Trojaner-Board - GMX Account verschickt Spammails

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - GMX Account verschickt Spammails (https://www.trojaner-board.de/114484-gmx-account-verschickt-spammails.html)

GMX Account verschickt Spammails

Hallo!

Hab mich ein bisschen jetzt im Forum umgesehen und hoffe, dass ihr mir helfen könnt. Heute um 7 Uhr früh verschickte mein GMX account Spammails an meine Kontakte;

hab jetzt mal einen Scan mit Malwarebytes gemacht, das ist der report

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.01.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Teresa :: TERESA-PC [Administrator]

01.05.2012 11:16:40
mbam-log-2012-05-01 (11-16-40).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 215119
Laufzeit: 42 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XTTB00001.XTTB00001Toolbar (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Teresa\Downloads\SoftonicDownloader_fuer_idump(1).exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Teresa\Downloads\SoftonicDownloader_fuer_idump.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

wie muss ich jetzt weitervorgehen? Danke für jegliche Hilfe schon im Vorhinein!!

achja, passwort bei meinem account hab ich schon geändert, und das war mein erster scan mit malewarebytes

achja, passwort hab ich bei meinem account schon geändert und das ist mein erster scan mit malwarebytes!

Bin mir sicher, dass die Mails von meinem Account verschickt wurden, da ich die zwei gesendeten Mails in meinem gelöscht Ordner gefunden habe, draufgekommen bin ich mir nur über eine failer demon meldung

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Code:

 ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=e1f1a963f9ae60428ef8482faac54f5a

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-05-01 09:20:24

# local_time=2012-05-01 11:20:24 (+0100, Mitteleuropäische Sommerzeit)

# country="Austria"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1797 16775165 100 100 105713 110791341 21641 0

# compatibility_mode=3584 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776574 100 100 12208 173423905 0 0

# compatibility_mode=8192 67108863 100 0 306 306 0 0

# scanned=209632

# found=2

# cleaned=0

# scan_time=16047

C:\Users\Teresa\AppData\Local\Temp\jar_cache63826.tmp        multiple threats (unable to clean)        00000000000000000000000000000000        I

C:\Users\Teresa\Downloads\installer-8773-32-mp3DirectCut-Deutsch.exe        a variant of Win32/Downloader.Ircfast application (unable to clean)        00000000000000000000000000000000        I

Das war der Qickscan von Malwarebytes

Code:

 Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.05.01.05
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Teresa :: TERESA-PC [Administrator]
 

01.05.2012 11:16:40

mbam-log-2012-05-01 (11-16-40).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 215119

Laufzeit: 42 Minute(n), 14 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 8

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XTTB00001.XTTB00001Toolbar (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 3

C:\Users\Teresa\Downloads\SoftonicDownloader_fuer_idump(1).exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Teresa\Downloads\SoftonicDownloader_fuer_idump.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

und das der volle scan

Code:

 Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.05.01.06
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Teresa :: TERESA-PC [Administrator]
 

01.05.2012 14:44:36

mbam-log-2012-05-01 (14-44-36).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 413680

Laufzeit: 3 Stunde(n), 54 Minute(n), 52 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Danke schon mal für deine Hilfe!!

Zitat:

C:\Users\Teresa\Downloads\SoftonicDownloader_fuer_idump.exe

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

zu 1) es läuft eigentlich alles ganz normal
zu 2) nein, es fehlt nichts, und es finden sich auch keine leeren Ordner; nix da was nicht hingehört

LG

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL Logfile:

Code:

OTL logfile created on: 03.05.2012 09:17:06 - Run 1

OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Teresa\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,81% Memory free

4,22 Gb Paging File | 3,22 Gb Available in Paging File | 76,47% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139,74 Gb Total Space | 12,63 Gb Free Space | 9,04% Space Free | Partition Type: NTFS

 

Computer Name: TERESA-PC | User Name: Teresa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.05.03 09:13:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Teresa\Desktop\OTL.exe

PRC - [2011.11.03 11:20:06 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Program Files\pdf24\pdf24.exe

PRC - [2011.08.01 05:32:20 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

PRC - [2011.08.01 05:32:10 | 003,507,088 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

PRC - [2011.06.28 21:33:01 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.04.28 23:29:52 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011.04.20 10:50:48 | 002,848,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

PRC - [2010.11.03 19:56:50 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.03.05 17:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2008.01.25 15:26:00 | 000,253,976 | ---- | M] (Telekom Austria TA AG) -- C:\Program Files\aon\OnlineFestplatte\OnlineFestplatte.exe

PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007.06.15 13:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe

PRC - [2007.02.13 16:19:48 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe

PRC - [2007.02.13 16:19:48 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe

PRC - [2007.02.09 11:54:42 | 000,923,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

PRC - [2007.01.22 21:39:32 | 000,321,656 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\ISB Utility\ISBMgr.exe

PRC - [2007.01.12 07:52:25 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe

PRC - [2007.01.12 07:52:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe

PRC - [2007.01.12 07:52:23 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe

PRC - [2006.11.28 20:27:46 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

PRC - [2006.11.28 20:09:58 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

PRC - [2006.11.28 20:09:46 | 000,172,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

PRC - [2005.06.23 21:33:00 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.04.12 00:26:57 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aceee343625b7f4576e6d48fb91977e3\PresentationFramework.ni.dll

MOD - [2012.04.12 00:26:10 | 011,469,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5eb81f84116fecd08f3acf0603204457\PresentationCore.ni.dll

MOD - [2012.04.12 00:26:00 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33d45f88d59de3b84f2ed79095e29f41\System.Windows.Forms.ni.dll

MOD - [2012.04.12 00:25:37 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8729094857a3f3185deec237ef30b087\WindowsBase.ni.dll

MOD - [2012.04.12 00:25:32 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5654b44c3d45f7863f6d3d218a87967a\System.Drawing.ni.dll

MOD - [2012.03.05 00:07:37 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\888be382c48887c830026806a9587e31\System.Management.ni.dll

MOD - [2012.03.03 12:14:06 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1378a1c9290882206f4d5a6561bfc5d7\System.Runtime.Remoting.ni.dll

MOD - [2012.03.03 12:13:40 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a07e3882af9ea368a54742fc19c86662\System.Xaml.ni.dll

MOD - [2012.03.01 17:49:14 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\eaeaf5f980c23f6075820513748695d9\PresentationFramework.Aero.ni.dll

MOD - [2012.03.01 17:48:59 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\22d54437cf1de9478f5c2c23f07eb9d6\System.Core.ni.dll

MOD - [2012.03.01 17:48:49 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1084708d3872b8e64f7ec88145298b2d\System.Xml.ni.dll

MOD - [2012.03.01 17:48:32 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff7c4aa829c327b186ef85cff3289bdf\System.ni.dll

MOD - [2012.03.01 17:48:10 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\90842cf922c71c82718ba71d5801c30c\mscorlib.ni.dll

MOD - [2011.08.16 12:49:01 | 000,115,137 | ---- | M] () -- C:\Users\Teresa\AppData\Local\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll

