - ok
15:51:47.0965 3788        IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
15:51:48.0027 3788        IRENUM - ok
15:51:48.0074 3788        isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
15:51:48.0090 3788        isapnp - ok
15:51:48.0152 3788        iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
15:51:48.0183 3788        iScsiPrt - ok
15:51:48.0199 3788        iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
15:51:48.0214 3788        iteatapi - ok
15:51:48.0246 3788        iteraid        (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
15:51:48.0277 3788        iteraid - ok
15:51:48.0324 3788        k57nd60a        (eb5c7891b9e6e4a1a4428f2160b12b53) C:\Windows\system32\DRIVERS\k57nd60a.sys
15:51:48.0402 3788        k57nd60a - ok
15:51:48.0433 3788        kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
15:51:48.0448 3788        kbdclass - ok
15:51:48.0480 3788        kbdhid          (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:51:48.0542 3788        kbdhid - ok
15:51:48.0620 3788        KeyIso          (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:51:48.0682 3788        KeyIso - ok
15:51:48.0807 3788        KSecDD          (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
15:51:48.0838 3788        KSecDD - ok
15:51:48.0901 3788        ksthunk        (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
15:51:48.0979 3788        ksthunk - ok
15:51:49.0057 3788        KtmRm          (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
15:51:49.0228 3788        KtmRm - ok
15:51:49.0291 3788        LanmanServer    (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
15:51:49.0338 3788        LanmanServer - ok
15:51:49.0416 3788        LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
15:51:49.0478 3788        LanmanWorkstation - ok
15:51:49.0494 3788        lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
15:51:49.0572 3788        lltdio - ok
15:51:49.0650 3788        lltdsvc        (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
15:51:49.0728 3788        lltdsvc - ok
15:51:49.0774 3788        lmhosts        (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
15:51:49.0868 3788        lmhosts - ok
15:51:49.0946 3788        LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
15:51:50.0071 3788        LSI_FC - ok
15:51:50.0118 3788        LSI_SAS        (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
15:51:50.0149 3788        LSI_SAS - ok
15:51:50.0164 3788        LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
15:51:50.0227 3788        LSI_SCSI - ok
15:51:50.0258 3788        luafv          (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
15:51:50.0367 3788        luafv - ok
15:51:50.0414 3788        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:51:50.0430 3788        MBAMProtector - ok
15:51:50.0539 3788        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:51:50.0586 3788        MBAMService - ok
15:51:50.0648 3788        Mcx2Svc        (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
15:51:50.0679 3788        Mcx2Svc - ok
15:51:50.0804 3788        MDM            (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
15:51:50.0835 3788        MDM ( UnsignedFile.Multi.Generic ) - warning
15:51:50.0835 3788        MDM - detected UnsignedFile.Multi.Generic (1)
15:51:50.0882 3788        megasas        (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
15:51:50.0898 3788        megasas - ok
15:51:51.0007 3788        MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
15:51:51.0054 3788        MegaSR - ok
15:51:51.0132 3788        Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:51:51.0147 3788        Microsoft Office Groove Audit Service - ok
15:51:51.0163 3788        MMCSS          (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:51:51.0256 3788        MMCSS - ok
15:51:51.0303 3788        Modem          (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
15:51:51.0381 3788        Modem - ok
15:51:51.0412 3788        monitor        (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
15:51:51.0475 3788        monitor - ok
15:51:51.0522 3788        mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
15:51:51.0553 3788        mouclass - ok
15:51:51.0584 3788        mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
15:51:51.0662 3788        mouhid - ok
15:51:51.0678 3788        MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
15:51:51.0709 3788        MountMgr - ok
15:51:51.0740 3788        mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
15:51:51.0771 3788        mpio - ok
15:51:51.0818 3788        mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
15:51:51.0865 3788        mpsdrv - ok
15:51:51.0896 3788        Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
15:51:51.0912 3788        Mraid35x - ok
15:51:51.0958 3788        MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
15:51:52.0021 3788        MRxDAV - ok
15:51:52.0083 3788        mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:51:52.0130 3788        mrxsmb - ok
15:51:52.0224 3788        mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:51:52.0333 3788        mrxsmb10 - ok
