Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GUV Trojaner / Auswertung OTL logfiles (https://www.trojaner-board.de/130606-guv-trojaner-auswertung-otl-logfiles.html)

Steve123 04.02.2013 13:08
GUV Trojaner / Auswertung OTL logfiles
 
Hallo Trojaner-board team,

wie viele Andere hier habe ich mir letzte Woche auch den GUV Trojaner eingefangen. Wie im Forum vorgeschlagen habe ich mir OTL über eine Rescue Disc auf den infizierten Rechner geladen und den Scan wie beschrieben laufen lassen.

Hier der Inhalt der OTL.txt datei (eine extra.txt konnte ich auf c: leider nicht finden).

Code:
OTL logfile created on: 2/4/2013 12:17:57 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 359.62 Gb Total Space | 224.36 Gb Free Space | 62.39% Space Free | Partition Type: NTFS
Drive D: | 3.80 Gb Total Space | 3.80 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/01/31 06:11:06 | 002,561,488 | ---- | M] () [Auto] -- C:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe -- (Browser Manager)
SRV - [2013/01/28 14:34:15 | 000,184,832 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Users\Nora\wgsdgsdgdsgsd.exe -- (Winmgmt)
SRV - [2012/12/13 11:31:24 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/12/13 11:30:34 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/10/02 06:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 07:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2010/03/18 04:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/25 07:40:16 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/21 22:33:20 | 000,303,104 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/11/05 12:32:28 | 000,203,624 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/10/21 04:52:38 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/10/21 04:52:38 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/10/21 04:52:36 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/10/17 12:16:54 | 000,415,584 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/10/17 05:28:57 | 000,102,400 | ---- | M] (Realtek Semiconductor) [Auto] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/10/01 12:18:48 | 000,369,952 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/09/19 04:06:22 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/09/18 04:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/11 13:28:26 | 000,446,464 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/09/08 03:59:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/09/08 03:59:54 | 000,192,512 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/09/08 03:59:52 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/08/20 10:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 10:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/07/09 08:43:14 | 000,131,072 | ---- | M] (AccSys GmbH) [Auto] -- C:\Program Files\Common Files\AccSys\accvssvc.exe -- (accvssvc)
SRV - [2008/05/19 19:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/19 19:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/19 19:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/10 18:45:04 | 000,124,832 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/01/04 13:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2012/12/13 11:31:36 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/12/13 11:31:35 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/12/05 10:23:32 | 000,073,544 | ---- | M] (Citrix Systems, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2012/11/13 11:54:13 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 08:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/10/23 19:06:27 | 000,150,560 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/10/22 19:02:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/10/22 19:02:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/09/29 19:04:57 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/24 19:44:13 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/08/28 17:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/08/22 10:22:42 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/08/21 19:06:22 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/06/06 19:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/24 08:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/24 21:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/05 08:37:14 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | Auto] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007/04/17 14:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto] -- C:\Windows\System32\drivers\regi.sys -- (regi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Nora_ON_C\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114508&tl=gbn193047&tt=4412_4&babsrc=HP_clro&mntrId=e6af4b2500000000000000215df0a852
IE - HKU\Nora_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKU\Nora_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\Nora_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Nora_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Nora_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Nora_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Nora_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.3.48.6: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: 
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nora\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nora\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nora\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/01 08:10:10 | 000,000,000 | ---D | M]
 
[2012/10/30 13:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nora\AppData\Roaming\Mozilla\Extensions
[2012/10/30 13:19:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nora\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2012/10/30 12:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/30 12:54:16 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2012/10/30 12:54:16 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2012/10/30 12:54:16 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2012/10/30 12:54:16 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2012/10/30 12:54:16 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2012/10/30 12:54:16 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2012/10/30 12:54:16 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files\Claro LTD\claro\1.8.3.10\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (Savings Sidekick) - {11111111-1111-1111-1111-110011501160} - C:\Program Files\Savings Sidekick\Savings Sidekick.dll (215 Apps)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files\Claro LTD\claro\1.8.3.10\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKU\Nora_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Nora_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CitrixReceiver]  File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Nora_ON_C..\Run: [Facebook Update] C:\Users\Nora\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Nora_ON_C..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\Nora_ON_C..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\Nora_ON_C..\Run: [pasui]  File not found
O4 - HKU\Nora_ON_C..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - Startup: C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O4 - Startup: C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O7 - HKU\Nora_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://xs1.nibc.com/CitrixSessionInit/ICAWEB/icaweb.cab (Citrix ICA Client)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261123~1.78\{61d8b~1\browse~1.dll) - C:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{cb101934-ce32-11df-81c2-001dbaadb8ff}\Shell - "" = AutoRun
O33 - MountPoints2\{cb101934-ce32-11df-81c2-001dbaadb8ff}\Shell\AutoRun\command - "" = H:\Startme.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/01/23 12:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Citrix
[2013/01/23 12:51:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/20 17:39:45 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/01/20 17:39:43 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/20 17:39:41 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Users\Nora\AppData\Roaming\*.tmp files -> C:\Users\Nora\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/04 04:28:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/02 06:06:37 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013/02/02 05:46:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/02 05:46:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/02 04:55:49 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/02/02 04:55:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2013/01/28 14:34:19 | 000,002,864 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/28 14:34:19 | 000,000,882 | ---- | M] () -- C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/28 13:54:12 | 000,002,631 | ---- | M] () -- C:\Users\Nora\Desktop\Microsoft Office Word 2007.lnk
[2013/01/28 12:39:24 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/23 12:55:06 | 000,001,193 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
[2013/01/23 12:50:43 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/21 07:16:11 | 000,367,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/20 21:20:10 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/01/20 21:20:10 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/20 21:20:10 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/01/20 21:20:10 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/20 17:13:42 | 000,002,037 | ---- | M] () -- C:\Users\Nora\Desktop\Google Chrome.lnk
[2013/01/20 16:59:53 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Nora.job
[2013/01/20 16:59:53 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Nora.job
[2013/01/20 16:59:53 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Nora.job
[1 C:\Users\Nora\AppData\Roaming\*.tmp files -> C:\Users\Nora\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/01/28 14:34:19 | 000,002,864 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/28 14:34:19 | 000,000,882 | ---- | C] () -- C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/28 14:34:16 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/23 12:55:06 | 000,001,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
[2012/09/07 07:31:26 | 000,000,112 | ---- | C] () -- C:\ProgramData\58w3N8B42.dat
[2012/09/07 07:31:12 | 000,000,001 | ---- | C] () -- C:\ProgramData\LMUB1fPE.exe_.b
[2012/09/07 07:31:12 | 000,000,001 | ---- | C] () -- C:\ProgramData\LMUB1fPE.exe.b
[2012/09/01 10:12:48 | 000,000,051 | ---- | C] () -- C:\ProgramData\buzrwxbjfhfycaf
[2012/05/18 14:49:25 | 000,000,016 | ---- | C] () -- C:\Users\Nora\AppData\Roaming\blckdom.res
[2012/04/12 13:19:37 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2012/04/10 13:06:01 | 000,025,773 | ---- | C] () -- C:\Users\Nora\AppData\Roaming\UserTile.png
[2011/11/27 05:20:00 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/21 12:44:28 | 000,000,005 | ---- | C] () -- C:\Users\Nora\AppData\Roaming\openList.awt
[2010/05/21 12:44:28 | 000,000,005 | ---- | C] () -- C:\Users\Nora\AppData\Roaming\closedList.awt
[2010/05/13 15:27:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/13 15:27:34 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/05/01 07:48:20 | 000,011,776 | ---- | C] () -- C:\Users\Nora\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/27 14:06:26 | 000,002,032 | ---- | C] () -- C:\Users\Nora\AppData\Local\d3d9caps.dat
[2008/12/08 08:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/12/08 08:07:41 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2008/12/08 07:27:48 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/11/25 13:42:47 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/11/25 13:42:47 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/11/25 13:42:47 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008/11/25 13:42:47 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/11/25 13:42:46 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/11/25 13:42:46 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/11/25 05:35:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/11/25 05:10:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/25 05:05:53 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/09/19 07:14:16 | 000,024,056 | ---- | C] () -- C:\Windows\System32\providers.bin
[2008/08/08 12:14:10 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/08/08 12:10:34 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/01/21 02:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 02:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 02:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 02:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,367,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2011/05/24 06:24:05 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Amazon
[2012/10/30 12:54:38 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Babylon
[2012/07/01 14:35:14 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Bepyil
[2011/09/18 12:25:44 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Citrix
[2011/12/18 14:08:21 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\DVDVideoSoft
[2012/10/30 13:19:08 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Greyfirst
[2011/09/18 15:33:09 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\ICAClient
[2012/05/25 17:55:10 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Inqeby
[2011/01/15 16:47:13 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\InterVideo
[2012/05/18 14:49:28 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Kefef
[2012/05/18 14:49:11 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\kock
[2012/11/02 10:54:31 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Luvi
[2011/09/18 12:25:43 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Netscape
[2012/04/10 13:06:01 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\PeerNetworking
[2010/10/10 12:23:58 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Sony
[2012/05/18 14:48:37 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\TeamViewer
[2012/05/19 03:14:28 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\UAs
[2012/07/07 10:53:08 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Uchau
[2012/05/19 03:14:42 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\xmldm
[2012/07/05 13:15:55 | 000,000,000 | ---D | M] -- C:\Users\Nora\AppData\Roaming\Ytub
[2012/07/23 13:55:38 | 000,000,000 | ---D | M] -- C:\ProgramData\036DFF85000932A002C8B1902F3B707C
[2012/04/12 13:19:26 | 000,000,000 | ---D | M] -- C:\ProgramData\AccSys
[2010/04/27 14:02:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/07/09 12:59:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Avanquest Bluetooth SDK
[2012/09/01 10:12:53 | 000,000,000 | ---D | M] -- C:\ProgramData\aytwtgjwbsctxrn
[2012/10/30 12:54:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2013/02/02 05:05:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager
[2013/01/23 12:55:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Citrix
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2010/04/27 14:02:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/04/27 14:02:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2012/10/30 12:54:37 | 000,000,000 | ---D | M] -- C:\ProgramData\IBUpdaterService
[2011/01/15 16:48:04 | 000,000,000 | ---D | M] -- C:\ProgramData\InterVideo
[2008/12/08 08:17:07 | 000,000,000 | ---D | M] -- C:\ProgramData\Roaming
[2012/07/08 05:20:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/04/27 14:02:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/12/08 08:06:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2010/04/27 14:02:28 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2012/05/18 14:51:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Windows
[2012/06/05 11:21:59 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2010/09/17 16:12:33 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/11/07 12:18:01 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3256999809-2769954180-380837127-1000Core.job
[2012/11/07 15:18:05 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3256999809-2769954180-380837127-1000UA.job
[2013/01/20 16:59:53 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\ReclaimerUpdateFiles_Nora.job
[2013/01/20 16:59:53 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\ReclaimerUpdateXML_Nora.job
[2013/01/20 16:59:53 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Nora.job
[2013/01/28 12:39:29 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
Vielen Dank schonmal für eure Hilfe!!!
Gruß,
Steve

markusg 04.02.2013 13:47
hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O4 - Startup: C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
[2013/02/02 06:06:37 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2013/01/28 14:34:19 | 000,002,864 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013/01/28 14:34:19 | 000,000,882 | ---- | M] () -- C:\Users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
:Files
C:\Users\Nora\wgsdgsdgdsgsd.exe
:Commands
[EMPTYFLASH]
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