MOD - [2011.08.01 05:32:20 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010.03.05 17:32:36 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2010.03.05 17:32:28 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll

MOD - [2007.06.26 09:55:00 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)

SRV - [2012.04.14 16:09:10 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011.06.28 21:33:01 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.04.28 23:29:52 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2007.02.13 16:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2007.01.24 16:56:24 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe -- (SSScsiSV)

SRV - [2007.01.24 16:56:20 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe -- (SonicStage Back-End Service)

SRV - [2007.01.16 14:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)

SRV - [2007.01.16 14:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)

SRV - [2007.01.16 14:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)

SRV - [2007.01.10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)

SRV - [2007.01.10 11:43:24 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)

SRV - [2007.01.08 17:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)

SRV - [2007.01.08 17:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)

SRV - [2007.01.08 17:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)

SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe -- (SPTISRV)

SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2006.11.28 20:27:46 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)

SRV - [2006.11.28 20:09:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)

SRV - [2006.11.28 20:09:46 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2011.07.20 09:45:52 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2011.07.20 09:45:52 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV - [2011.07.20 09:45:52 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)

DRV - [2011.07.20 09:45:52 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)

DRV - [2011.07.20 09:45:52 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV - [2011.06.28 21:33:20 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.06.28 21:33:20 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.04.11 06:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)

DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.08.18 07:15:48 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007.02.08 05:53:57 | 000,807,424 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)

DRV - [2007.02.06 07:54:39 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)

DRV - [2007.01.24 12:28:35 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)

DRV - [2007.01.12 07:52:24 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007.01.10 13:09:12 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2006.10.18 12:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)

DRV - [2006.07.10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)

DRV - [2006.07.05 14:39:29 | 000,059,256 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)

DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com

IE - HKLM\..\SearchScopes,DefaultScope = {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF}

IE - HKLM\..\SearchScopes\{47A69BFA-63EF-41C2-B09F-7F84F19B5FDF}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta=

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php

IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.telekom.at/suche

IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com/vbc

IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found

IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\..\SearchScopes,DefaultScope = {47A69BFA-63EF-41C2-B09F-7F84F19B5FDF}

IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\..\SearchScopes\{47A69BFA-63EF-41C2-B09F-7F84F19B5FDF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de

IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550

IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.17.3: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)

FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=5.2.5.48: C:\Program Files\Musicnotes\npsibelius.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.22 19:18:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.03 11:59:33 | 000,000,000 | ---D | M]

 

[2008.09.17 20:31:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Teresa\AppData\Roaming\mozilla\Extensions

[2012.05.03 09:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Teresa\AppData\Roaming\mozilla\Firefox\Profiles\etdn0ib6.default\extensions

[2010.05.14 20:53:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Teresa\AppData\Roaming\mozilla\Firefox\Profiles\etdn0ib6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.03.29 12:56:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Teresa\AppData\Roaming\mozilla\Firefox\Profiles\etdn0ib6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2008.04.16 17:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Teresa\AppData\Roaming\mozilla\Sunbird\Profiles\s9ruia50.default\extensions

[2008.11.14 11:52:36 | 000,000,509 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\exalead.xml

[2012.04.29 19:58:59 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-1.xml

[2009.03.21 10:34:42 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-10.xml

[2009.03.30 14:49:04 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-11.xml

[2009.05.05 00:26:43 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-12.xml

[2009.06.15 14:01:51 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-13.xml

[2009.07.29 10:10:06 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-14.xml

[2009.07.29 21:22:59 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-15.xml

[2009.10.08 17:42:17 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-16.xml

[2009.10.28 14:38:17 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-17.xml

[2009.12.17 14:04:03 | 000,000,961 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-18.xml

[2010.01.07 14:58:13 | 000,000,961 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-19.xml

[2008.04.02 17:44:08 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-2.xml

[2010.02.18 18:52:01 | 000,000,961 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-20.xml

[2010.03.21 13:48:51 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-21.xml

[2010.03.24 18:07:42 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-22.xml

[2010.04.09 09:11:42 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-23.xml

[2010.06.23 23:10:34 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-24.xml

[2010.06.27 20:16:49 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-25.xml

[2010.08.19 16:45:26 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-26.xml

[2010.09.08 22:11:02 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-27.xml

[2010.09.17 15:18:17 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-28.xml

[2010.10.25 17:00:19 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-29.xml

[2008.04.19 18:32:42 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-3.xml

[2010.10.28 13:12:48 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-30.xml

[2010.12.10 15:20:30 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-31.xml

[2011.03.02 11:40:10 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-32.xml

[2011.03.06 02:36:34 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-33.xml

[2011.03.24 01:15:38 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-34.xml

[2011.04.30 15:33:36 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-35.xml

[2011.04.30 15:37:58 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-36.xml

[2011.06.22 20:38:18 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-37.xml

[2008.06.19 09:18:52 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-4.xml

[2008.09.12 20:42:44 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-5.xml

[2008.10.03 10:28:27 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-6.xml

[2008.11.15 15:43:34 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-7.xml

[2008.12.19 00:03:59 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-8.xml

[2009.02.06 12:48:44 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-9.xml

[2008.02.19 19:16:46 | 000,000,951 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin.xml

[2012.03.22 19:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2012.03.22 19:18:43 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.03.01 17:39:00 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.02.16 13:42:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.16 13:42:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.02.16 13:42:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.16 13:42:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.16 13:42:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.16 13:42:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google ()

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)

O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found

O3 - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [PDFPrint] C:\Program Files\pdf24\pdf24.exe (Geek Software GmbH)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)

O4 - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()

O4 - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003..\Run: [OnlineFestplatte] C:\Program Files\aon\Onlinefestplatte\OnlineFestplatte.exe (Telekom Austria TA AG)

O7 - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - hxxp://-Web.Washer-/ie_add File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75150A78-C350-47D0-A029-3EEC5D8DD586}: DhcpNameServer = 10.0.0.138

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)

O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Toco Toucan.jpg

O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Toco Toucan.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{a5e030d4-3df7-11dd-9515-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{a5e030d4-3df7-11dd-9515-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vsmon - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)

Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.03 09:13:16 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Teresa\Desktop\OTL.exe

[2012.05.01 18:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.05.01 11:10:06 | 000,000,000 | ---D | C] -- C:\Users\Teresa\AppData\Roaming\Malwarebytes

[2012.05.01 11:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.05.01 11:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.05.01 11:09:20 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.05.01 11:09:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.03 09:13:23 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Teresa\Desktop\OTL.exe

[2012.05.03 09:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.05.03 09:02:09 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.05.03 09:01:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.05.03 08:59:17 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.03 08:59:17 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.03 08:58:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.05.03 08:58:32 | 2137,186,304 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.01 11:09:29 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.19 11:57:51 | 000,002,623 | ---- | M] () -- C:\Users\Teresa\Desktop\Microsoft Word.lnk

[2012.04.12 00:23:28 | 000,698,920 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.04.12 00:23:28 | 000,654,058 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.04.12 00:23:28 | 000,156,436 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.04.12 00:23:28 | 000,127,372 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.05.01 11:09:29 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.10 21:52:54 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.01.13 00:45:05 | 000,036,468 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate

[2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

[2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

[2010.05.26 15:09:06 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

 
 ========== LOP Check ==========

 

[2010.11.30 19:13:39 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\CheckPoint

[2009.12.18 15:59:05 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\flightgear.org

[2011.05.31 21:34:37 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\gtk-2.0

[2009.10.18 19:46:36 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\HappyFoto

[2008.06.16 13:56:09 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\ICQ

[2007.10.15 10:40:31 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\ICQ Toolbar

[2011.08.29 00:46:47 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Image Zone Express

[2009.03.29 17:08:34 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\InterVideo

[2010.01.21 20:43:44 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien

[2008.03.28 00:10:18 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\mquadr.at

[2008.09.09 22:04:29 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Printer Info Cache

[2011.05.16 21:14:44 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Samsung

[2009.11.14 19:24:07 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\SharePod

[2009.04.26 12:44:56 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\SignaturUmgebung

[2012.03.06 19:35:24 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Spotify

[2008.04.16 17:53:03 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Template

[2012.05.02 18:20:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2008.11.12 11:24:42 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Adobe

[2010.06.22 17:03:59 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Apple Computer

[2010.04.16 19:13:49 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Avira

[2010.11.30 19:13:39 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\CheckPoint

[2010.03.20 18:27:10 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\DivX

[2009.12.18 15:59:05 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\flightgear.org

[2007.10.14 15:44:25 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Google

[2011.05.31 21:34:37 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\gtk-2.0

[2009.10.18 19:46:36 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\HappyFoto

[2008.11.06 18:48:39 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\HP

[2012.03.01 22:27:19 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\HpUpdate

[2008.06.16 13:56:09 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\ICQ

[2007.10.15 10:40:31 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\ICQ Toolbar

[2007.02.26 12:15:52 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Identities

[2011.08.29 00:46:47 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Image Zone Express

[2007.10.12 19:25:54 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\InstallShield

[2009.03.29 17:08:34 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\InterVideo

[2007.02.26 18:07:38 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Macromedia

[2012.05.01 11:10:06 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Media Center Programs

[2010.01.21 20:43:44 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien

[2011.05.16 21:57:04 | 000,000,000 | --SD | M] -- C:\Users\Teresa\AppData\Roaming\Microsoft

[2008.09.17 20:31:20 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Mozilla

[2008.03.28 00:10:18 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\mquadr.at

[2008.09.09 22:04:29 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Printer Info Cache

[2011.05.16 21:14:44 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Samsung

[2009.11.14 19:24:07 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\SharePod

[2009.10.27 17:04:30 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Sibelius Software

[2009.04.26 12:44:56 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\SignaturUmgebung

[2011.07.29 20:46:51 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Skype

[2011.07.29 19:55:15 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\skypePM

[2007.11.15 21:53:45 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Sony Corporation

[2012.03.06 19:35:24 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Spotify

[2008.04.16 17:52:30 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Talkback

[2008.04.16 17:53:03 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\Template

[2011.10.02 19:45:39 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\U3

[2008.09.23 20:51:58 | 000,000,000 | ---D | M] -- C:\Users\Teresa\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.08.16 12:38:59 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x86.exe

[2011.04.29 01:24:06 | 000,934,800 | ---- | M] (Samsung) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe

[2011.04.29 01:24:10 | 000,278,928 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe

[2011.04.29 01:24:08 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe

[2011.04.27 14:19:58 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe

[2011.04.27 14:19:58 | 000,283,136 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe

[2011.04.27 14:19:58 | 000,659,456 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe

[2011.04.27 14:19:58 | 000,107,008 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\HSPConnection.exe

[2011.04.29 01:24:14 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe

[2011.04.29 01:24:16 | 000,131,984 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe

[2011.04.29 01:24:18 | 000,019,856 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe

[2011.04.29 01:24:22 | 004,661,464 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe

[2011.04.27 14:19:26 | 020,636,968 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe

[2011.04.29 01:24:24 | 000,360,336 | ---- | M] (ml) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\temp\Kies.Update.exe

[2011.08.01 05:32:24 | 000,362,384 | ---- | M] (ml) -- C:\Users\Teresa\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe

[2012.02.10 00:00:44 | 004,009,648 | ---- | M] (Spotify Ltd) -- C:\Users\Teresa\AppData\Roaming\Spotify\spotify.exe

[2011.11.16 12:06:03 | 000,090,044 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Spotify\Uninstall.exe

[2006.12.14 10:00:02 | 000,110,592 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\U3\temp\cleanup.exe

[2007.02.12 17:46:54 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Users\Teresa\AppData\Roaming\U3\temp\Launchpad Removal.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.02.16 14:37:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2008.02.16 14:37:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2008.02.16 14:37:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2007.10.13 14:29:30 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll

[2007.10.13 14:29:30 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys

[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2007.02.26 21:02:21 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2007.02.26 21:02:19 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2007.02.26 21:02:21 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2007.02.26 21:02:31 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2007.02.26 21:02:34 | 006,008,832 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550

IE - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

FF - user.js - File not found

[2010.05.14 20:53:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Teresa\AppData\Roaming\mozilla\Firefox\Profiles\etdn0ib6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.03.29 12:56:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Teresa\AppData\Roaming\mozilla\Firefox\Profiles\etdn0ib6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2008.04.16 17:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Teresa\AppData\Roaming\mozilla\Sunbird\Profiles\s9ruia50.default\extensions

[2008.11.14 11:52:36 | 000,000,509 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\exalead.xml

[2012.04.29 19:58:59 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-1.xml

[2009.03.21 10:34:42 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-10.xml

[2009.03.30 14:49:04 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-11.xml

[2009.05.05 00:26:43 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-12.xml

[2009.06.15 14:01:51 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-13.xml

[2009.07.29 10:10:06 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-14.xml

[2009.07.29 21:22:59 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-15.xml

[2009.10.08 17:42:17 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-16.xml

[2009.10.28 14:38:17 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-17.xml

[2009.12.17 14:04:03 | 000,000,961 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-18.xml

[2010.01.07 14:58:13 | 000,000,961 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-19.xml

[2008.04.02 17:44:08 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-2.xml

[2010.02.18 18:52:01 | 000,000,961 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-20.xml

[2010.03.21 13:48:51 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-21.xml

[2010.03.24 18:07:42 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-22.xml

[2010.04.09 09:11:42 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-23.xml

[2010.06.23 23:10:34 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-24.xml

[2010.06.27 20:16:49 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-25.xml

[2010.08.19 16:45:26 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-26.xml

[2010.09.08 22:11:02 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-27.xml

[2010.09.17 15:18:17 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-28.xml

[2010.10.25 17:00:19 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-29.xml

[2008.04.19 18:32:42 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-3.xml

[2010.10.28 13:12:48 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-30.xml

[2010.12.10 15:20:30 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-31.xml

[2011.03.02 11:40:10 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-32.xml