15:51:52.0348 3788        mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:51:52.0411 3788        mrxsmb20 - ok
15:51:52.0426 3788        msahci          (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
15:51:52.0458 3788        msahci - ok
15:51:52.0473 3788        msdsm          (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
15:51:52.0504 3788        msdsm - ok
15:51:52.0536 3788        MSDTC          (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
15:51:52.0598 3788        MSDTC - ok
15:51:52.0723 3788        Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
15:51:52.0785 3788        Msfs - ok
15:51:52.0816 3788        msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
15:51:52.0832 3788        msisadrv - ok
15:51:52.0926 3788        MSiSCSI        (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
15:51:53.0004 3788        MSiSCSI - ok
15:51:53.0004 3788        msiserver - ok
15:51:53.0035 3788        MSKSSRV        (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
15:51:53.0113 3788        MSKSSRV - ok
15:51:53.0113 3788        MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
15:51:53.0206 3788        MSPCLOCK - ok
15:51:53.0222 3788        MSPQM          (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
15:51:53.0284 3788        MSPQM - ok
15:51:53.0378 3788        MsRPC          (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
15:51:53.0425 3788        MsRPC - ok
15:51:53.0440 3788        mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
15:51:53.0472 3788        mssmbios - ok
15:51:53.0487 3788        MSTEE          (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
15:51:53.0565 3788        MSTEE - ok
15:51:53.0596 3788        Mup            (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
15:51:53.0628 3788        Mup - ok
15:51:53.0706 3788        napagent        (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
15:51:53.0815 3788        napagent - ok
15:51:53.0908 3788        NativeWifiP    (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
15:51:53.0986 3788        NativeWifiP - ok
15:51:54.0142 3788        NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
15:51:54.0236 3788        NDIS - ok
15:51:54.0283 3788        NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
15:51:54.0330 3788        NdisTapi - ok
15:51:54.0345 3788        Ndisuio        (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
15:51:54.0408 3788        Ndisuio - ok
15:51:54.0470 3788        NdisWan        (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
15:51:54.0532 3788        NdisWan - ok
15:51:54.0564 3788        NDProxy        (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
15:51:54.0626 3788        NDProxy - ok
15:51:54.0673 3788        NetBIOS        (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
15:51:54.0766 3788        NetBIOS - ok
15:51:54.0829 3788        netbt          (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
15:51:54.0891 3788        netbt - ok
15:51:54.0922 3788        Netlogon        (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:51:54.0954 3788        Netlogon - ok
15:51:55.0047 3788        Netman          (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
15:51:55.0156 3788        Netman - ok
15:51:55.0203 3788        netprofm        (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
15:51:55.0297 3788        netprofm - ok
15:51:55.0422 3788        NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:51:55.0468 3788        NetTcpPortSharing - ok
15:51:55.0500 3788        nfrd960        (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
15:51:55.0531 3788        nfrd960 - ok
15:51:55.0593 3788        NlaSvc          (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
15:51:55.0671 3788        NlaSvc - ok
15:51:55.0687 3788        Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
15:51:55.0749 3788        Npfs - ok
15:51:55.0812 3788        nsi            (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
15:51:55.0890 3788        nsi - ok
15:51:56.0092 3788        nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
15:51:56.0155 3788        nsiproxy - ok
15:51:56.0373 3788        Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
15:51:56.0576 3788        Ntfs - ok
15:51:57.0262 3788        Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
15:51:57.0325 3788        Null - ok
15:51:57.0450 3788        nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
15:51:57.0481 3788        nvraid - ok
15:51:57.0559 3788        nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
15:51:57.0574 3788        nvstor - ok
15:51:57.0606 3788        nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
15:51:57.0637 3788        nv_agp - ok
15:51:57.0637 3788        NwlnkFlt - ok
15:51:57.0652 3788        NwlnkFwd - ok
15:51:57.0730 3788        OA008Ufd        (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA008Ufd.sys
15:51:57.0777 3788        OA008Ufd - ok
15:51:57.0886 3788        OA008Vid        (126885007e8f601861165fc77c93f1be) C:\Windows\system32\DRIVERS\OA008Vid.sys
15:51:57.0933 3788        OA008Vid - ok
15:51:58.0167 3788        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:51:58.0230 3788        odserv - ok