Steve123 04.02.2013 14:05
Das hat schonmal super geklappt. Vielen Dank dafür! Allerdings hat sich die otl.txt nicht automatisch geöffnet. Wie kann ich sie alternativ finden / öffnen?

markusg 04.02.2013 14:17
hi
solange der Pc läuft, passt das.
Laden und ausführen:
http://download.bleepingcomputer.com...ta/Winmgmt.reg
Nachfrage bestätigen, neustarten.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

Steve123 04.02.2013 14:31
Alles gemacht! Hier das log-file von TDSS:

Code:
14:28:26.0405 5716  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:28:26.0590 5716  ============================================================
14:28:26.0590 5716  Current date / time: 2013/02/04 14:28:26.0590
14:28:26.0590 5716  SystemInfo:
14:28:26.0590 5716 
14:28:26.0590 5716  OS Version: 6.0.6002 ServicePack: 2.0
14:28:26.0590 5716  Product type: Workstation
14:28:26.0590 5716  ComputerName: NORA-PC
14:28:26.0591 5716  UserName: Nora
14:28:26.0591 5716  Windows directory: C:\Windows
14:28:26.0591 5716  System windows directory: C:\Windows
14:28:26.0591 5716  Processor architecture: Intel x86
14:28:26.0591 5716  Number of processors: 2
14:28:26.0591 5716  Page size: 0x1000
14:28:26.0591 5716  Boot type: Normal boot
14:28:26.0591 5716  ============================================================
14:28:27.0434 5716  Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:28:27.0439 5716  ============================================================
14:28:27.0439 5716  \Device\Harddisk0\DR0:
14:28:27.0440 5716  MBR partitions:
14:28:27.0440 5716  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x19FB800, BlocksNum 0x2CF3D0B0
14:28:27.0440 5716  ============================================================
14:28:27.0484 5716  C: <-> \Device\Harddisk0\DR0\Partition1
14:28:27.0484 5716  ============================================================
14:28:27.0484 5716  Initialize success
14:28:27.0484 5716  ============================================================
14:28:52.0947 2928  ============================================================
14:28:52.0947 2928  Scan started
14:28:52.0947 2928  Mode: Manual; SigCheck; TDLFS;
14:28:52.0947 2928  ============================================================
14:28:54.0636 2928  ================ Scan system memory ========================
14:28:54.0637 2928  System memory - ok
14:28:54.0637 2928  ================ Scan services =============================
14:28:54.0981 2928  [ 12582C7AB2F3B80E08B33A43EF602DA3 ] accvssvc        C:\Program Files\Common Files\AccSys\AccVSSvc.exe
14:28:55.0248 2928  accvssvc ( UnsignedFile.Multi.Generic ) - warning
14:28:55.0248 2928  accvssvc - detected UnsignedFile.Multi.Generic (1)
14:28:55.0336 2928  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:28:55.0751 2928  ACDaemon - ok
14:28:55.0946 2928  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
14:28:55.0988 2928  ACPI - ok
14:28:56.0093 2928  [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
14:28:56.0130 2928  AdobeActiveFileMonitor6.0 - ok
14:28:56.0242 2928  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:28:56.0276 2928  AdobeFlashPlayerUpdateSvc - ok
14:28:56.0367 2928  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
14:28:56.0428 2928  adp94xx - ok
14:28:56.0467 2928  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci        C:\Windows\system32\drivers\adpahci.sys
14:28:56.0515 2928  adpahci - ok
14:28:56.0542 2928  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
14:28:56.0586 2928  adpu160m - ok
14:28:56.0623 2928  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
14:28:56.0655 2928  adpu320 - ok
14:28:56.0737 2928  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
14:28:56.0844 2928  AeLookupSvc - ok
14:28:56.0917 2928  [ 3911B972B55FEA0478476B2E777B29FA ] AFD            C:\Windows\system32\drivers\afd.sys
14:28:57.0033 2928  AFD - ok
14:28:57.0079 2928  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
14:28:57.0109 2928  agp440 - ok
14:28:57.0150 2928  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
14:28:57.0179 2928  aic78xx - ok
14:28:57.0226 2928  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
14:28:57.0389 2928  ALG - ok
14:28:57.0418 2928  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:28:57.0454 2928  aliide - ok
14:28:57.0527 2928  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:28:57.0566 2928  amdagp - ok
14:28:57.0613 2928  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
14:28:57.0648 2928  amdide - ok
14:28:57.0680 2928  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
14:28:57.0753 2928  AmdK7 - ok
14:28:57.0808 2928  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
14:28:57.0878 2928  AmdK8 - ok
14:28:58.0138 2928  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:28:58.0175 2928  AntiVirSchedulerService - ok
14:28:58.0245 2928  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:28:58.0281 2928  AntiVirService - ok
14:28:58.0338 2928  [ 9325E49D555D8F12CE1735227DBB3D80 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
14:28:58.0375 2928  ApfiltrService - ok
14:28:58.0440 2928  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
14:28:58.0527 2928  Appinfo - ok
14:28:58.0627 2928  [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:28:58.0661 2928  Apple Mobile Device - ok
14:28:58.0744 2928  [ 5D2888182FB46632511ACEE92FDAD522 ] arc            C:\Windows\system32\drivers\arc.sys
14:28:58.0784 2928  arc - ok
14:28:58.0823 2928  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:28:58.0863 2928  arcsas - ok
14:28:58.0913 2928  [ 857B48965A0503B7AB795D4BFE7CBD8B ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
14:28:58.0942 2928  ArcSoftKsUFilter - ok
14:28:58.0987 2928  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:28:59.0071 2928  AsyncMac - ok
14:28:59.0138 2928  [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi          C:\Windows\system32\drivers\atapi.sys
14:28:59.0172 2928  atapi - ok
14:28:59.0279 2928  [ 6455100A6CDB1DEDC551E12FD41BC519 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
14:28:59.0400 2928  Ati External Event Utility - ok
14:28:59.0694 2928  [ 9F66D1BA97911731133E46212539A08D ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:29:00.0050 2928  atikmdag - ok
14:29:00.0126 2928  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:29:00.0225 2928  AudioEndpointBuilder - ok
14:29:00.0235 2928  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:29:00.0282 2928  Audiosrv - ok
14:29:00.0336 2928  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:29:00.0372 2928  avgntflt - ok
14:29:00.0430 2928  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:29:00.0471 2928  avipbb - ok
14:29:00.0546 2928  [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:29:00.0581 2928  avkmgr - ok
14:29:00.0661 2928  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:29:00.0781 2928  Beep - ok
14:29:00.0867 2928  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE            C:\Windows\System32\bfe.dll
14:29:00.0916 2928  BFE - ok
14:29:01.0046 2928  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
14:29:01.0145 2928  BITS - ok
14:29:01.0200 2928  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:29:01.0306 2928  blbdrive - ok
14:29:01.0442 2928  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:29:01.0489 2928  Bonjour Service - ok
14:29:01.0540 2928  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:29:01.0640 2928  bowser - ok
14:29:01.0711 2928  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
14:29:01.0789 2928  BrFiltLo - ok
14:29:01.0843 2928  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
14:29:01.0948 2928  BrFiltUp - ok
14:29:01.0977 2928  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
14:29:02.0040 2928  Browser - ok
14:29:02.0314 2928  [ B98EF68B1E3DC5AC79A432900947EA2D ] Browser Manager C:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
14:29:02.0438 2928  Browser Manager - ok
14:29:02.0495 2928  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
14:29:02.0755 2928  Brserid - ok
14:29:02.0809 2928  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
14:29:02.0923 2928  BrSerWdm - ok
14:29:02.0958 2928  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
14:29:03.0065 2928  BrUsbMdm - ok
14:29:03.0112 2928  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
14:29:03.0196 2928  BrUsbSer - ok
14:29:03.0284 2928  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum        C:\Windows\system32\DRIVERS\BthEnum.sys
14:29:03.0352 2928  BthEnum - ok
14:29:03.0388 2928  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:29:03.0489 2928  BTHMODEM - ok
14:29:03.0518 2928  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:29:03.0599 2928  BthPan - ok
14:29:03.0689 2928  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT        C:\Windows\system32\Drivers\BTHport.sys
14:29:03.0814 2928  BTHPORT - ok
14:29:03.0866 2928  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ        C:\Windows\System32\bthserv.dll
14:29:03.0946 2928  BthServ - ok
14:29:04.0007 2928  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
14:29:04.0042 2928  BTHUSB - ok
14:29:04.0117 2928  [ 14164C0CFD9D5A2704FDAB93A9688630 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
14:29:04.0155 2928  btwaudio - ok
14:29:04.0206 2928  [ 94DC6E5F3F532C5054F078D845714129 ] btwavdt        C:\Windows\system32\drivers\btwavdt.sys
14:29:04.0241 2928  btwavdt - ok
14:29:04.0351 2928  [ C832A3622A35CA7C595EA8CA385BA813 ] btwdins        C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
14:29:04.0436 2928  btwdins - ok
14:29:04.0497 2928  [ B9920FB30BCAFF10C111654909B275C9 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
14:29:04.0527 2928  btwl2cap - ok
14:29:04.0563 2928  [ 61E29BA977B972C9BAA847CC11D48C3D ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
14:29:04.0593 2928  btwrchid - ok
14:29:04.0648 2928  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:29:04.0739 2928  cdfs - ok
14:29:04.0798 2928  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
14:29:04.0865 2928  cdrom - ok
14:29:04.0912 2928  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc    C:\Windows\System32\certprop.dll
14:29:04.0972 2928  CertPropSvc - ok
14:29:05.0041 2928  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
14:29:05.0126 2928  circlass - ok
14:29:05.0238 2928  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
14:29:05.0312 2928  CLFS - ok
14:29:05.0425 2928  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:29:05.0462 2928  clr_optimization_v2.0.50727_32 - ok
14:29:05.0546 2928  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:29:05.0614 2928  clr_optimization_v4.0.30319_32 - ok
14:29:05.0657 2928  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:29:05.0731 2928  CmBatt - ok
14:29:05.0781 2928  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:29:05.0820 2928  cmdide - ok
14:29:05.0845 2928  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:29:05.0874 2928  Compbatt - ok
14:29:05.0883 2928  COMSysApp - ok
14:29:06.0006 2928  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
14:29:06.0029 2928  crcdisk - ok
14:29:06.0054 2928  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
14:29:06.0163 2928  Crusoe - ok
14:29:06.0228 2928  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:29:06.0309 2928  CryptSvc - ok
14:29:06.0364 2928  [ ECDB9665937F737A7AB26390A6C68573 ] ctxusbm        C:\Windows\system32\DRIVERS\ctxusbm.sys
14:29:06.0402 2928  ctxusbm - ok
14:29:06.0498 2928  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:29:06.0630 2928  DcomLaunch - ok
14:29:06.0686 2928  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:29:06.0758 2928  DfsC - ok
14:29:06.0876 2928  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
14:29:07.0045 2928  DFSR - ok
14:29:07.0104 2928  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
14:29:07.0190 2928  Dhcp - ok
14:29:07.0219 2928  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
14:29:07.0261 2928  disk - ok
14:29:07.0337 2928  [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall        C:\Windows\system32\DRIVERS\DMICall.sys
14:29:07.0365 2928  DMICall - ok
14:29:07.0457 2928  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:29:07.0531 2928  Dnscache - ok
14:29:07.0616 2928  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc        C:\Windows\System32\dot3svc.dll
14:29:07.0696 2928  dot3svc - ok
14:29:07.0729 2928  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
14:29:07.0781 2928  DPS - ok
14:29:07.0836 2928  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
14:29:07.0913 2928  drmkaud - ok
14:29:07.0985 2928  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
14:29:08.0039 2928  DXGKrnl - ok
14:29:08.0090 2928  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
14:29:08.0193 2928  E1G60 - ok
14:29:08.0267 2928  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
14:29:08.0324 2928  EapHost - ok
14:29:08.0372 2928  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
14:29:08.0421 2928  Ecache - ok
14:29:08.0504 2928  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
14:29:08.0620 2928  ehRecvr - ok
14:29:08.0654 2928  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched        C:\Windows\ehome\ehsched.exe
14:29:08.0749 2928  ehSched - ok
14:29:08.0790 2928  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart        C:\Windows\ehome\ehstart.dll
14:29:08.0854 2928  ehstart - ok