[2011.03.06 02:36:34 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-33.xml

[2011.03.24 01:15:38 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-34.xml

[2011.04.30 15:33:36 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-35.xml

[2011.04.30 15:37:58 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-36.xml

[2011.06.22 20:38:18 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-37.xml

[2008.06.19 09:18:52 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-4.xml

[2008.09.12 20:42:44 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-5.xml

[2008.10.03 10:28:27 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-6.xml

[2008.11.15 15:43:34 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-7.xml

[2008.12.19 00:03:59 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-8.xml

[2009.02.06 12:48:44 | 000,000,950 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-9.xml

[2008.02.19 19:16:46 | 000,000,951 | ---- | M] () -- C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin.xml

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)

O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found

O3 - HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found

O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{a5e030d4-3df7-11dd-9515-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{a5e030d4-3df7-11dd-9515-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe

:Files

C:\Users\Teresa\AppData\Roaming\CheckPoint

C:\Users\Teresa\AppData\Roaming\ICQ Toolbar

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

 All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

HKU\S-1-5-21-2997398748-1152511716-2951032985-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

Prefs.js: "ICQ Search" removed from browser.search.defaultenginename

Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL

Folder C:\Users\Teresa\AppData\Roaming\mozilla\Firefox\Profiles\etdn0ib6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.

Folder C:\Users\Teresa\AppData\Roaming\mozilla\Firefox\Profiles\etdn0ib6.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.

Folder C:\Users\Teresa\AppData\Roaming\mozilla\Sunbird\Profiles\s9ruia50.default\extensions\ not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\exalead.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-1.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-10.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-11.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-12.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-13.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-14.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-15.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-16.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-17.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-18.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-19.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-2.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-20.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-21.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-22.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-23.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-24.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-25.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-26.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-27.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-28.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-29.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-3.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-30.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-31.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-32.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-33.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-34.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-35.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-36.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-37.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-4.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-5.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-6.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-7.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-8.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin-9.xml not found.

File C:\Users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\searchplugins\icqplugin.xml not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ not found.

File C:\PROGRA~1\GOOGLE~1\BAE.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.

Registry value HKEY_USERS\S-1-5-21-2997398748-1152511716-2951032985-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Zur Filterliste hinzufügen (WebWasher)\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File C:\autoexec.bat not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5e030d4-3df7-11dd-9515-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5e030d4-3df7-11dd-9515-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5e030d4-3df7-11dd-9515-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5e030d4-3df7-11dd-9515-806e6f6e6963}\ not found.

File G:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.

File G:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.

File H:\Autorun.exe not found.

========== FILES ==========

File\Folder C:\Users\Teresa\AppData\Roaming\CheckPoint not found.

File\Folder C:\Users\Teresa\AppData\Roaming\ICQ Toolbar not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

 

User: Kerstin

 

User: Public

 

User: Teresa

->Temp folder emptied: 354949 bytes

->Temporary Internet Files folder emptied: 67265 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 6830902 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 456 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 9871057875 bytes

RecycleBin emptied: 959673 bytes

 

Total Files Cleaned = 9.422,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

 

User: Kerstin

 

User: Public

 

User: Teresa

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.42.2 log created on 05032012_212145
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

zwischendurch mal ein großes Dankeschön für deine Mühe

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Code:

 13:53:48.0242 5704        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18

13:53:48.0625 5704        ============================================================

13:53:48.0626 5704        Current date / time: 2012/05/04 13:53:48.0625

13:53:48.0626 5704        SystemInfo:

13:53:48.0626 5704        

13:53:48.0626 5704        OS Version: 6.0.6002 ServicePack: 2.0

13:53:48.0626 5704        Product type: Workstation

13:53:48.0626 5704        ComputerName: TERESA-PC

13:53:48.0627 5704        UserName: Teresa

13:53:48.0627 5704        Windows directory: C:\Windows

13:53:48.0627 5704        System windows directory: C:\Windows

13:53:48.0627 5704        Processor architecture: Intel x86

13:53:48.0627 5704        Number of processors: 2

13:53:48.0627 5704        Page size: 0x1000

13:53:48.0627 5704        Boot type: Normal boot

13:53:48.0627 5704        ============================================================

13:53:50.0923 5704        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:53:50.0932 5704        ============================================================

13:53:50.0932 5704        \Device\Harddisk0\DR0:

13:53:50.0933 5704        MBR partitions:

13:53:50.0933 5704        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x12A0800, BlocksNum 0x11778EB0

13:53:50.0933 5704        ============================================================

13:53:50.0967 5704        C: <-> \Device\Harddisk0\DR0\Partition0

13:53:50.0968 5704        ============================================================

13:53:50.0968 5704        Initialize success

13:53:50.0968 5704        ============================================================

13:55:01.0243 2120        ============================================================

13:55:01.0243 2120        Scan started

13:55:01.0243 2120        Mode: Manual; SigCheck; TDLFS; 

13:55:01.0244 2120        ============================================================

13:55:01.0681 2120        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

13:55:01.0999 2120        ACPI - ok

13:55:02.0349 2120        AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

13:55:02.0387 2120        AdobeFlashPlayerUpdateSvc - ok

13:55:02.0458 2120        adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

13:55:02.0518 2120        adp94xx - ok

13:55:02.0572 2120        adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

13:55:02.0618 2120        adpahci - ok

13:55:02.0650 2120        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

13:55:02.0685 2120        adpu160m - ok

13:55:02.0713 2120        adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

13:55:02.0751 2120        adpu320 - ok

13:55:02.0800 2120        AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

13:55:02.0949 2120        AeLookupSvc - ok

13:55:03.0041 2120        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

13:55:03.0143 2120        AFD - ok

13:55:03.0201 2120        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

13:55:03.0234 2120        agp440 - ok

13:55:03.0277 2120        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

13:55:03.0311 2120        aic78xx - ok

13:55:03.0349 2120        ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

13:55:03.0617 2120        ALG - ok

13:55:03.0644 2120        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

13:55:03.0674 2120        aliide - ok

13:55:03.0717 2120        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

13:55:03.0751 2120        amdagp - ok

13:55:03.0769 2120        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

13:55:03.0800 2120        amdide - ok

13:55:03.0823 2120        AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

13:55:04.0095 2120        AmdK7 - ok

13:55:04.0119 2120        AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

13:55:04.0277 2120        AmdK8 - ok

13:55:04.0337 2120        androidusb      (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\Windows\system32\Drivers\ssadadb.sys

13:55:04.0470 2120        androidusb - ok

13:55:04.0712 2120        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe

13:55:04.0741 2120        AntiVirSchedulerService - ok

13:55:04.0798 2120        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

13:55:04.0830 2120        AntiVirService - ok

13:55:04.0909 2120        ApfiltrService  (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys

13:55:04.0984 2120        ApfiltrService - ok

13:55:05.0060 2120        Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

13:55:05.0134 2120        Appinfo - ok

13:55:05.0274 2120        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

13:55:05.0303 2120        Apple Mobile Device - ok

13:55:05.0353 2120        arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