15:51:58.0308 3788        ohci1394        (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
15:51:58.0354 3788        ohci1394 - ok
15:51:58.0401 3788        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:51:58.0417 3788        ose - ok
15:51:58.0604 3788        p2pimsvc        (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:51:58.0713 3788        p2pimsvc - ok
15:51:58.0729 3788        p2psvc          (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:51:58.0776 3788        p2psvc - ok
15:51:58.0854 3788        Parport        (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
15:51:59.0010 3788        Parport - ok
15:51:59.0150 3788        partmgr        (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
15:51:59.0166 3788        partmgr - ok
15:51:59.0275 3788        PcaSvc          (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
15:51:59.0306 3788        PcaSvc - ok
15:51:59.0337 3788        pccsmcfd - ok
15:51:59.0337 3788        PCD5SRVC{048DBD20-445E8C82-05040104} - ok
15:51:59.0524 3788        PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
15:51:59.0556 3788        PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
15:51:59.0680 3788        pci            (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
15:51:59.0712 3788        pci - ok
15:51:59.0774 3788        pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
15:51:59.0805 3788        pciide - ok
15:51:59.0821 3788        pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
15:51:59.0852 3788        pcmcia - ok
15:51:59.0977 3788        PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
15:52:00.0133 3788        PEAUTH - ok
15:52:00.0289 3788        PerfHost        (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
15:52:00.0351 3788        PerfHost - ok
15:52:00.0554 3788        pla            (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
15:52:00.0788 3788        pla - ok
15:52:00.0882 3788        PlugPlay        (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
15:52:00.0944 3788        PlugPlay - ok
15:52:01.0116 3788        PNRPAutoReg    (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:52:01.0209 3788        PNRPAutoReg - ok
15:52:01.0240 3788        PNRPsvc        (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
15:52:01.0318 3788        PNRPsvc - ok
15:52:01.0443 3788        PolicyAgent    (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
15:52:01.0584 3788        PolicyAgent - ok
15:52:01.0708 3788        PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
15:52:01.0771 3788        PptpMiniport - ok
15:52:01.0833 3788        Processor      (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
15:52:01.0896 3788        Processor - ok
15:52:01.0942 3788        ProfSvc        (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
15:52:02.0036 3788        ProfSvc - ok
15:52:02.0114 3788        ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:52:02.0130 3788        ProtectedStorage - ok
15:52:02.0176 3788        PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
15:52:02.0223 3788        PSched - ok
15:52:02.0270 3788        PxHlpa64        (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
15:52:02.0286 3788        PxHlpa64 - ok
15:52:02.0488 3788        ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
15:52:02.0629 3788        ql2300 - ok
15:52:02.0644 3788        ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
15:52:02.0660 3788        ql40xx - ok
15:52:02.0785 3788        QWAVE          (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
15:52:02.0878 3788        QWAVE - ok
15:52:02.0941 3788        QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
15:52:02.0956 3788        QWAVEdrv - ok
15:52:03.0471 3788        R300            (cef278088637401f07a0064b0b900a32) C:\Windows\system32\DRIVERS\atikmdag.sys
15:52:03.0627 3788        R300 - ok
15:52:03.0830 3788        RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
15:52:03.0908 3788        RasAcd - ok
15:52:03.0970 3788        RasAuto        (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
15:52:04.0048 3788        RasAuto - ok
15:52:04.0095 3788        Rasl2tp        (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:52:04.0158 3788        Rasl2tp - ok
15:52:04.0220 3788        RasMan          (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
15:52:04.0314 3788        RasMan - ok
15:52:04.0438 3788        RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
15:52:04.0548 3788        RasPppoe - ok
15:52:04.0563 3788        RasSstp        (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
15:52:04.0594 3788        RasSstp - ok
15:52:04.0641 3788        rdbss          (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
15:52:04.0735 3788        rdbss - ok
15:52:04.0750 3788        RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:52:04.0813 3788        RDPCDD - ok
15:52:04.0875 3788        rdpdr          (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
15:52:04.0969 3788        rdpdr - ok
15:52:04.0969 3788        RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
15:52:05.0031 3788        RDPENCDD - ok