14:29:08.0915 2928  [ 23B62471681A124889978F6295B3F4C6 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
14:29:08.0968 2928  elxstor - ok
14:29:09.0043 2928  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
14:29:09.0155 2928  EMDMgmt - ok
14:29:09.0184 2928  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:29:09.0248 2928  ErrDev - ok
14:29:09.0313 2928  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem    C:\Windows\system32\es.dll
14:29:09.0388 2928  EventSystem - ok
14:29:09.0489 2928  [ BA6063E3375F9BC11A9C8450A7F61E70 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:29:09.0619 2928  EvtEng ( UnsignedFile.Multi.Generic ) - warning
14:29:09.0619 2928  EvtEng - detected UnsignedFile.Multi.Generic (1)
14:29:09.0672 2928  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat          C:\Windows\system32\drivers\exfat.sys
14:29:09.0790 2928  exfat - ok
14:29:09.0947 2928  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
14:29:10.0030 2928  fastfat - ok
14:29:10.0069 2928  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
14:29:10.0136 2928  fdc - ok
14:29:10.0187 2928  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
14:29:10.0242 2928  fdPHost - ok
14:29:10.0249 2928  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:29:10.0378 2928  FDResPub - ok
14:29:10.0432 2928  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:29:10.0469 2928  FileInfo - ok
14:29:10.0500 2928  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
14:29:10.0570 2928  Filetrace - ok
14:29:10.0686 2928  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:29:10.0776 2928  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:29:10.0776 2928  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:29:10.0796 2928  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:29:10.0866 2928  flpydisk - ok
14:29:10.0972 2928  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:29:11.0024 2928  FltMgr - ok
14:29:11.0202 2928  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache      C:\Windows\system32\FntCache.dll
14:29:11.0288 2928  FontCache - ok
14:29:11.0353 2928  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:29:11.0387 2928  FontCache3.0.0.0 - ok
14:29:11.0449 2928  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:29:11.0539 2928  Fs_Rec - ok
14:29:11.0574 2928  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:29:11.0613 2928  gagp30kx - ok
14:29:11.0683 2928  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:29:11.0713 2928  GEARAspiWDM - ok
14:29:11.0841 2928  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
14:29:11.0871 2928  GoogleDesktopManager-051210-111108 - ok
14:29:11.0923 2928  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc          C:\Windows\System32\gpsvc.dll
14:29:12.0069 2928  gpsvc - ok
14:29:12.0165 2928  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
14:29:12.0190 2928  gupdate - ok
14:29:12.0197 2928  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:29:12.0221 2928  gupdatem - ok
14:29:12.0302 2928  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:29:12.0327 2928  gusvc - ok
14:29:12.0400 2928  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:29:12.0538 2928  HdAudAddService - ok
14:29:12.0687 2928  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
14:29:12.0785 2928  HDAudBus - ok
14:29:12.0824 2928  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:29:12.0942 2928  HidBth - ok
14:29:12.0974 2928  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
14:29:13.0074 2928  HidIr - ok
14:29:13.0130 2928  [ 84067081F3318162797385E11A8F0582 ] hidserv        C:\Windows\system32\hidserv.dll
14:29:13.0194 2928  hidserv - ok
14:29:13.0230 2928  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:29:13.0302 2928  HidUsb - ok
14:29:13.0365 2928  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:29:13.0454 2928  hkmsvc - ok
14:29:13.0503 2928  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
14:29:13.0540 2928  HpCISSs - ok
14:29:13.0689 2928  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:29:13.0781 2928  HSFHWAZL - ok
14:29:13.0884 2928  [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV        C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:29:14.0115 2928  HSF_DPV - ok
14:29:14.0173 2928  [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:29:14.0202 2928  HSXHWAZL - ok
14:29:14.0266 2928  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:29:14.0403 2928  HTTP - ok
14:29:14.0454 2928  [ C6B032D69650985468160FC9937CF5B4 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
14:29:14.0489 2928  i2omp - ok
14:29:14.0558 2928  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
14:29:14.0624 2928  i8042prt - ok
14:29:14.0669 2928  [ 8EF427C54497C5F8A7A645990E4278C7 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:29:14.0705 2928  iaStor - ok
14:29:14.0860 2928  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
14:29:14.0930 2928  iaStorV - ok
14:29:15.0065 2928  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:29:15.0206 2928  idsvc - ok
14:29:15.0273 2928  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
14:29:15.0303 2928  iirsp - ok
14:29:15.0381 2928  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
14:29:15.0472 2928  IKEEXT - ok
14:29:15.0629 2928  [ 4A0F260DF9A5333C07F4AB40CA9D4F4B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:29:15.0748 2928  IntcAzAudAddService - ok
14:29:15.0811 2928  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:29:15.0842 2928  intelide - ok
14:29:15.0899 2928  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:29:15.0955 2928  intelppm - ok
14:29:15.0998 2928  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
14:29:16.0116 2928  IPBusEnum - ok
14:29:16.0171 2928  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:29:16.0217 2928  IpFilterDriver - ok
14:29:16.0246 2928  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:29:16.0320 2928  iphlpsvc - ok
14:29:16.0325 2928  IpInIp - ok
14:29:16.0366 2928  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
14:29:16.0428 2928  IPMIDRV - ok
14:29:16.0457 2928  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
14:29:16.0508 2928  IPNAT - ok
14:29:16.0625 2928  [ 33642C17C232AA272C68E446A2619899 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
14:29:16.0767 2928  iPod Service - ok
14:29:16.0867 2928  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:29:16.0920 2928  IRENUM - ok
14:29:16.0969 2928  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:29:17.0008 2928  isapnp - ok
14:29:17.0085 2928  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
14:29:17.0118 2928  iScsiPrt - ok
14:29:17.0145 2928  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
14:29:17.0179 2928  iteatapi - ok
14:29:17.0243 2928  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
14:29:17.0278 2928  iteraid - ok
14:29:17.0321 2928  [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr      C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
14:29:17.0357 2928  IviRegMgr - ok
14:29:17.0388 2928  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:29:17.0423 2928  kbdclass - ok
14:29:17.0450 2928  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:29:17.0521 2928  kbdhid - ok
14:29:17.0572 2928  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
14:29:17.0656 2928  KeyIso - ok
14:29:17.0693 2928  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:29:17.0754 2928  KSecDD - ok
14:29:17.0872 2928  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
14:29:17.0990 2928  KtmRm - ok
14:29:18.0048 2928  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
14:29:18.0105 2928  LanmanServer - ok
14:29:18.0204 2928  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:29:18.0293 2928  LanmanWorkstation - ok
14:29:18.0322 2928  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:29:18.0423 2928  lltdio - ok
14:29:18.0483 2928  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
14:29:18.0563 2928  lltdsvc - ok
14:29:18.0615 2928  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
14:29:18.0705 2928  lmhosts - ok
14:29:18.0794 2928  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:29:18.0840 2928  LSI_FC - ok
14:29:18.0883 2928  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
14:29:18.0929 2928  LSI_SAS - ok
14:29:19.0007 2928  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:29:19.0052 2928  LSI_SCSI - ok
14:29:19.0091 2928  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
14:29:19.0164 2928  luafv - ok
14:29:19.0194 2928  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
14:29:19.0254 2928  Mcx2Svc - ok
14:29:19.0321 2928  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk        C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:29:19.0345 2928  mdmxsdk - ok
14:29:19.0419 2928  [ 0001CE609D66632FA17B84705F658879 ] megasas        C:\Windows\system32\drivers\megasas.sys
14:29:19.0451 2928  megasas - ok
14:29:19.0516 2928  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
14:29:19.0597 2928  MegaSR - ok
14:29:19.0639 2928  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
14:29:19.0726 2928  MMCSS - ok
14:29:19.0757 2928  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
14:29:19.0807 2928  Modem - ok
14:29:19.0855 2928  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
14:29:19.0894 2928  monitor - ok
14:29:19.0930 2928  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:29:19.0953 2928  mouclass - ok
14:29:19.0968 2928  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:29:20.0039 2928  mouhid - ok
14:29:20.0060 2928  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
14:29:20.0091 2928  MountMgr - ok
14:29:20.0152 2928  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:29:20.0190 2928  mpio - ok
14:29:20.0265 2928  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:29:20.0349 2928  mpsdrv - ok
14:29:20.0420 2928  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:29:20.0513 2928  MpsSvc - ok
14:29:20.0581 2928  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
14:29:20.0610 2928  Mraid35x - ok
14:29:20.0680 2928  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:29:20.0763 2928  MRxDAV - ok
14:29:20.0809 2928  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:29:20.0863 2928  mrxsmb - ok
14:29:20.0906 2928  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:29:20.0981 2928  mrxsmb10 - ok
14:29:21.0008 2928  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:29:21.0088 2928  mrxsmb20 - ok
14:29:21.0142 2928  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
14:29:21.0170 2928  msahci - ok
14:29:21.0268 2928  [ A99D2C7E30AD63EF920A894131CAF5F7 ] MSCSPTISRV      C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
14:29:21.0287 2928  MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
14:29:21.0287 2928  MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
14:29:21.0321 2928  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
14:29:21.0353 2928  msdsm - ok
14:29:21.0396 2928  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
14:29:21.0488 2928  MSDTC - ok
14:29:21.0540 2928  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:29:21.0613 2928  Msfs - ok
14:29:21.0656 2928  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:29:21.0693 2928  msisadrv - ok
14:29:21.0868 2928  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
14:29:21.0973 2928  MSiSCSI - ok
14:29:21.0980 2928  msiserver - ok
14:29:22.0038 2928  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
14:29:22.0106 2928  MSKSSRV - ok
14:29:22.0134 2928  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:29:22.0195 2928  MSPCLOCK - ok
14:29:22.0237 2928  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
14:29:22.0292 2928  MSPQM - ok
14:29:22.0426 2928  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
14:29:22.0467 2928  MsRPC - ok
14:29:22.0524 2928  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
14:29:22.0550 2928  mssmbios - ok
14:29:22.0588 2928  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
14:29:22.0624 2928  MSTEE - ok
14:29:22.0684 2928  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup            C:\Windows\system32\Drivers\mup.sys
14:29:22.0704 2928  Mup - ok
14:29:22.0778 2928  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
14:29:22.0847 2928  napagent - ok
14:29:22.0930 2928  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
14:29:22.0967 2928  NativeWifiP - ok
14:29:23.0143 2928  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:29:23.0233 2928  NDIS - ok
14:29:23.0265 2928  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:29:23.0339 2928  NdisTapi - ok
14:29:23.0381 2928  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
14:29:23.0423 2928  Ndisuio - ok
14:29:23.0455 2928  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
14:29:23.0498 2928  NdisWan - ok
14:29:23.0539 2928  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
14:29:23.0579 2928  NDProxy - ok
14:29:23.0622 2928  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
14:29:23.0698 2928  NetBIOS - ok
14:29:23.0735 2928  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
14:29:23.0815 2928  netbt - ok
14:29:23.0861 2928  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
14:29:23.0892 2928  Netlogon - ok
14:29:23.0996 2928  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
14:29:24.0071 2928  Netman - ok
14:29:24.0109 2928  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