13:55:05.0386 2120        arc - ok

13:55:05.0426 2120        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

13:55:05.0460 2120        arcsas - ok

13:55:05.0533 2120        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

13:55:05.0645 2120        AsyncMac - ok

13:55:05.0682 2120        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

13:55:05.0716 2120        atapi - ok

13:55:05.0868 2120        athr            (7fa516fc81dd5931f389b56279a27a3e) C:\Windows\system32\DRIVERS\athr.sys

13:55:06.0017 2120        athr - ok

13:55:06.0137 2120        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

13:55:06.0212 2120        AudioEndpointBuilder - ok

13:55:06.0226 2120        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

13:55:06.0293 2120        Audiosrv - ok

13:55:06.0480 2120        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

13:55:06.0501 2120        avgio - ok

13:55:06.0582 2120        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys

13:55:06.0616 2120        avgntflt - ok

13:55:06.0656 2120        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys

13:55:06.0685 2120        avipbb - ok

13:55:06.0759 2120        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

13:55:06.0856 2120        Beep - ok

13:55:06.0938 2120        BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

13:55:07.0038 2120        BFE - ok

13:55:07.0143 2120        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll

13:55:07.0259 2120        BITS - ok

13:55:07.0268 2120        blbdrive - ok

13:55:07.0566 2120        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe

13:55:07.0611 2120        Bonjour Service - ok

13:55:07.0662 2120        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

13:55:07.0733 2120        bowser - ok

13:55:07.0777 2120        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

13:55:07.0833 2120        BrFiltLo - ok

13:55:07.0847 2120        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

13:55:07.0933 2120        BrFiltUp - ok

13:55:07.0983 2120        Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

13:55:08.0082 2120        Browser - ok

13:55:08.0108 2120        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

13:55:08.0272 2120        Brserid - ok

13:55:08.0298 2120        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

13:55:08.0447 2120        BrSerWdm - ok

13:55:08.0472 2120        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

13:55:08.0622 2120        BrUsbMdm - ok

13:55:08.0643 2120        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

13:55:08.0771 2120        BrUsbSer - ok

13:55:08.0812 2120        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

13:55:08.0944 2120        BTHMODEM - ok

13:55:09.0033 2120        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

13:55:09.0132 2120        cdfs - ok

13:55:09.0174 2120        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

13:55:09.0259 2120        cdrom - ok

13:55:09.0322 2120        CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

13:55:09.0399 2120        CertPropSvc - ok

13:55:09.0448 2120        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

13:55:09.0594 2120        circlass - ok

13:55:09.0707 2120        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

13:55:09.0755 2120        CLFS - ok

13:55:09.0840 2120        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:55:09.0873 2120        clr_optimization_v2.0.50727_32 - ok

13:55:10.0341 2120        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:55:10.0374 2120        clr_optimization_v4.0.30319_32 - ok

13:55:10.0521 2120        CLTNetCnService - ok

13:55:10.0593 2120        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

13:55:10.0689 2120        CmBatt - ok

13:55:10.0734 2120        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

13:55:10.0765 2120        cmdide - ok

13:55:10.0775 2120        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

13:55:10.0808 2120        Compbatt - ok

13:55:10.0817 2120        COMSysApp - ok

13:55:10.0832 2120        crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

13:55:10.0864 2120        crcdisk - ok

13:55:10.0893 2120        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

13:55:11.0048 2120        Crusoe - ok

13:55:11.0118 2120        CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll

13:55:11.0193 2120        CryptSvc - ok

13:55:11.0285 2120        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

13:55:11.0437 2120        DcomLaunch - ok

13:55:11.0487 2120        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

13:55:11.0561 2120        DfsC - ok

13:55:11.0760 2120        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

13:55:11.0946 2120        DFSR - ok

13:55:12.0116 2120        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

13:55:12.0190 2120        Dhcp - ok

13:55:12.0286 2120        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

13:55:12.0322 2120        disk - ok

13:55:12.0352 2120        DMICall         (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys

13:55:12.0378 2120        DMICall - ok

13:55:12.0445 2120        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

13:55:12.0495 2120        Dnscache - ok

13:55:12.0539 2120        dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

13:55:12.0624 2120        dot3svc - ok

13:55:12.0694 2120        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

13:55:12.0792 2120        Dot4 - ok

13:55:12.0842 2120        Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

13:55:12.0932 2120        Dot4Print - ok

13:55:12.0956 2120        dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

13:55:13.0048 2120        dot4usb - ok

13:55:13.0122 2120        DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

13:55:13.0242 2120        DPS - ok

13:55:13.0293 2120        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

13:55:13.0374 2120        drmkaud - ok

13:55:13.0454 2120        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

13:55:13.0524 2120        DXGKrnl - ok

13:55:13.0612 2120        E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

13:55:13.0756 2120        E1G60 - ok

13:55:13.0827 2120        EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

13:55:13.0911 2120        EapHost - ok

13:55:13.0985 2120        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

13:55:14.0026 2120        Ecache - ok

13:55:14.0114 2120        ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

13:55:14.0177 2120        ehRecvr - ok

13:55:14.0248 2120        ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

13:55:14.0321 2120        ehSched - ok

13:55:14.0346 2120        ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

13:55:14.0401 2120        ehstart - ok

13:55:14.0480 2120        elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

13:55:14.0527 2120        elxstor - ok

13:55:14.0611 2120        EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

13:55:14.0720 2120        EMDMgmt - ok

13:55:14.0786 2120        EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

13:55:14.0888 2120        EventSystem - ok

13:55:14.0986 2120        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

13:55:15.0065 2120        exfat - ok

13:55:15.0122 2120        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

13:55:15.0201 2120        fastfat - ok

13:55:15.0253 2120        fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

13:55:15.0404 2120        fdc - ok

13:55:15.0449 2120        fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

13:55:15.0556 2120        fdPHost - ok

13:55:15.0597 2120        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

13:55:15.0741 2120        FDResPub - ok

13:55:15.0815 2120        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

13:55:15.0851 2120        FileInfo - ok

13:55:15.0900 2120        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

13:55:15.0988 2120        Filetrace - ok

13:55:16.0041 2120        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

13:55:16.0187 2120        flpydisk - ok

13:55:16.0630 2120        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

13:55:16.0674 2120        FltMgr - ok

13:55:16.0804 2120        FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

13:55:16.0959 2120        FontCache - ok

13:55:17.0066 2120        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:55:17.0097 2120        FontCache3.0.0.0 - ok

13:55:17.0165 2120        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

13:55:17.0236 2120        Fs_Rec - ok

13:55:17.0274 2120        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

13:55:17.0306 2120        gagp30kx - ok

13:55:17.0360 2120        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

13:55:17.0385 2120        GEARAspiWDM - ok

13:55:17.0515 2120        GoogleDesktopManager-061008-081103 (6542dc2e93bce4d4289fa70a4d367dc2) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

13:55:17.0540 2120        GoogleDesktopManager-061008-081103 - ok

13:55:17.0641 2120        gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

13:55:17.0743 2120        gpsvc - ok

13:55:17.0849 2120        gupdate1c9b22b9c050ae8 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