15:52:05.0109 3788        RDPWD          (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
15:52:05.0218 3788        RDPWD - ok
15:52:05.0250 3788        RemoteAccess    (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
15:52:05.0359 3788        RemoteAccess - ok
15:52:05.0437 3788        RemoteRegistry  (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
15:52:05.0546 3788        RemoteRegistry - ok
15:52:05.0749 3788        RichVideo      (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
15:52:05.0780 3788        RichVideo - ok
15:52:05.0827 3788        rimmptsk        (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
15:52:05.0858 3788        rimmptsk - ok
15:52:05.0920 3788        rimsptsk        (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
15:52:05.0952 3788        rimsptsk - ok
15:52:05.0998 3788        rismxdp        (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
15:52:06.0030 3788        rismxdp - ok
15:52:06.0045 3788        RpcLocator      (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
15:52:06.0076 3788        RpcLocator - ok
15:52:06.0186 3788        RpcSs          (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
15:52:06.0248 3788        RpcSs - ok
15:52:06.0295 3788        rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
15:52:06.0357 3788        rspndr - ok
15:52:06.0404 3788        SamSs          (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
15:52:06.0435 3788        SamSs - ok
15:52:06.0498 3788        sbp2port        (8c8862dc7417d89b375492c981c491f7) C:\Windows\system32\DRIVERS\sbp2port.sys
15:52:06.0529 3788        sbp2port - ok
15:52:06.0591 3788        SCardSvr        (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
15:52:06.0669 3788        SCardSvr - ok
15:52:06.0810 3788        Schedule        (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
15:52:06.0981 3788        Schedule - ok
15:52:07.0059 3788        SCPolicySvc    (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
15:52:07.0106 3788        SCPolicySvc - ok
15:52:07.0168 3788        sdbus          (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
15:52:07.0278 3788        sdbus - ok
15:52:07.0324 3788        SDRSVC          (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
15:52:07.0402 3788        SDRSVC - ok
15:52:07.0418 3788        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:52:07.0527 3788        secdrv - ok
15:52:07.0558 3788        seclogon        (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
15:52:07.0683 3788        seclogon - ok
15:52:07.0730 3788        SENS            (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
15:52:07.0839 3788        SENS - ok
15:52:07.0902 3788        Serenum        (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
15:52:07.0995 3788        Serenum - ok
15:52:08.0042 3788        Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
15:52:08.0198 3788        Serial - ok
15:52:08.0214 3788        sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
15:52:08.0307 3788        sermouse - ok
15:52:08.0370 3788        SessionEnv      (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
15:52:08.0432 3788        SessionEnv - ok
15:52:08.0494 3788        sffdisk        (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys
15:52:08.0526 3788        sffdisk - ok
15:52:08.0557 3788        sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
15:52:08.0619 3788        sffp_mmc - ok
15:52:08.0650 3788        sffp_sd        (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:52:08.0713 3788        sffp_sd - ok
15:52:08.0775 3788        sfloppy        (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
15:52:08.0869 3788        sfloppy - ok
15:52:09.0134 3788        SftService      (38f88f0df46c4d42125ef721abd7f6b9) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
15:52:09.0165 3788        SftService - ok
15:52:09.0243 3788        ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
15:52:09.0274 3788        ShellHWDetection - ok
15:52:09.0321 3788        SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
15:52:09.0337 3788        SiSRaid2 - ok
15:52:09.0384 3788        SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
15:52:09.0415 3788        SiSRaid4 - ok
15:52:09.0742 3788        slsvc          (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
15:52:09.0976 3788        slsvc - ok
15:52:10.0226 3788        SLUINotify      (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
15:52:10.0257 3788        SLUINotify - ok
15:52:10.0382 3788        Smb            (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
15:52:10.0460 3788        Smb - ok
15:52:10.0538 3788        SNMPTRAP        (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
15:52:10.0569 3788        SNMPTRAP - ok
15:52:10.0647 3788        spldr          (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
15:52:10.0663 3788        spldr - ok
15:52:10.0741 3788        Spooler        (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
15:52:10.0803 3788        Spooler - ok
15:52:10.0944 3788        sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
15:52:11.0053 3788        sptd - ok