14:29:24.0168 2928  netprofm - ok
14:29:24.0197 2928  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:29:24.0244 2928  NetTcpPortSharing - ok
14:29:24.0556 2928  [ BA420E8EBFCAD35581FE8E4C64F71469 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
14:29:24.0960 2928  NETw5v32 - ok
14:29:25.0001 2928  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
14:29:25.0037 2928  nfrd960 - ok
14:29:25.0082 2928  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:29:25.0142 2928  NlaSvc - ok
14:29:25.0286 2928  [ B15E0180C43D8B5219196D76878CC2DD ] NPF            C:\Windows\system32\drivers\npf.sys
14:29:25.0323 2928  NPF - ok
14:29:25.0368 2928  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:29:25.0448 2928  Npfs - ok
14:29:25.0493 2928  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
14:29:25.0615 2928  nsi - ok
14:29:25.0650 2928  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:29:25.0720 2928  nsiproxy - ok
14:29:25.0778 2928  [ B30F5C423B45A6668EADAD883678E2D0 ] NSUService      C:\Program Files\sony\Network Utility\NSUService.exe
14:29:25.0792 2928  NSUService ( UnsignedFile.Multi.Generic ) - warning
14:29:25.0792 2928  NSUService - detected UnsignedFile.Multi.Generic (1)
14:29:26.0039 2928  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:29:26.0203 2928  Ntfs - ok
14:29:26.0253 2928  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
14:29:26.0341 2928  ntrigdigi - ok
14:29:26.0373 2928  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
14:29:26.0437 2928  Null - ok
14:29:26.0476 2928  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:29:26.0521 2928  nvraid - ok
14:29:26.0550 2928  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:29:26.0588 2928  nvstor - ok
14:29:26.0626 2928  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:29:26.0667 2928  nv_agp - ok
14:29:26.0673 2928  NwlnkFlt - ok
14:29:26.0684 2928  NwlnkFwd - ok
14:29:26.0849 2928  [ E54AA592A65F317390EEE386A8821692 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:29:26.0911 2928  odserv - ok
14:29:26.0958 2928  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
14:29:27.0162 2928  ohci1394 - ok
14:29:27.0215 2928  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:29:27.0254 2928  ose - ok
14:29:27.0332 2928  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
14:29:27.0434 2928  p2pimsvc - ok
14:29:27.0451 2928  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:29:27.0499 2928  p2psvc - ok
14:29:27.0546 2928  [ 41C33FB4FD929FED732A00D2DAEF5BE0 ] PACSPTISVR      C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
14:29:27.0564 2928  PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
14:29:27.0564 2928  PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
14:29:27.0599 2928  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
14:29:27.0689 2928  Parport - ok
14:29:27.0783 2928  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
14:29:27.0884 2928  partmgr - ok
14:29:27.0927 2928  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
14:29:28.0079 2928  Parvdm - ok
14:29:28.0168 2928  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:29:28.0274 2928  PcaSvc - ok
14:29:28.0304 2928  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci            C:\Windows\system32\drivers\pci.sys
14:29:28.0336 2928  pci - ok
14:29:28.0427 2928  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
14:29:28.0463 2928  pciide - ok
14:29:28.0498 2928  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:29:28.0541 2928  pcmcia - ok
14:29:28.0619 2928  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:29:28.0760 2928  PEAUTH - ok
14:29:28.0965 2928  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
14:29:29.0158 2928  pla - ok
14:29:29.0206 2928  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:29:29.0290 2928  PlugPlay - ok
14:29:29.0410 2928  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
14:29:29.0459 2928  PNRPAutoReg - ok
14:29:29.0475 2928  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
14:29:29.0523 2928  PNRPsvc - ok
14:29:29.0591 2928  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
14:29:29.0751 2928  PolicyAgent - ok
14:29:29.0933 2928  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:29:30.0025 2928  PptpMiniport - ok
14:29:30.0060 2928  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor      C:\Windows\system32\drivers\processr.sys
14:29:30.0124 2928  Processor - ok
14:29:30.0179 2928  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc        C:\Windows\system32\profsvc.dll
14:29:30.0247 2928  ProfSvc - ok
14:29:30.0284 2928  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:29:30.0323 2928  ProtectedStorage - ok
14:29:30.0379 2928  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
14:29:30.0461 2928  PSched - ok
14:29:30.0505 2928  [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
14:29:30.0552 2928  PxHelp20 - ok
14:29:30.0687 2928  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:29:30.0839 2928  ql2300 - ok
14:29:30.0901 2928  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:29:30.0919 2928  ql40xx - ok
14:29:30.0967 2928  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
14:29:31.0018 2928  QWAVE - ok
14:29:31.0047 2928  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:29:31.0083 2928  QWAVEdrv - ok
14:29:31.0100 2928  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:29:31.0176 2928  RasAcd - ok
14:29:31.0222 2928  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
14:29:31.0340 2928  RasAuto - ok
14:29:31.0433 2928  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
14:29:31.0501 2928  Rasl2tp - ok
14:29:31.0550 2928  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
14:29:31.0634 2928  RasMan - ok
14:29:31.0666 2928  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:29:31.0747 2928  RasPppoe - ok
14:29:31.0765 2928  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
14:29:31.0795 2928  RasSstp - ok
14:29:31.0873 2928  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
14:29:31.0958 2928  rdbss - ok
14:29:31.0985 2928  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:29:32.0039 2928  RDPCDD - ok
14:29:32.0073 2928  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
14:29:32.0131 2928  rdpdr - ok
14:29:32.0138 2928  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:29:32.0212 2928  RDPENCDD - ok
14:29:32.0267 2928  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
14:29:32.0356 2928  RDPWD - ok
14:29:32.0405 2928  [ 001B4278407F4303EFC902A2B16F2453 ] regi            C:\Windows\system32\drivers\regi.sys
14:29:32.0433 2928  regi - ok
14:29:32.0513 2928  [ 7EEEEC28A34516E66137F355DCC15BDB ] RegSrvc        C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:29:32.0557 2928  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
14:29:32.0557 2928  RegSrvc - detected UnsignedFile.Multi.Generic (1)
14:29:32.0630 2928  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:29:32.0719 2928  RemoteAccess - ok
14:29:32.0778 2928  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:29:32.0867 2928  RemoteRegistry - ok
14:29:32.0929 2928  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:29:33.0020 2928  RFCOMM - ok
14:29:33.0044 2928  [ F7D9ECF41EBD3CF6C65944368150F66B ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
14:29:33.0091 2928  rimsptsk - ok
14:29:33.0112 2928  [ 1BE6C42767A7C67BA31AE32B293B37A3 ] risdptsk        C:\Windows\system32\DRIVERS\risdptsk.sys
14:29:33.0163 2928  risdptsk - ok
14:29:33.0194 2928  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
14:29:33.0271 2928  RpcLocator - ok
14:29:33.0311 2928  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs          C:\Windows\system32\rpcss.dll
14:29:33.0386 2928  RpcSs - ok
14:29:33.0448 2928  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:29:33.0539 2928  rspndr - ok
14:29:33.0605 2928  [ 065A51298212455584F1811B033B617E ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
14:29:33.0641 2928  RTHDMIAzAudService - ok
14:29:33.0714 2928  [ DF1970AB067B4BA4221F0AD0AB9EBB30 ] RtkAudioService C:\Windows\RtkAudioService.exe
14:29:33.0733 2928  RtkAudioService ( UnsignedFile.Multi.Generic ) - warning
14:29:33.0733 2928  RtkAudioService - detected UnsignedFile.Multi.Generic (1)
14:29:33.0773 2928  [ A3E186B4B935905B829219502557314E ] SamSs          C:\Windows\system32\lsass.exe
14:29:33.0804 2928  SamSs - ok
14:29:33.0830 2928  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:29:33.0869 2928  sbp2port - ok
14:29:33.0941 2928  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:29:34.0007 2928  SCardSvr - ok
14:29:34.0062 2928  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
14:29:34.0181 2928  Schedule - ok
14:29:34.0202 2928  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc    C:\Windows\System32\certprop.dll
14:29:34.0246 2928  SCPolicySvc - ok
14:29:34.0302 2928  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
14:29:34.0393 2928  sdbus - ok
14:29:34.0438 2928  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:29:34.0507 2928  SDRSVC - ok
14:29:34.0523 2928  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:29:34.0630 2928  secdrv - ok
14:29:34.0691 2928  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
14:29:34.0751 2928  seclogon - ok
14:29:34.0769 2928  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
14:29:34.0841 2928  SENS - ok
14:29:34.0875 2928  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum        C:\Windows\system32\drivers\serenum.sys
14:29:34.0962 2928  Serenum - ok
14:29:35.0012 2928  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
14:29:35.0112 2928  Serial - ok
14:29:35.0146 2928  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:29:35.0209 2928  sermouse - ok
14:29:35.0325 2928  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:29:35.0379 2928  SessionEnv - ok
14:29:35.0430 2928  [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP            C:\Windows\system32\DRIVERS\SFEP.sys
14:29:35.0473 2928  SFEP - ok
14:29:35.0572 2928  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
14:29:35.0618 2928  sffdisk - ok
14:29:35.0676 2928  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:29:35.0770 2928  sffp_mmc - ok
14:29:35.0811 2928  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
14:29:35.0867 2928  sffp_sd - ok
14:29:35.0918 2928  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
14:29:36.0031 2928  sfloppy - ok
14:29:36.0067 2928  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:29:36.0179 2928  SharedAccess - ok
14:29:36.0261 2928  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:29:36.0350 2928  ShellHWDetection - ok
14:29:36.0393 2928  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:29:36.0433 2928  sisagp - ok
14:29:36.0458 2928  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
14:29:36.0496 2928  SiSRaid2 - ok
14:29:36.0526 2928  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:29:36.0567 2928  SiSRaid4 - ok
14:29:36.0785 2928  [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
14:29:37.0012 2928  Skype C2C Service - ok
14:29:37.0100 2928  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
14:29:37.0214 2928  SkypeUpdate - ok
14:29:37.0393 2928  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc          C:\Windows\system32\SLsvc.exe
14:29:37.0765 2928  slsvc - ok
14:29:37.0822 2928  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
14:29:37.0886 2928  SLUINotify - ok
14:29:37.0949 2928  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
14:29:38.0002 2928  Smb - ok
14:29:38.0106 2928  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:29:38.0148 2928  SNMPTRAP - ok
14:29:38.0224 2928  [ 1A9DD46C547646A54CDB4065C1996A07 ] SOHCImp        C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
14:29:38.0252 2928  SOHCImp - ok
14:29:38.0283 2928  [ 2E1B0D8278BB616148DDCA13DAE87544 ] SOHDms          C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
14:29:38.0346 2928  SOHDms - ok
14:29:38.0397 2928  [ 892529EE03211C35AEA7132E119F4862 ] SOHDs          C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
14:29:38.0429 2928  SOHDs - ok
14:29:38.0564 2928  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
14:29:38.0613 2928  Sony PC Companion - ok
14:29:38.0721 2928  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
14:29:38.0771 2928  spldr - ok
14:29:38.0834 2928  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler        C:\Windows\System32\spoolsv.exe
14:29:38.0929 2928  Spooler - ok
14:29:38.0968 2928  [ F63102F289AE2039940B22E9B2A8E0BD ] SPTISRV        C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
14:29:38.0994 2928  SPTISRV ( UnsignedFile.Multi.Generic ) - warning
14:29:38.0994 2928  SPTISRV - detected UnsignedFile.Multi.Generic (1)
14:29:39.0047 2928  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv            C:\Windows\system32\DRIVERS\srv.sys
14:29:39.0136 2928  srv - ok
14:29:39.0194 2928  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:29:39.0268 2928  srv2 - ok
14:29:39.0296 2928  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:29:39.0337 2928  srvnet - ok
14:29:39.0386 2928  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
14:29:39.0441 2928  SSDPSRV - ok
14:29:39.0487 2928  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
14:29:39.0532 2928  ssmdrv - ok
14:29:39.0621 2928  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
14:29:39.0695 2928  SstpSvc - ok