13:55:17.0878 2120        gupdate1c9b22b9c050ae8 - ok

13:55:17.0899 2120        gupdatem        (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe

13:55:17.0928 2120        gupdatem - ok

13:55:17.0993 2120        gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

13:55:18.0023 2120        gusvc - ok

13:55:18.0084 2120        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

13:55:18.0238 2120        HdAudAddService - ok

13:55:18.0314 2120        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:55:18.0470 2120        HDAudBus - ok

13:55:18.0503 2120        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

13:55:18.0657 2120        HidBth - ok

13:55:18.0710 2120        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

13:55:18.0854 2120        HidIr - ok

13:55:18.0913 2120        hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll

13:55:18.0993 2120        hidserv - ok

13:55:19.0036 2120        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

13:55:19.0111 2120        HidUsb - ok

13:55:19.0158 2120        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

13:55:19.0249 2120        hkmsvc - ok

13:55:19.0298 2120        HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

13:55:19.0329 2120        HpCISSs - ok

13:55:19.0611 2120        hpqcxs08        (e4e285a3766b4a57401feeaf66cb07b5) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

13:55:19.0627 2120        hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

13:55:19.0628 2120        hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

13:55:19.0724 2120        hpqddsvc        (ee4c7a4cf2316701ffde90f404520265) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

13:55:19.0752 2120        hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

13:55:19.0752 2120        hpqddsvc - detected UnsignedFile.Multi.Generic (1)

13:55:19.0873 2120        HSF_DPV         (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys

13:55:19.0982 2120        HSF_DPV - ok

13:55:20.0046 2120        HSXHWAZL        (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

13:55:20.0103 2120        HSXHWAZL - ok

13:55:20.0172 2120        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

13:55:20.0295 2120        HTTP - ok

13:55:20.0338 2120        i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

13:55:20.0370 2120        i2omp - ok

13:55:20.0436 2120        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

13:55:20.0510 2120        i8042prt - ok

13:55:20.0571 2120        iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

13:55:20.0612 2120        iaStorV - ok

13:55:20.0850 2120        IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

13:55:20.0888 2120        IDriverT ( UnsignedFile.Multi.Generic ) - warning

13:55:20.0888 2120        IDriverT - detected UnsignedFile.Multi.Generic (1)

13:55:21.0054 2120        idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:55:21.0176 2120        idsvc - ok

13:55:21.0439 2120        igfx            (62448322731ac1beda52e2b3327046ee) C:\Windows\system32\DRIVERS\igdkmd32.sys

13:55:21.0611 2120        igfx - ok

13:55:21.0770 2120        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

13:55:21.0801 2120        iirsp - ok

13:55:21.0870 2120        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

13:55:21.0978 2120        IKEEXT - ok

13:55:22.0157 2120        IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys

13:55:22.0305 2120        IntcAzAudAddService - ok

13:55:22.0465 2120        intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

13:55:22.0496 2120        intelide - ok

13:55:22.0559 2120        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

13:55:22.0654 2120        intelppm - ok

13:55:22.0711 2120        IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

13:55:22.0789 2120        IPBusEnum - ok

13:55:22.0844 2120        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:55:22.0937 2120        IpFilterDriver - ok

13:55:23.0014 2120        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

13:55:23.0096 2120        iphlpsvc - ok

13:55:23.0114 2120        IpInIp - ok

13:55:23.0163 2120        IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

13:55:23.0315 2120        IPMIDRV - ok

13:55:23.0365 2120        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

13:55:23.0462 2120        IPNAT - ok

13:55:23.0594 2120        iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe

13:55:23.0698 2120        iPod Service - ok

13:55:23.0747 2120        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

13:55:23.0832 2120        IRENUM - ok

13:55:23.0870 2120        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

13:55:23.0903 2120        isapnp - ok

13:55:23.0948 2120        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

13:55:23.0990 2120        iScsiPrt - ok

13:55:24.0015 2120        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

13:55:24.0047 2120        iteatapi - ok

13:55:24.0085 2120        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

13:55:24.0118 2120        iteraid - ok

13:55:24.0177 2120        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

13:55:24.0213 2120        kbdclass - ok

13:55:24.0230 2120        kbdhid          (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

13:55:24.0376 2120        kbdhid - ok

13:55:24.0466 2120        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:55:24.0544 2120        KeyIso - ok

13:55:24.0600 2120        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

13:55:24.0660 2120        KSecDD - ok

13:55:24.0743 2120        KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

13:55:24.0854 2120        KtmRm - ok

13:55:24.0916 2120        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll

13:55:25.0009 2120        LanmanServer - ok

13:55:25.0050 2120        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

13:55:25.0123 2120        LanmanWorkstation - ok

13:55:25.0288 2120        LiveUpdate Notice Ex - ok

13:55:25.0405 2120        LiveUpdate Notice Service (2d1389e05a807d956829f44bd4b60389) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

13:55:25.0480 2120        LiveUpdate Notice Service - ok

13:55:25.0560 2120        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

13:55:25.0650 2120        lltdio - ok

13:55:25.0717 2120        lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

13:55:25.0817 2120        lltdsvc - ok

13:55:25.0844 2120        lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

13:55:26.0001 2120        lmhosts - ok

13:55:26.0357 2120        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

13:55:26.0393 2120        LSI_FC - ok

13:55:26.0448 2120        LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

13:55:26.0483 2120        LSI_SAS - ok

13:55:26.0522 2120        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

13:55:26.0557 2120        LSI_SCSI - ok

13:55:26.0634 2120        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

13:55:26.0737 2120        luafv - ok

13:55:26.0786 2120        Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

13:55:26.0848 2120        Mcx2Svc - ok

13:55:27.0061 2120        MDM             (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

13:55:27.0104 2120        MDM - ok

13:55:27.0133 2120        mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

13:55:27.0177 2120        mdmxsdk - ok

13:55:27.0239 2120        megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

13:55:27.0270 2120        megasas - ok

13:55:27.0413 2120        MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

13:55:27.0521 2120        MMCSS - ok

13:55:27.0623 2120        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

13:55:27.0719 2120        Modem - ok

13:55:27.0827 2120        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

13:55:27.0930 2120        monitor - ok

13:55:27.0951 2120        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

13:55:27.0986 2120        mouclass - ok

13:55:28.0068 2120        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

13:55:28.0160 2120        mouhid - ok

13:55:28.0242 2120        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

13:55:28.0279 2120        MountMgr - ok

13:55:28.0314 2120        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

13:55:28.0365 2120        mpio - ok

13:55:28.0413 2120        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

13:55:28.0470 2120        mpsdrv - ok

13:55:28.0778 2120        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

13:55:28.0867 2120        MpsSvc - ok

13:55:28.0918 2120        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

13:55:28.0951 2120        Mraid35x - ok

13:55:28.0994 2120        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

13:55:29.0051 2120        MRxDAV - ok

13:55:29.0103 2120        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:55:29.0172 2120        mrxsmb - ok