15:52:11.0131 3788        srv            (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
15:52:11.0209 3788        srv - ok
15:52:11.0271 3788        srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
15:52:11.0349 3788        srv2 - ok
15:52:11.0365 3788        srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
15:52:11.0396 3788        srvnet - ok
15:52:11.0427 3788        ssadbus        (d52282225d5bd73a9cbf420699d1a0fe) C:\Windows\system32\DRIVERS\ssadbus.sys
15:52:11.0490 3788        ssadbus - ok
15:52:11.0505 3788        ssadmdfl        (f7936ac6e8437e10e1ae488ce21f3086) C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:52:11.0536 3788        ssadmdfl - ok
15:52:11.0568 3788        ssadmdm        (1fe033372a58c67b3ecca903fc637b36) C:\Windows\system32\DRIVERS\ssadmdm.sys
15:52:11.0599 3788        ssadmdm - ok
15:52:11.0630 3788        ssadserd        (5eb7da2f72b90c8398df9d7a82e43fcb) C:\Windows\system32\DRIVERS\ssadserd.sys
15:52:11.0677 3788        ssadserd - ok
15:52:11.0755 3788        sscdbus        (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
15:52:11.0786 3788        sscdbus - ok
15:52:11.0817 3788        sscdmdfl        (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:52:11.0833 3788        sscdmdfl - ok
15:52:11.0880 3788        sscdmdm        (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
15:52:11.0895 3788        sscdmdm - ok
15:52:11.0989 3788        SSDPSRV        (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
15:52:12.0051 3788        SSDPSRV - ok
15:52:12.0114 3788        SstpSvc        (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
15:52:12.0176 3788        SstpSvc - ok
15:52:12.0332 3788        STacSV          (c5df63ae2693c9b6b01b4a2e6c1c64ac) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
15:52:12.0379 3788        STacSV - ok
15:52:12.0488 3788        STHDA          (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
15:52:12.0597 3788        STHDA - ok
15:52:12.0691 3788        stisvc          (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
15:52:12.0831 3788        stisvc - ok
15:52:12.0940 3788        stllssvr        (1d0063597c3666404fcf97698abeb019) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:52:12.0956 3788        stllssvr - ok
15:52:13.0003 3788        swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
15:52:13.0018 3788        swenum - ok
15:52:13.0112 3788        swprv          (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
15:52:13.0174 3788        swprv - ok
15:52:13.0315 3788        Symc8xx        (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
15:52:13.0346 3788        Symc8xx - ok
15:52:13.0393 3788        Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
15:52:13.0424 3788        Sym_hi - ok
15:52:13.0471 3788        Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
15:52:13.0486 3788        Sym_u3 - ok
15:52:13.0580 3788        SynTP          (79a93ec9d224b1f43c0e2f023d61dca3) C:\Windows\system32\DRIVERS\SynTP.sys
15:52:13.0611 3788        SynTP - ok
15:52:13.0736 3788        SysMain        (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
15:52:13.0939 3788        SysMain - ok
15:52:13.0986 3788        TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
15:52:14.0079 3788        TabletInputService - ok
15:52:14.0110 3788        taphss          (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
15:52:14.0126 3788        taphss - ok
15:52:14.0204 3788        TapiSrv        (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
15:52:14.0282 3788        TapiSrv - ok
15:52:14.0329 3788        TBS            (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
15:52:14.0391 3788        TBS - ok
15:52:14.0610 3788        Tcpip          (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
15:52:14.0797 3788        Tcpip - ok
15:52:15.0202 3788        Tcpip6          (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
15:52:15.0327 3788        Tcpip6 - ok
15:52:15.0530 3788        tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
15:52:15.0577 3788        tcpipreg - ok
15:52:15.0655 3788        TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
15:52:15.0717 3788        TDPIPE - ok
15:52:15.0748 3788        TDTCP          (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
15:52:15.0811 3788        TDTCP - ok
15:52:15.0873 3788        tdx            (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
15:52:15.0967 3788        tdx - ok
15:52:16.0029 3788        TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
15:52:16.0060 3788        TermDD - ok
15:52:16.0170 3788        TermService    (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
15:52:16.0279 3788        TermService - ok
15:52:16.0372 3788        Themes          (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
15:52:16.0404 3788        Themes - ok
15:52:16.0482 3788        THREADORDER    (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
15:52:16.0544 3788        THREADORDER - ok
15:52:16.0591 3788        TrkWks          (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
15:52:16.0684 3788        TrkWks - ok
15:52:16.0731 3788        TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