14:29:39.0750 2928  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
14:29:39.0867 2928  stisvc - ok
14:29:39.0907 2928  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
14:29:39.0943 2928  swenum - ok
14:29:40.0025 2928  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv          C:\Windows\System32\swprv.dll
14:29:40.0112 2928  swprv - ok
14:29:40.0127 2928  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
14:29:40.0163 2928  Symc8xx - ok
14:29:40.0284 2928  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
14:29:40.0325 2928  Sym_hi - ok
14:29:40.0359 2928  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
14:29:40.0393 2928  Sym_u3 - ok
14:29:40.0436 2928  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain        C:\Windows\system32\sysmain.dll
14:29:40.0535 2928  SysMain - ok
14:29:40.0584 2928  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:29:40.0619 2928  TabletInputService - ok
14:29:40.0671 2928  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv        C:\Windows\System32\tapisrv.dll
14:29:40.0765 2928  TapiSrv - ok
14:29:40.0792 2928  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
14:29:40.0861 2928  TBS - ok
14:29:40.0920 2928  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
14:29:41.0006 2928  Tcpip - ok
14:29:41.0031 2928  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
14:29:41.0091 2928  Tcpip6 - ok
14:29:41.0148 2928  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:29:41.0210 2928  tcpipreg - ok
14:29:41.0274 2928  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:29:41.0358 2928  TDPIPE - ok
14:29:41.0389 2928  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
14:29:41.0444 2928  TDTCP - ok
14:29:41.0492 2928  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
14:29:41.0542 2928  tdx - ok
14:29:41.0579 2928  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
14:29:41.0618 2928  TermDD - ok
14:29:41.0654 2928  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService    C:\Windows\System32\termsrv.dll
14:29:41.0719 2928  TermService - ok
14:29:41.0747 2928  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
14:29:41.0796 2928  Themes - ok
14:29:41.0809 2928  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
14:29:41.0861 2928  THREADORDER - ok
14:29:41.0911 2928  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
14:29:41.0974 2928  TrkWks - ok
14:29:42.0039 2928  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:29:42.0123 2928  TrustedInstaller - ok
14:29:42.0171 2928  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:29:42.0247 2928  tssecsrv - ok
14:29:42.0324 2928  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
14:29:42.0406 2928  tunmp - ok
14:29:42.0434 2928  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:29:42.0512 2928  tunnel - ok
14:29:42.0562 2928  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:29:42.0606 2928  uagp35 - ok
14:29:42.0669 2928  [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor    C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
14:29:42.0712 2928  uCamMonitor - ok
14:29:42.0765 2928  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:29:42.0810 2928  udfs - ok
14:29:42.0859 2928  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
14:29:42.0966 2928  UI0Detect - ok
14:29:42.0975 2928  UIUSys - ok
14:29:43.0025 2928  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:29:43.0065 2928  uliagpkx - ok
14:29:43.0098 2928  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci        C:\Windows\system32\drivers\uliahci.sys
14:29:43.0144 2928  uliahci - ok
14:29:43.0178 2928  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
14:29:43.0218 2928  UlSata - ok
14:29:43.0287 2928  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
14:29:43.0330 2928  ulsata2 - ok
14:29:43.0362 2928  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
14:29:43.0463 2928  umbus - ok
14:29:43.0540 2928  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
14:29:43.0635 2928  upnphost - ok
14:29:43.0735 2928  [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL        C:\Windows\system32\Drivers\usbaapl.sys
14:29:43.0800 2928  USBAAPL - ok
14:29:43.0844 2928  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
14:29:43.0894 2928  usbccgp - ok
14:29:43.0946 2928  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:29:44.0066 2928  usbcir - ok
14:29:44.0115 2928  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
14:29:44.0172 2928  usbehci - ok
14:29:44.0207 2928  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:29:44.0297 2928  usbhub - ok
14:29:44.0351 2928  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci        C:\Windows\system32\drivers\usbohci.sys
14:29:44.0437 2928  usbohci - ok
14:29:44.0484 2928  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
14:29:44.0573 2928  usbprint - ok
14:29:44.0650 2928  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:29:44.0731 2928  USBSTOR - ok
14:29:44.0783 2928  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
14:29:44.0829 2928  usbuhci - ok
14:29:44.0874 2928  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
14:29:44.0976 2928  usbvideo - ok
14:29:45.0009 2928  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms          C:\Windows\System32\uxsms.dll
14:29:45.0062 2928  UxSms - ok
14:29:45.0175 2928  [ 2A640DC735CB0112AC1DCD1E1549B27E ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
14:29:45.0238 2928  VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
14:29:45.0238 2928  VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
14:29:45.0272 2928  [ 2C3DBB9B671AB95245DED1EFC5276CE9 ] VAIO Event Service C:\Program Files\sony\VAIO Event Service\VESMgr.exe
14:29:45.0312 2928  VAIO Event Service - ok
14:29:45.0432 2928  [ C1ED0F71D3B9EA8D774FC7C4CBF7EE7F ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
14:29:45.0465 2928  VAIO Power Management - ok
14:29:45.0563 2928  [ 7773EB681E99217FD92E5E8A5A199AE5 ] VCFw            C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
14:29:45.0625 2928  VCFw ( UnsignedFile.Multi.Generic ) - warning
14:29:45.0625 2928  VCFw - detected UnsignedFile.Multi.Generic (1)
14:29:45.0689 2928  [ 2686B87EDC54ED215CE479AC9B7675DE ] VcmIAlzMgr      C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
14:29:45.0738 2928  VcmIAlzMgr - ok
14:29:45.0784 2928  [ BB5781ED436D3E121F85617C3BBB7AD5 ] VcmXmlIfHelper  C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
14:29:45.0820 2928  VcmXmlIfHelper - ok
14:29:45.0825 2928  Vcsw - ok
14:29:45.0892 2928  [ CD88D1B7776DC17A119049742EC07EB4 ] vds            C:\Windows\System32\vds.exe
14:29:46.0033 2928  vds - ok
14:29:46.0070 2928  [ 87B06E1F30B749A114F74622D013F8D4 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
14:29:46.0125 2928  vga - ok
14:29:46.0155 2928  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
14:29:46.0213 2928  VgaSave - ok
14:29:46.0245 2928  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:29:46.0283 2928  viaagp - ok
14:29:46.0325 2928  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7          C:\Windows\system32\drivers\viac7.sys
14:29:46.0383 2928  ViaC7 - ok
14:29:46.0400 2928  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
14:29:46.0436 2928  viaide - ok
14:29:46.0452 2928  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:29:46.0491 2928  volmgr - ok
14:29:46.0561 2928  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
14:29:46.0627 2928  volmgrx - ok
14:29:46.0691 2928  [ 786DB5771F05EF300390399F626BF30A ] volsnap        C:\Windows\system32\drivers\volsnap.sys
14:29:46.0741 2928  volsnap - ok
14:29:46.0792 2928  [ 587253E09325E6BF226B299774B728A9 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
14:29:46.0834 2928  vsmraid - ok
14:29:46.0975 2928  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS            C:\Windows\system32\vssvc.exe
14:29:47.0167 2928  VSS - ok
14:29:47.0283 2928  [ 071634532066C2E29350D450C3412837 ] VzCdbSvc        C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
14:29:47.0294 2928  VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
14:29:47.0294 2928  VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
14:29:47.0342 2928  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time        C:\Windows\system32\w32time.dll
14:29:47.0425 2928  W32Time - ok
14:29:47.0479 2928  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:29:47.0581 2928  WacomPen - ok
14:29:47.0628 2928  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
14:29:47.0678 2928  Wanarp - ok
14:29:47.0684 2928  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:29:47.0726 2928  Wanarpv6 - ok
14:29:47.0781 2928  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc        C:\Windows\System32\wcncsvc.dll
14:29:47.0827 2928  wcncsvc - ok
14:29:47.0887 2928  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:29:47.0966 2928  WcsPlugInService - ok
14:29:47.0997 2928  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
14:29:48.0033 2928  Wd - ok
14:29:48.0096 2928  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:29:48.0164 2928  Wdf01000 - ok
14:29:48.0197 2928  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:29:48.0257 2928  WdiServiceHost - ok
14:29:48.0266 2928  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
14:29:48.0321 2928  WdiSystemHost - ok
14:29:48.0373 2928  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient      C:\Windows\System32\webclnt.dll
14:29:48.0410 2928  WebClient - ok
14:29:48.0474 2928  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:29:48.0555 2928  Wecsvc - ok
14:29:48.0609 2928  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
14:29:48.0692 2928  wercplsupport - ok
14:29:48.0764 2928  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:29:48.0810 2928  WerSvc - ok
14:29:48.0857 2928  [ 090A2B8F055343815556A01F725F6C35 ] WimFltr        C:\Windows\system32\DRIVERS\wimfltr.sys
14:29:48.0889 2928  WimFltr - ok
14:29:48.0939 2928  [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:29:49.0063 2928  winachsf - ok
14:29:49.0204 2928  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
14:29:49.0251 2928  WinDefend - ok
14:29:49.0265 2928  WinHttpAutoProxySvc - ok
14:29:49.0395 2928  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
14:29:49.0454 2928  Winmgmt - ok
14:29:49.0582 2928  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
14:29:49.0757 2928  WinRM - ok
14:29:49.0874 2928  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc        C:\Windows\System32\wlansvc.dll
14:29:49.0955 2928  Wlansvc - ok
14:29:50.0005 2928  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
14:29:50.0053 2928  WmiAcpi - ok
14:29:50.0113 2928  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:29:50.0155 2928  wmiApSrv - ok
14:29:50.0314 2928  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
14:29:50.0451 2928  WMPNetworkSvc - ok
14:29:50.0492 2928  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:29:50.0581 2928  WPCSvc - ok
14:29:50.0702 2928  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:29:50.0758 2928  WPDBusEnum - ok
14:29:50.0811 2928  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
14:29:50.0849 2928  WpdUsb - ok
14:29:51.0074 2928  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:29:51.0147 2928  WPFFontCache_v0400 - ok
14:29:51.0191 2928  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
14:29:51.0289 2928  ws2ifsl - ok
14:29:51.0353 2928  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
14:29:51.0431 2928  wscsvc - ok
14:29:51.0438 2928  WSearch - ok
14:29:51.0568 2928  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
14:29:51.0680 2928  wuauserv - ok
14:29:51.0744 2928  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:29:51.0826 2928  WudfPf - ok
14:29:51.0876 2928  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:29:51.0918 2928  WUDFRd - ok
14:29:51.0958 2928  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
14:29:52.0029 2928  wudfsvc - ok
14:29:52.0063 2928  [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
14:29:52.0140 2928  XAudio - ok
14:29:52.0194 2928  [ 15A317674A08DF26BE65164D959E9203 ] XAudioService  C:\Windows\system32\DRIVERS\xaudio.exe
14:29:52.0321 2928  XAudioService - ok
14:29:52.0423 2928  [ 67E3D2AF24C3873E6A0CAC89DE78D63B ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
14:29:52.0491 2928  yukonwlh - ok
14:29:52.0508 2928  ================ Scan global ===============================
14:29:52.0542 2928  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:29:52.0618 2928  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:29:52.0658 2928  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:29:52.0722 2928  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:29:52.0729 2928  [Global] - ok
14:29:52.0730 2928  ================ Scan MBR ==================================
14:29:52.0787 2928  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:29:53.0730 2928  \Device\Harddisk0\DR0 - ok
14:29:53.0731 2928  ================ Scan VBR ==================================
14:29:53.0760 2928  [ 3680D8967E8093D54E8AF8B723B0A986 ] \Device\Harddisk0\DR0\Partition1
14:29:53.0762 2928  \Device\Harddisk0\DR0\Partition1 - ok
14:29:53.0763 2928  ============================================================
14:29:53.0763 2928  Scan finished
14:29:53.0763 2928  ============================================================
14:29:53.0785 4892  Detected object count: 12
14:29:53.0785 4892  Actual detected object count: 12