13:55:29.0391 2120        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:55:29.0448 2120        mrxsmb10 - ok

13:55:29.0522 2120        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:55:29.0564 2120        mrxsmb20 - ok

13:55:29.0633 2120        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

13:55:29.0668 2120        msahci - ok

13:55:29.0990 2120        MSCSPTISRV      (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe

13:55:30.0027 2120        MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning

13:55:30.0027 2120        MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)

13:55:30.0124 2120        msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

13:55:30.0167 2120        msdsm - ok

13:55:30.0308 2120        MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

13:55:30.0410 2120        MSDTC - ok

13:55:30.0543 2120        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

13:55:30.0622 2120        Msfs - ok

13:55:30.0684 2120        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

13:55:30.0718 2120        msisadrv - ok

13:55:30.0967 2120        MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

13:55:31.0063 2120        MSiSCSI - ok

13:55:31.0071 2120        msiserver - ok

13:55:31.0179 2120        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

13:55:31.0268 2120        MSKSSRV - ok

13:55:31.0349 2120        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

13:55:31.0430 2120        MSPCLOCK - ok

13:55:31.0508 2120        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

13:55:31.0605 2120        MSPQM - ok

13:55:31.0868 2120        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

13:55:31.0911 2120        MsRPC - ok

13:55:32.0112 2120        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

13:55:32.0145 2120        mssmbios - ok

13:55:32.0197 2120        MSSQL$VAIO_VEDB - ok

13:55:32.0581 2120        MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

13:55:32.0609 2120        MSSQLServerADHelper - ok

13:55:32.0715 2120        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

13:55:32.0820 2120        MSTEE - ok

13:55:33.0149 2120        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

13:55:33.0186 2120        Mup - ok

13:55:34.0556 2120        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

13:55:34.0824 2120        napagent - ok

13:55:34.0889 2120        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

13:55:34.0986 2120        NativeWifiP - ok

13:55:36.0127 2120        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

13:55:36.0197 2120        NDIS - ok

13:55:36.0326 2120        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

13:55:36.0400 2120        NdisTapi - ok

13:55:36.0506 2120        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

13:55:36.0577 2120        Ndisuio - ok

13:55:36.0934 2120        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

13:55:37.0032 2120        NdisWan - ok

13:55:37.0260 2120        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

13:55:37.0401 2120        NDProxy - ok

13:55:37.0471 2120        Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll

13:55:37.0516 2120        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

13:55:37.0516 2120        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

13:55:37.0564 2120        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

13:55:37.0638 2120        NetBIOS - ok

13:55:38.0161 2120        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

13:55:38.0304 2120        netbt - ok

13:55:38.0343 2120        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:55:38.0379 2120        Netlogon - ok

13:55:38.0908 2120        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

13:55:39.0040 2120        Netman - ok

13:55:39.0203 2120        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

13:55:39.0309 2120        netprofm - ok

13:55:40.0471 2120        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:55:40.0669 2120        NetTcpPortSharing - ok

13:55:44.0233 2120        NETw3v32        (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys

13:55:44.0497 2120        NETw3v32 - ok

13:55:47.0258 2120        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

13:55:47.0350 2120        nfrd960 - ok

13:55:47.0851 2120        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

13:55:47.0930 2120        NlaSvc - ok

13:55:48.0847 2120        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

13:55:48.0921 2120        Npfs - ok

13:55:49.0239 2120        nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

13:55:49.0361 2120        nsi - ok

13:55:49.0439 2120        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

13:55:49.0527 2120        nsiproxy - ok

13:55:50.0543 2120        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

13:55:50.0844 2120        Ntfs - ok

13:55:50.0934 2120        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

13:55:51.0096 2120        ntrigdigi - ok

13:55:51.0142 2120        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

13:55:51.0212 2120        Null - ok

13:55:51.0246 2120        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

13:55:51.0284 2120        nvraid - ok

13:55:51.0314 2120        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

13:55:51.0348 2120        nvstor - ok

13:55:51.0394 2120        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

13:55:51.0433 2120        nv_agp - ok

13:55:51.0441 2120        NwlnkFlt - ok

13:55:51.0458 2120        NwlnkFwd - ok

13:55:52.0247 2120        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

13:55:52.0330 2120        odserv - ok

13:55:52.0393 2120        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

13:55:52.0468 2120        ohci1394 - ok

13:55:53.0109 2120        ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:55:53.0144 2120        ose - ok

13:55:54.0182 2120        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:55:54.0279 2120        p2pimsvc - ok

13:55:54.0298 2120        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:55:54.0393 2120        p2psvc - ok

13:55:54.0554 2120        PACSPTISVR      (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe

13:55:54.0588 2120        PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning

13:55:54.0588 2120        PACSPTISVR - detected UnsignedFile.Multi.Generic (1)

13:55:54.0636 2120        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

13:55:54.0787 2120        Parport - ok

13:55:55.0250 2120        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

13:55:55.0318 2120        partmgr - ok

13:55:55.0359 2120        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

13:55:55.0486 2120        Parvdm - ok

13:55:55.0648 2120        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

13:55:55.0718 2120        PcaSvc - ok

13:55:55.0771 2120        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

13:55:55.0813 2120        pci - ok

13:55:55.0836 2120        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\DRIVERS\pciide.sys

13:55:55.0873 2120        pciide - ok

13:55:55.0936 2120        pcmcia          (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys

13:55:55.0986 2120        pcmcia - ok

13:55:56.0092 2120        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

13:55:56.0509 2120        PEAUTH - ok

13:55:58.0216 2120        pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

13:55:58.0575 2120        pla - ok

13:56:00.0046 2120        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

13:56:00.0152 2120        PlugPlay - ok

13:56:00.0212 2120        Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll

13:56:00.0246 2120        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

13:56:00.0246 2120        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

13:56:00.0346 2120        PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:56:00.0461 2120        PNRPAutoReg - ok

13:56:00.0480 2120        PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

13:56:00.0544 2120        PNRPsvc - ok

13:56:00.0675 2120        PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

13:56:00.0781 2120        PolicyAgent - ok

13:56:01.0322 2120        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

13:56:01.0447 2120        PptpMiniport - ok

13:56:01.0641 2120        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

13:56:01.0820 2120        Processor - ok

13:56:01.0909 2120        ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

13:56:01.0990 2120        ProfSvc - ok

13:56:02.0109 2120        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:56:02.0147 2120        ProtectedStorage - ok

13:56:02.0474 2120        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

13:56:02.0559 2120        PSched - ok

13:56:02.0620 2120        PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

13:56:02.0649 2120        PxHelp20 - ok

13:56:02.0750 2120        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

13:56:02.0851 2120        ql2300 - ok

13:56:02.0884 2120        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

13:56:02.0920 2120        ql40xx - ok

13:56:03.0722 2120        QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

13:56:03.0802 2120        QWAVE - ok

13:56:04.0222 2120        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

13:56:04.0314 2120        QWAVEdrv - ok

13:56:04.0364 2120        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

13:56:04.0439 2120        RasAcd - ok

13:56:04.0782 2120        RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

13:56:04.0886 2120        RasAuto - ok

13:56:05.0007 2120        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:56:05.0110 2120        Rasl2tp - ok