15:52:16.0778 3788        TrustedInstaller - ok
15:52:16.0809 3788        tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:52:16.0872 3788        tssecsrv - ok
15:52:16.0950 3788        tunmp          (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
15:52:17.0028 3788        tunmp - ok
15:52:17.0074 3788        tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
15:52:17.0090 3788        tunnel - ok
15:52:17.0121 3788        uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
15:52:17.0152 3788        uagp35 - ok
15:52:17.0246 3788        udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
15:52:17.0355 3788        udfs - ok
15:52:17.0418 3788        UI0Detect      (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
15:52:17.0480 3788        UI0Detect - ok
15:52:17.0527 3788        uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
15:52:17.0542 3788        uliagpkx - ok
15:52:17.0574 3788        uliahci        (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
15:52:17.0605 3788        uliahci - ok
15:52:17.0636 3788        UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
15:52:17.0698 3788        UlSata - ok
15:52:17.0745 3788        ulsata2        (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
15:52:17.0792 3788        ulsata2 - ok
15:52:17.0823 3788        umbus          (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
15:52:17.0886 3788        umbus - ok
15:52:17.0948 3788        upnphost        (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
15:52:18.0182 3788        upnphost - ok
15:52:18.0244 3788        usbccgp        (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
15:52:18.0307 3788        usbccgp - ok
15:52:18.0322 3788        usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
15:52:18.0416 3788        usbcir - ok
15:52:18.0463 3788        usbehci        (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
15:52:18.0541 3788        usbehci - ok
15:52:18.0619 3788        usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
15:52:18.0744 3788        usbhub - ok
15:52:18.0759 3788        usbohci        (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
15:52:18.0853 3788        usbohci - ok
15:52:18.0900 3788        usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
15:52:18.0946 3788        usbprint - ok
15:52:19.0134 3788        usbscan        (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
15:52:19.0196 3788        usbscan - ok
15:52:19.0258 3788        usbser          (f7386007fb19e7685fc7b298560aa81f) C:\Windows\system32\DRIVERS\usbser.sys
15:52:19.0305 3788        usbser - ok
15:52:19.0352 3788        USBSTOR        (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:52:19.0446 3788        USBSTOR - ok
15:52:19.0492 3788        usbuhci        (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
15:52:19.0539 3788        usbuhci - ok
15:52:19.0617 3788        UxSms          (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
15:52:19.0664 3788        UxSms - ok
15:52:19.0836 3788        vds            (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
15:52:19.0898 3788        vds - ok
15:52:19.0945 3788        vga            (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
15:52:20.0085 3788        vga - ok
15:52:20.0101 3788        VgaSave        (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
15:52:20.0194 3788        VgaSave - ok
15:52:20.0241 3788        viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
15:52:20.0272 3788        viaide - ok
15:52:20.0319 3788        volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
15:52:20.0350 3788        volmgr - ok
15:52:20.0428 3788        volmgrx        (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
15:52:20.0475 3788        volmgrx - ok
15:52:20.0538 3788        volsnap        (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
15:52:20.0569 3788        volsnap - ok
15:52:20.0631 3788        vsmraid        (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
15:52:20.0662 3788        vsmraid - ok
15:52:20.0881 3788        VSS            (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
15:52:21.0068 3788        VSS - ok
15:52:21.0208 3788        W32Time        (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
15:52:21.0286 3788        W32Time - ok
15:52:21.0333 3788        WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
15:52:21.0427 3788        WacomPen - ok
15:52:21.0474 3788        Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:21.0567 3788        Wanarp - ok
15:52:21.0583 3788        Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
15:52:21.0630 3788        Wanarpv6 - ok
15:52:21.0692 3788        wcncsvc        (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
15:52:21.0723 3788        wcncsvc - ok
15:52:21.0754 3788        WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
15:52:21.0801 3788        WcsPlugInService - ok
15:52:21.0832 3788        Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
15:52:21.0864 3788        Wd - ok
15:52:21.0973 3788        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:52:22.0035 3788        Wdf01000 - ok
15:52:22.0082 3788        WdiServiceHost  (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:52:22.0176 3788        WdiServiceHost - ok