markusg 04.02.2013 16:39
hi

combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

markusg 04.02.2013 16:41
hi
1.
http://download.bleepingcomputer.com...ta/Winmgmt.reg
Laden, doppelklicken, Nachfrage bestätigen, neustarten.
2.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Steve123 04.02.2013 17:20
Habe alles gemacht wie beschrieben, allerdings kann ich keine combofix.txt auf c:\ finden. Dort befindet sich zwar eine Datei die combofix heißt, diese scheint jedoch "eine Art Ordner zu sein" hinter der sich wieder der Inhalt von c: befindet. Habe ich etwas falsch gemacht?

markusg 04.02.2013 18:01
das log geht doch automatisch auf.
lass es noch mal laufen und öffne dann zusätzlich c:\qoobox quarantained file.txt und poste deren Inhalt

Steve123 05.02.2013 22:00
Hi,

also irgendwas funktioniert nicht. Hab es jetzt insg. 4 mal laufen lassen und es kam keine combofix.txt logfile. Nach 3x hat sich einfach gar nicht getan, gestern kam dann ein blaues Fenster in dem sinngemäß stand: Ihr Computer wird geprüft, dies dauert i.d.R. 10 min, bei stark verseuchten Computern kann es auch doppelt so lang dauern. Dann wurde EWIG geprüft (hab das auch über Nacht laufen lassen) und dann nach c. 12 Stunden abgebrochen.

Die einzige Datei die unter C.\qoobox\quarantine war ist catchme.txt mit folgendem Inhalt:

Code:
-------- 2013-02-04 - 17:02:19  -------------


-------- 2013-02-04 - 18:09:47  -------------

error: 31
Hoffe du kannst mir weiterhelfen.

Gruß

markusg 05.02.2013 22:01
starte neu, drücke f8 wähle abgesicherter Modus, melde dich in deinem Konto an, versuchs dort erneut.
dann wieder in den normalen Modus starten, und log posten.