15:52:22.0191 3788        WdiSystemHost  (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
15:52:22.0269 3788        WdiSystemHost - ok
15:52:22.0332 3788        WebClient      (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
15:52:22.0410 3788        WebClient - ok
15:52:22.0456 3788        Wecsvc          (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
15:52:22.0534 3788        Wecsvc - ok
15:52:22.0550 3788        wercplsupport  (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
15:52:22.0597 3788        wercplsupport - ok
15:52:22.0628 3788        WerSvc          (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
15:52:22.0722 3788        WerSvc - ok
15:52:22.0815 3788        WimFltr        (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
15:52:22.0846 3788        WimFltr - ok
15:52:22.0846 3788        WinHttpAutoProxySvc - ok
15:52:22.0956 3788        Winmgmt        (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
15:52:23.0080 3788        Winmgmt - ok
15:52:23.0330 3788        WinRM          (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
15:52:23.0455 3788        WinRM - ok
15:52:23.0704 3788        Wlansvc        (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
15:52:23.0814 3788        Wlansvc - ok
15:52:23.0814 3788        wltrysvc - ok
15:52:23.0860 3788        WmiAcpi        (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:52:23.0892 3788        WmiAcpi - ok
15:52:23.0985 3788        wmiApSrv        (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
15:52:24.0032 3788        wmiApSrv - ok
15:52:24.0094 3788        WMPNetworkSvc - ok
15:52:24.0250 3788        WPCSvc          (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
15:52:24.0282 3788        WPCSvc - ok
15:52:24.0500 3788        WPDBusEnum      (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
15:52:24.0547 3788        WPDBusEnum - ok
15:52:24.0594 3788        WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
15:52:24.0609 3788        WpdUsb - ok
15:52:24.0968 3788        WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:52:25.0077 3788        WPFFontCache_v0400 - ok
15:52:25.0124 3788        ws2ifsl        (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
15:52:25.0218 3788        ws2ifsl - ok
15:52:25.0218 3788        WSearch - ok
15:52:25.0561 3788        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:52:25.0810 3788        wuauserv - ok
15:52:26.0122 3788        WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:52:26.0216 3788        WUDFRd - ok
15:52:26.0341 3788        wudfsvc        (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
15:52:26.0419 3788        wudfsvc - ok
15:52:26.0481 3788        MBR (0x1B8)    (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
15:52:28.0962 3788        \Device\Harddisk0\DR0 - ok
15:52:29.0008 3788        Boot (0x1200)  (11e0a8b220cf7cc09f6c2d15f0807d57) \Device\Harddisk0\DR0\Partition0
15:52:29.0008 3788        \Device\Harddisk0\DR0\Partition0 - ok
15:52:29.0040 3788        Boot (0x1200)  (7bde9048671208b939c218667ed213a4) \Device\Harddisk0\DR0\Partition1
15:52:29.0040 3788        \Device\Harddisk0\DR0\Partition1 - ok
15:52:29.0040 3788        ============================================================
15:52:29.0040 3788        Scan finished
15:52:29.0040 3788        ============================================================
15:52:29.0071 1496        Detected object count: 4
15:52:29.0071 1496        Actual detected object count: 4
15:52:47.0962 1496        Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:47.0962 1496        Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:47.0962 1496        DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:47.0962 1496        DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:47.0962 1496        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:47.0962 1496        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:52:47.0978 1496        MDM ( UnsignedFile.Multi.Generic ) - skipped by user
15:52:47.0978 1496        MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 21.06.2012 15:27
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

kjkjjj1108 21.06.2012 15:59
Hilfe!
Habe gemacht, worum Du mich gebeten hast. Vor allem alle Virenscanner geschlossen (Echtzeitscanner deaktiviert). Dann habe ich Combofix gestartet. Das lief los und gab dann die "Achtung"-Meldung, dass Avira Desktop aktiv sei. Ich habe daraufhin Avira überprüft und auf okay geklickt. Jetzt meldet ComboFix:
Zitat:
antivirus: Avira Desktop
antispyware: Avira Desktop

Die obigen Real Time Scanner sind immer noch aktiv aber ComboFix wird trotzdem mit dem Suchlauf fortfahren. Bitte nehme zur Kenntnis, dass dies in eigener Verantwortung geschieht.
Meine einzige Option ist das Klicken auf OK.
Was muss ich tun?

- Mittlerweile hast Du Feierabend gemacht, darum lasse ich jetzt einfach mal den Rechner so stehen und hoffe auf morgen früh...

Danke Ilka

cosinus 21.06.2012 18:49
Wenn AntiVir deaktiviert wurde kannst du diese Meldung ignorieren und CF werkeln lassen

kjkjjj1108 22.06.2012 06:16
Guten morgen,

ComboFix ist jetzt durchgelaufen.