Steve123 05.02.2013 23:08
hat geklappt
Code:
ComboFix 13-02-03.03 - Nora 05.02.2013  22:35:09.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3038.2581 [GMT 1:00]
ausgeführt von:: c:\users\Nora\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\LMUB1fPE.exe.b
c:\programdata\Roaming
c:\programdata\windows
c:\users\Nora\AppData\Roaming\AcroIEHelpe.txt
c:\users\Nora\AppData\Roaming\Help\coredb\storage
c:\users\Nora\AppData\Roaming\Kefef
c:\users\Nora\AppData\Roaming\Kefef\maynhy.tmp
c:\users\Nora\AppData\Roaming\Kefef\maynhy.unq
c:\users\Nora\AppData\Roaming\srvblck5.tmp
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-05 bis 2013-02-05  ))))))))))))))))))))))))))))))
.
.
2013-02-05 21:46 . 2013-02-05 21:52        --------        d-----w-        c:\users\Nora\AppData\Local\temp
2013-02-05 21:46 . 2013-02-05 21:46        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-02-05 20:56 . 2013-01-18 11:17        6991832        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED53E9E7-7C80-4540-846F-82CEAF31D5F6}\mpengine.dll
2013-02-04 18:55 . 2013-02-04 18:55        --------        d-----w-        C:\_OTL
2013-02-04 18:55 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe
2013-02-04 15:37 . 2013-02-04 15:37        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2013-02-04 15:37 . 2013-02-04 15:37        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2013-02-04 15:37 . 2013-02-04 15:37        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-02-04 15:37 . 2013-02-04 15:37        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-02-04 15:37 . 2013-02-04 15:37        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-02-04 15:37 . 2013-02-04 15:37        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-02-04 15:37 . 2013-02-04 15:37        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-02-04 15:37 . 2013-02-04 15:37        --------        d-----w-        c:\program files\QuickTime
2013-02-04 15:20 . 2013-02-04 15:20        --------        d-----w-        c:\users\Nora\AppData\Roaming\Malwarebytes
2013-02-04 15:20 . 2013-02-04 15:20        --------        d-----w-        c:\programdata\Malwarebytes
2013-02-04 15:19 . 2013-02-04 15:20        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2013-02-04 15:19 . 2012-12-14 15:49        21104        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-02-04 15:13 . 2012-10-30 22:51        361032        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2013-02-04 15:13 . 2012-10-30 22:51        21256        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2013-02-04 15:13 . 2012-10-30 22:51        54232        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2013-02-04 15:13 . 2012-10-30 22:51        35928        ----a-w-        c:\windows\system32\drivers\aswRdr.sys
2013-02-04 15:13 . 2012-10-30 22:51        738504        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2013-02-04 15:13 . 2012-10-30 22:51        58680        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2013-02-04 15:13 . 2012-10-30 22:51        41224        ----a-w-        c:\windows\avastSS.scr
2013-02-04 15:13 . 2012-10-30 22:50        227648        ----a-w-        c:\windows\system32\aswBoot.exe
2013-02-04 15:12 . 2013-02-04 15:12        --------        d-----w-        c:\programdata\AVAST Software
2013-02-04 15:12 . 2013-02-04 15:12        --------        d-----w-        c:\program files\AVAST Software
2013-02-04 14:17 . 2013-02-04 14:17        --------        d-----w-        c:\program files\Common Files\DivX Shared
2013-02-04 14:14 . 2013-02-04 14:19        --------        d-----w-        c:\programdata\DivX
2013-02-04 14:12 . 2013-02-04 14:11        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2013-02-04 14:06 . 2013-02-04 14:06        --------        d-----w-        c:\program files\FileHippo.com
2013-02-04 13:10 . 2013-02-04 14:11        861088        ----a-w-        c:\windows\system32\npdeployJava1.dll
2013-01-23 17:52 . 2013-01-23 17:52        --------        d-----w-        c:\program files\Common Files\Citrix
2013-01-20 22:39 . 2013-01-03 18:34        1638912        ----a-w-        c:\windows\system32\mshtml.tlb
2013-01-20 22:39 . 2012-11-20 04:22        204288        ----a-w-        c:\windows\system32\ncrypt.dll
2013-01-20 22:39 . 2012-11-23 01:35        2048000        ----a-w-        c:\windows\system32\win32k.sys
2013-01-20 22:36 . 2012-11-02 10:19        1400832        ----a-w-        c:\windows\system32\msxml6.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-04 14:11 . 2010-05-21 13:47        782240        ----a-w-        c:\windows\system32\deployJava1.dll
2013-02-04 13:25 . 2012-10-07 17:59        697864        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-02-04 13:25 . 2011-06-03 21:34        74248        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2010-05-21 17:13        232336        ------w-        c:\windows\system32\MpSigStub.exe
2012-12-16 13:12 . 2012-12-21 16:29        34304        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-21 16:29        293376        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-05 15:23 . 2012-12-05 15:23        73544        ----a-w-        c:\windows\system32\drivers\ctxusbm.sys
2012-11-13 20:29 . 2012-11-13 20:29        354216        ----a-w-        c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-13 01:29 . 2012-12-13 16:36        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-11-09 10:42 . 2012-12-13 16:36        916992        ----a-w-        c:\windows\system32\wininet.dll
2012-11-09 10:37 . 2012-12-13 16:36        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2012-11-09 10:36 . 2012-12-13 16:36        1469440        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-11-09 10:36 . 2012-12-13 16:36        71680        ----a-w-        c:\windows\system32\iesetup.dll
2012-11-09 10:36 . 2012-12-13 16:36        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2012-11-09 09:01 . 2012-12-13 16:36        385024        ----a-w-        c:\windows\system32\html.iec
2012-11-09 07:13 . 2012-12-13 16:36        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50        121528        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-11-22 270336]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2013-01-07 446648]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Facebook Update"="c:\users\Nora\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-22 138096]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-09-30 122880]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-11 30192]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-12-08 24576]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-09-09 1097728]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-01 202256]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Nora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
OneNote Inhaltsverzeichnis.onetoc2 [2012-7-7 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 776744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-11-05 17:32        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\browse~1\261123~1.78\{61d8b~1\browse~1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 accvssvc;AccSys WLAN Control Service;c:\program files\Common Files\AccSys\AccVSSvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 13:25]
.
2012-11-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3256999809-2769954180-380837127-1000Core.job
- c:\users\Nora\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-22 16:13]
.
2012-11-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3256999809-2769954180-380837127-1000UA.job
- c:\users\Nora\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-22 16:13]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 19:20]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 19:20]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3256999809-2769954180-380837127-1000Core.job
- c:\users\Nora\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-18 19:10]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3256999809-2769954180-380837127-1000UA.job
- c:\users\Nora\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-18 19:10]
.
2013-01-20 c:\windows\Tasks\ReclaimerUpdateFiles_Nora.job
- c:\users\Nora\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-26 20:02]
.
2013-01-20 c:\windows\Tasks\ReclaimerUpdateXML_Nora.job
- c:\users\Nora\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-26 20:02]
.
2013-01-20 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Nora.job
- c:\users\Nora\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-26 20:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: nibc.com\xs4
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-pasui - (no file)
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-05 22:51
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000042
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3328)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\RtkAudioService.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
c:\windows\system32\schtasks.exe
c:\programdata\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\sony\Network Utility\NSUService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
c:\program files\sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
c:\windows\system32\DllHost.exe
c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\sony\Sony PC Companion\PCCompanionInfo.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Sony\VAIO Power Management\SPMService.exe
c:\program files\Citrix\Receiver\Receiver.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-05  22:58:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-05 21:58
.
Vor Suchlauf: 8 Verzeichnis(se), 244.650.868.736 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 246.552.834.048 Bytes frei
.
- - End Of File - - 857859C16C6628F333BD2AC2FD5549B0

markusg 05.02.2013 23:18
hi
poste mir mal alle Malwarebytes Logs mit Funden
http://www.trojaner-board.de/125889-...en-posten.html

Steve123 06.02.2013 08:07
Malware log:

Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.04.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19393
Nora :: NORA-PC [Administrator]

05.02.2013 23:20:38
MBAM-log-2013-02-06 (08-06-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 405895
Laufzeit: 3 Stunde(n), 19 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.

Infizierte Dateien: 4
C:\Users\Nora\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\1fd07233-5908227c (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\Users\Nora\Desktop\ssk_claro.exe (PUP.BundleInstaller.IB) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\02042013_135539\C_Users\Nora\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Keine Aktion durchgeführt.

(Ende)

markusg 06.02.2013 12:53
hi,
Funde gelöscht? laut Log nicht.

Steve123 06.02.2013 21:05
Nein nicht gelöscht! Mach nur das war ihr sagt ;-)

Hab es nochmal laufen lassen und diesmal die Funde gelöscht.

Log:
Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.06.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19393
Nora :: NORA-PC [Administrator]

06.02.2013 21:07:51
mbam-log-2013-02-06 (21-07-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 406274
Laufzeit: 3 Stunde(n), 23 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\Users\Nora\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\1fd07233-5908227c (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nora\Desktop\ssk_claro.exe (PUP.BundleInstaller.IB) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\02042013_135539\C_Users\Nora\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 07.02.2013 13:06
hi,
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Steve123 07.02.2013 21:04
Code:
Adobe Acrobat  9 Standard - English, Français, Deutsch        Adobe Systems        25.11.2008        759MB        9.0.0  notwendig
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        04.02.2013                11.5.502.146  notwendig
Adobe Photoshop Elements 6.0        Adobe Systems, Inc.        08.12.2008        375MB        6.0  notwendig
Adobe Premiere Elements 4.0        Ihr Firmenname        08.12.2008        1,71GB        4.0 unbekannt
Adobe Premiere Elements 4.0 Templates        Ihr Firmenname        08.12.2008        1,71GB        4.0.0 unbekannt
Alps Pointing-device for VAIO                25.11.2008        2,82MB        unnötig
Amazon MP3-Downloader 1.0.15        Amazon Services LLC        02.08.2012        2,55MB        1.0.15
 notwendig

Apple Application Support        Apple Inc.        04.02.2013        65,0MB        2.3  notwendig
Apple Mobile Device Support        Apple Inc.        23.10.2011        24,3MB        4.0.0.96 notwendig
Apple Software Update        Apple Inc.        23.10.2011        2,38MB        2.1.3.127 notwendig
ArcSoft Magic-i Visual Effects 2        ArcSoft        27.04.2010        34,7MB        2.0.1.39 unnötig
ArcSoft WebCam Companion 2        ArcSoft        27.04.2010        24,3MB        unbekannt
ATI Catalyst Install Manager        ATI Technologies, Inc.        08.12.2008        13,6MB        3.0.682.0 unbekannt
avast! Free Antivirus        AVAST Software        04.02.2013        282MB        7.0.1474.0
 notwendig

Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter Sony Corporation        08.12.2008        56,5MB        2.5
  unnötig

Big Fish Games Spiel-Suite                27.04.2010        132MB        unnötig
Bonjour        Apple Inc.        23.10.2011        1,04MB        3.0.0.10 unnötig
bProtector for Windows                02.02.2013 unbekannt               
CCleaner        Piriform        23.01.2013        5,12MB        3.27 notwendig
Celtx (2.9)        Greyfirst        30.10.2012        44,4MB        2.9 (de) unbekannt
Citrix Access Gateway Endpoint Analysis        Citrix Systems, Inc.        23.01.2013        994KB        9.3.48.6 notwendig
Citrix Endpoint Analysis Client        Citrix Systems, Inc.        18.09.2011        1,85MB        4.5.3.0 notwendig
Citrix Presentation Server Web Client for Win32                18.09.2011        notwendig       
Citrix Receiver        Citrix Systems, Inc.        23.01.2013        56,4MB        13.4.0.25 notwendig
Claro LTD toolbar        Claro LTD        30.10.2012 unnötig               
Click to Disc        Sony Corporation        08.12.2008        70,6MB        1.2.52.09250 notwendig
Click to Disc Editor        Sony Corporation        08.12.2008        186MB        1.2.51 notwendig
Compatibility Pack für 2007 Office System        Microsoft Corporation        08.12.2008        5,86MB        12.0.4518.1014  notwendig
DivX Converter        DivX, Inc.        04.02.2013        30,3MB        6.6.1 notwendig
DivX-Setup        DivX, LLC        04.02.2013        3,33MB        2.6.1.22 notwendig
Dolby Control Center        Dolby        25.11.2008        46,9MB        1.2.0702 unnötig
DSL Connection Manager        Telefónica o2 Germany GmbH & Co. OHG        12.04.2012        21,5MB        2.1.0.18 unnötig
Facebook Video Calling 1.2.0.287        Skype Limited        27.10.2012        4,77MB        1.2.287 unnötig
FileHippo.com Update Checker                04.02.2013        440KB        notwendig
Free Video to MP3 Converter version 5.0.3.1206        DVDVideoSoft Ltd.        18.12.2011        11,7MB        notwendig
Google Chrome        Google Inc.        18.05.2012        328MB        24.0.1312.57 notwendig
Google Desktop        Google        11.08.2010        61,7MB        5.9.1005.12335 unnötig
Google Earth        Google        08.12.2008        33,2MB        4.2.205.5730  notwendig
Google Talk (remove only)                27.04.2010        3,71MB        unnötig
HDAUDIO SoftV92 Data Fax Modem with SmartCP                25.11.2008        1,01MB        unnötig
iCloud        Apple Inc.        12.08.2012        24,2MB        1.1.0.40 notwendig
Intel(R) PROSet/Wireless WiFi-Software        Intel(R) Corporation        08.12.2008        78,4MB        12.01.1000  notwendig
iTunes        Apple Inc.        23.10.2011        168MB        10.5.0.142  notwendig
Java 7 Update 13        Oracle        04.02.2013        130MB        7.0.130 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100        Malwarebytes Corporation        04.02.2013        12,2MB        1.70.0.1100  notwendig
Me&My VAIO        Sony Corporation        08.12.2008        69,8MB        1.0.0.11140  unnötig
Media Go        Sony        10.10.2010        96,0MB        1.4.269 unnötig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        08.05.2010        36,9MB        unbekannt
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        02.05.2010        36,9MB        unbekannt
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        15.09.2010        120MB        4.0.30319 unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        15.09.2010        24,5MB        4.0.30319 unbekannt
Microsoft Office Enterprise 2007        Microsoft Corporation        21.05.2010        305MB        12.0.4518.1014 notwendig
Microsoft Office Home and Student 2007        Microsoft Corporation        08.12.2008        296MB        12.0.6215.1000 notwendig
Microsoft Office PowerPoint Viewer 2007 (German)        Microsoft Corporation        08.12.2008        3,40MB        12.0.4518.1014 notwendig
Microsoft Office Professional Edition 2003        Microsoft Corporation        27.11.2011        166MB        11.0.5614.0 notwendig
Microsoft Office Suite Activation Assistant        Microsoft Corporation        08.12.2008        8,36MB        2.9 unbekannt
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        12.04.2012        419KB        8.0.59193 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        21.05.2010        590KB        9.0.30729.4148 unbekannt
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        03.10.2012        11,1MB        10.0.40219  unbekannt
Microsoft Works        Microsoft Corporation        08.12.2008        377MB        9.7.0621  unnötig
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        02.05.2010        35,0KB        4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        02.05.2010        1,33MB        4.20.9876.0 unbekannt
Music Transfer        Sony Corporation        08.12.2008        40,7MB        1.2.00.17290 unbekannt
OpenMG Secure Module 5.1.00        Sony Corporation        08.12.2008                5.1.00.05200 unbekannt
Picasa 2        Google, Inc.        27.04.2010        35,3MB        2.0 notwendig
PlayStation(R)Network Downloader        Sony Computer Entertainment Inc.        10.10.2010        666KB        2.02.00076 unnötig
PlayStation(R)Store        Sony Computer Entertainment Inc.        10.10.2010        3,44MB        3.1.8.07881 unnötig
QuickTime        Apple Inc.        04.02.2013        73,1MB        7.73.80.64 notwendig
RealPlayer        RealNetworks        01.05.2010        79,1MB        notwendig
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        25.11.2008        26,4MB        6.0.1.5653 unbekannt
Roxio Easy Media Creator 10 LJ        Roxio        27.04.2010        5,25MB        10.1 unbekannt
Setting Utility Series        Sony Corporation        08.12.2008        11,5MB        4.2.0.10150 unbekannt
Skype Click to Call        Skype Technologies S.A.        07.11.2012        41,4MB        6.3.11079 notwendig
Skype™ 5.10        Skype Technologies S.A.        01.10.2012        19,3MB        5.10.116 notwendig
Software Info for Me&My VAIO        Sony Corporation        08.12.2008        296KB        1.0.0.09110 unnötig
SonicStage Mastering Studio        Sony Corporation        08.12.2008        56,5MB        2.6 unnötig
SonicStage Mastering Studio Audio Filter        Sony Corporation        08.12.2008        12,6MB        2.5unnötig
SonicStage Mastering Studio Plugins        Sony Corporation        08.12.2008        30,2MB        2.5 unnötig
Sony Ericsson Update Engine        Sony Ericsson Communications AB        08.07.2012        22,6MB        2.12.8.23 unnötig
Sony PC Companion 2.10.136        Sony        02.02.2013        97,5MB        2.10.136 unnötig
Sony Picture Utility        Sony Corporation        08.12.2008        389MB        3.3.01.09300 unnötig
Sony Video Shared Library        Sony Corporation        08.12.2008        5,27MB        3.5.00 unnötig
Unterstützung für VAIO-Präsentation        Sony Corporation        08.12.2008        3,54MB        1.1.0.08250 unnötig
VAIO Content Folder Setting        Sony Corporation        08.12.2008        7,62MB        2.1.0.08260 unbekannt
VAIO Content Folder Watcher        Sony Corporation        08.12.2008        16,1MB        1.0.01.09030 unbekannt
VAIO Content Metadata Intelligent Analyzing Manager        Sony Corporation        08.12.2008        21,8MB        3.3.0.10012 unbekannt
VAIO Content Metadata Manager Setting        Sony Corporation        08.12.2008        3,19MB        3.3.0.09300  unbekannt
VAIO Content Metadata XML Interface Library        Sony Corporation        08.12.2008        2,56MB        3.3.0.09182  unbekannt
VAIO Control Center        Sony Corporation        08.12.2008        4,68MB        3.2.0.09120 unbekannt
VAIO Data Restore Tool        Sony Corporation        08.12.2008        6,50MB        1.0.04.01170 unbekannt
VAIO DVD Menu Data Basic        Sony Corporation        08.12.2008        543MB        1.0.00.08130 unbekannt
VAIO Edit Components 6.5        Sony Corporation        08.12.2008        35,8MB        6.5unnötig
VAIO Energie Verwaltung        Sony Corporation        25.11.2008        6,52MB        3.2.0.10310 unnötig
VAIO Entertainment Platform        Sony Corporation        08.12.2008        4,74MB        3.2.3.10070 unnötig
VAIO Event Service        Sony Corporation        08.12.2008        7,28MB        4.2.0.11060 unnötig
VAIO Launcher        Sony Corporation        08.12.2008        7,49MB        2.2.0.09090 unnötig
VAIO Marketing Tools        Sony Corporation        27.04.2010        636KB        unnötig
VAIO Media plus        Sony Corporation        08.12.2008        55,0MB        1.2.0.10230unnötig
VAIO Media plus Opening Movie        Sony Corporation        08.12.2008        21,0MB        1.2.0.09100 unnötig
VAIO Movie Story        Sony Corporation        08.12.2008        57,2MB        1.3.01.08060 unnötig
VAIO Movie Story Template Data        Sony Corporation        08.12.2008        398MB        1.3.00.06120 unnötig
VAIO MusicBox        Sony Corporation        08.12.2008        64,4MB        2.1.1.09160 unnötig
VAIO MusicBox Sample Music        Sony Corporation        08.12.2008        90,5MB        1.1.00.14140unnötig
VAIO Original Function Setting        Sony Corporation        08.12.2008        7,20MB        1.5.00.08150 unnötig
VAIO Smart Network        Sony Corporation        08.12.2008        24,4MB        2.2.0.11210 unnötig
VAIO Update 4        Sony Corporation        08.12.2008        2,45MB        4.0.0.08280 unnötig
VAIO Wallpaper Contents        Sony Corporation        08.12.2008        134MB        1.3.0.10310 unnötig
WIDCOMM Bluetooth Software 6.2.0.5800        Broadcom Corporation        25.11.2008        70,7MB        6.2.0.5800 notwendig
WinDVD BD for VAIO        InterVideo Inc.        08.12.2008        114MB        8.0-B9.617 notwendig

markusg 08.02.2013 16:24
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Adobe Premiere : beide
ArcSoft : beide
Big
bProtector
Celtx
Claro
Dolby
DSL
Facebook
Google Desktop
Google Talk
MeMy
Media Go
PlayStation: beide
Sony : alle
Unterstützung
VAIO : unnötige

Öffne CCleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


neustarten, testen, wie PC + Programme wie Browser laufen

Steve123 08.02.2013 22:43
Code:
# AdwCleaner v2.111 - Datei am 08/02/2013 um 22:38:19 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Nora - NORA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Nora\Desktop\adwcleaner2.111.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Nora\Desktop\eBay.lnk
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Nora\AppData\LocalLow\Claro LTD
Ordner Gelöscht : C:\Users\Nora\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Windows\system32\Browser Manager

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\e08f8fb06eee44
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\claro
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\e08f8fb06eee44
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.19393

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\Nora\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.41] : icon_url = "hxxp://www.claro-search.com/favicon.ico",
Gelöscht [l.44] : keyword = "claro-search.com",
Gelöscht [l.47] : search_url = "hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tl=gbn193047&tt=4412_[...]

*************************

AdwCleaner[R2].txt - [6174 octets] - [07/02/2013 21:16:40]
AdwCleaner[R3].txt - [3211 octets] - [08/02/2013 22:38:01]
AdwCleaner[S1].txt - [2930 octets] - [08/02/2013 22:38:19]

########## EOF - C:\AdwCleaner[S1].txt - [2990 octets] ##########

markusg 11.02.2013 13:19
warum nicht die letzte Frage beantwortet?

Steve123 17.02.2013 12:43
Sorry - hatte ich überlesen

Läuft alles soweit gut - kann keine Probleme erkennen

markusg 18.02.2013 17:19
Hi,
öffne OTL, bereinigen, PC startet neu, Remover werden gelöscht.
Lösche übrig gebliebene Remover, Setups, Logs, leere den Papierkorb.
PC absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

Steve123 26.02.2013 20:26
Super!! Vielen lieben Dank für die großartige Hilfe!!!

markusg 26.02.2013 20:45
gerne, meld dich doch bitte bei Erfolg oder Fragen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:23 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27