Hier das LogFile:
Code:
ComboFix 12-06-21.02 - *** 21.06.2012  22:53:43.1.2 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.4090.2456 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\100.jpg
c:\users\***\2011.cpr
c:\users\***\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
c:\users\INGOBU~1\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
c:\windows\SysWow64\muzapp.exe
.
c:\windows\system32\Services.exe . . . ist infiziert!!
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-22 bis 2012-06-22  ))))))))))))))))))))))))))))))
.
.
2012-06-21 21:39 . 2012-06-21 21:39        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-21 09:56 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-21 09:56 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-21 09:56 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-21 09:56 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-21 09:55 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-21 09:55 . 2012-06-02 22:19        35864        ----a-w-        c:\windows\SysWow64\wups.dll
2012-06-21 09:55 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-21 09:55 . 2012-06-02 22:19        577048        ----a-w-        c:\windows\SysWow64\wuapi.dll
2012-06-21 09:55 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-21 09:55 . 2012-06-02 22:12        88576        ----a-w-        c:\windows\SysWow64\wudriver.dll
2012-06-21 09:54 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-21 09:54 . 2012-06-02 13:19        171904        ----a-w-        c:\windows\SysWow64\wuwebv.dll
2012-06-21 09:54 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-21 09:54 . 2012-06-02 13:12        33792        ----a-w-        c:\windows\SysWow64\wuapp.exe
2012-06-21 09:54 . 2012-06-21 09:54        --------        d-----w-        C:\_OTL
2012-06-20 09:57 . 2012-06-20 09:57        --------        d-sh--w-        c:\windows\system32\%APPDATA%
2012-06-15 18:58 . 2012-06-15 18:58        --------        d-----w-        c:\program files (x86)\ESET
2012-06-15 17:35 . 2012-06-15 17:35        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-06-15 17:35 . 2012-06-15 17:35        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-15 17:35 . 2012-06-15 17:35        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-15 17:35 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-13 17:06 . 2012-05-01 14:29        209920        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-06-13 17:06 . 2012-05-15 20:15        2767360        ----a-w-        c:\windows\system32\win32k.sys
2012-06-13 17:06 . 2012-04-23 16:25        174592        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-06-13 17:06 . 2012-04-23 16:25        132096        ----a-w-        c:\windows\system32\cryptnet.dll
2012-06-13 17:06 . 2012-04-23 16:25        1267200        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-13 17:06 . 2012-04-23 16:00        984064        ----a-w-        c:\windows\SysWow64\crypt32.dll
2012-06-13 17:06 . 2012-04-23 16:00        98304        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2012-06-13 17:06 . 2012-04-23 16:00        133120        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2012-06-12 09:47 . 2012-05-08 17:02        8955792        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{20BA1C2A-424C-4CD2-82AC-A47234EEA27D}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 10:52 . 2012-04-12 07:33        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 10:52 . 2011-08-14 20:13        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-08 17:53 . 2011-10-23 20:08        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-08 17:53 . 2011-10-23 20:08        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-06 17:28 . 2012-04-12 08:36        8744608        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-03 08:22 . 2012-05-11 18:11        4699520        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-30 12:45 . 2012-05-11 18:12        1423744        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2009-08-16 11:08 . 2009-09-09 16:19        34119048        ----a-w-        c:\program files\avira_antivir_personal_de.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-04-10 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[7] 2008-01-21 . DFAC660F0F139276CC9299812DE42719 . 384512 . . [6.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[-] 2009-04-10 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-11-08 929168]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-11-08 3508624]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-08 21392]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-11-11 442536]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-18 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-8 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257224]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 10:52]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 19:55]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-01 19:55]
.
2012-06-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
.
2012-06-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-25 1657128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2008-09-26 2041112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.berlin.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Hotspot Shield\bin\hsswd.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe
c:\windows\SysWOW64\conime.exe
c:\program files (x86)\Hotspot Shield\bin\openvpntray.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-22  06:38:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-22 04:38
.
Vor Suchlauf: 21 Verzeichnis(se), 43.474.329.600 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 42.840.285.184 Bytes frei
.
- - End Of File - - CD4734BFBC3D9213ACC9BA3F5F2F09CC


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:01 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131