13:56:05.0791 2120        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

13:56:05.0880 2120        RasMan - ok

13:56:05.0973 2120        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

13:56:06.0076 2120        RasPppoe - ok

13:56:06.0180 2120        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

13:56:06.0257 2120        RasSstp - ok

13:56:06.0598 2120        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

13:56:06.0694 2120        rdbss - ok

13:56:06.0765 2120        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:56:06.0852 2120        RDPCDD - ok

13:56:06.0988 2120        rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

13:56:07.0149 2120        rdpdr - ok

13:56:07.0236 2120        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

13:56:07.0349 2120        RDPENCDD - ok

13:56:07.0621 2120        RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys

13:56:07.0737 2120        RDPWD - ok

13:56:07.0819 2120        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

13:56:07.0920 2120        RemoteAccess - ok

13:56:08.0074 2120        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

13:56:08.0140 2120        RemoteRegistry - ok

13:56:08.0205 2120        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

13:56:08.0272 2120        RpcLocator - ok

13:56:08.0704 2120        RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

13:56:08.0843 2120        RpcSs - ok

13:56:08.0998 2120        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

13:56:09.0075 2120        rspndr - ok

13:56:09.0151 2120        SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

13:56:09.0191 2120        SamSs - ok

13:56:09.0329 2120        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

13:56:09.0370 2120        sbp2port - ok

13:56:09.0505 2120        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

13:56:09.0590 2120        SCardSvr - ok

13:56:11.0438 2120        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

13:56:11.0557 2120        Schedule - ok

13:56:11.0743 2120        SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

13:56:11.0798 2120        SCPolicySvc - ok

13:56:12.0611 2120        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

13:56:12.0710 2120        SDRSVC - ok

13:56:12.0819 2120        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

13:56:12.0927 2120        seclogon - ok

13:56:13.0634 2120        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll

13:56:13.0744 2120        SENS - ok

13:56:14.0051 2120        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

13:56:14.0230 2120        Serenum - ok

13:56:14.0521 2120        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

13:56:14.0675 2120        Serial - ok

13:56:14.0730 2120        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

13:56:14.0832 2120        sermouse - ok

13:56:15.0165 2120        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

13:56:15.0247 2120        SessionEnv - ok

13:56:15.0303 2120        sfdrv01         (aad95fe3e005489c7156fa111f744eaf) C:\Windows\system32\drivers\sfdrv01.sys

13:56:15.0332 2120        sfdrv01 - ok

13:56:15.0537 2120        sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

13:56:15.0719 2120        sffdisk - ok

13:56:15.0757 2120        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

13:56:15.0900 2120        sffp_mmc - ok

13:56:16.0081 2120        sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

13:56:16.0246 2120        sffp_sd - ok

13:56:16.0321 2120        sfhlp02         (daad4c099ebf5094d32c373ac1ac0f3c) C:\Windows\system32\drivers\sfhlp02.sys

13:56:16.0377 2120        sfhlp02 - ok

13:56:16.0394 2120        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys

13:56:16.0543 2120        sfloppy - ok

13:56:16.0617 2120        sfsync02        (6dc03269f4c71e4ab313c3597f42a340) C:\Windows\system32\drivers\sfsync02.sys

13:56:16.0644 2120        sfsync02 - ok

13:56:17.0093 2120        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

13:56:17.0186 2120        SharedAccess - ok

13:56:17.0825 2120        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

13:56:17.0946 2120        ShellHWDetection - ok

13:56:18.0419 2120        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

13:56:18.0459 2120        sisagp - ok

13:56:18.0595 2120        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

13:56:18.0643 2120        SiSRaid2 - ok

13:56:18.0926 2120        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

13:56:18.0976 2120        SiSRaid4 - ok

13:56:21.0567 2120        slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

13:56:21.0963 2120        slsvc - ok

13:56:22.0790 2120        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

13:56:22.0870 2120        SLUINotify - ok

13:56:23.0371 2120        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

13:56:23.0491 2120        Smb - ok

13:56:23.0541 2120        SNC             (db31d8989b3450569c29780e7fa98c48) C:\Windows\system32\Drivers\SonyNC.sys

13:56:23.0607 2120        SNC - ok

13:56:23.0641 2120        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

13:56:23.0684 2120        SNMPTRAP - ok

13:56:24.0020 2120        SonicStage Back-End Service (86da2befb800d726fea98a539606553c) C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe

13:56:24.0067 2120        SonicStage Back-End Service - ok

13:56:24.0120 2120        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

13:56:24.0154 2120        spldr - ok

13:56:24.0811 2120        Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

13:56:24.0882 2120        Spooler - ok

13:56:24.0975 2120        SPTISRV         (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe

13:56:24.0988 2120        SPTISRV ( UnsignedFile.Multi.Generic ) - warning

13:56:24.0988 2120        SPTISRV - detected UnsignedFile.Multi.Generic (1)

13:56:25.0062 2120        SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

13:56:25.0098 2120        SQLBrowser - ok

13:56:25.0211 2120        SQLWriter       (d89083c4eb02daca8f944b0e05e57f9d) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

13:56:25.0241 2120        SQLWriter - ok

13:56:25.0801 2120        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

13:56:25.0854 2120        srv - ok

13:56:26.0715 2120        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

13:56:26.0802 2120        srv2 - ok

13:56:26.0862 2120        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

13:56:26.0918 2120        srvnet - ok

13:56:26.0964 2120        ssadbus         (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys

13:56:27.0029 2120        ssadbus - ok

13:56:27.0089 2120        ssadmdfl        (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys

13:56:27.0136 2120        ssadmdfl - ok

13:56:27.0270 2120        ssadmdm         (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys

13:56:27.0330 2120        ssadmdm - ok

13:56:27.0396 2120        ssadserd        (1a5a397bc459f346ab56492b61ef79f6) C:\Windows\system32\DRIVERS\ssadserd.sys

13:56:27.0475 2120        ssadserd - ok

13:56:27.0636 2120        SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

13:56:27.0726 2120        SSDPSRV - ok

13:56:27.0800 2120        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

13:56:27.0823 2120        ssmdrv - ok

13:56:28.0015 2120        SSScsiSV        (6eb13f919d22d5056b4fb66aa3bb497a) C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe

13:56:28.0043 2120        SSScsiSV - ok

13:56:28.0114 2120        SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

13:56:28.0157 2120        SstpSvc - ok

13:56:28.0233 2120        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

13:56:28.0318 2120        stisvc - ok

13:56:28.0360 2120        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

13:56:28.0393 2120        swenum - ok

13:56:28.0446 2120        swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

13:56:28.0544 2120        swprv - ok

13:56:28.0579 2120        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

13:56:28.0611 2120        Symc8xx - ok

13:56:28.0633 2120        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

13:56:28.0665 2120        Sym_hi - ok

13:56:28.0695 2120        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

13:56:28.0727 2120        Sym_u3 - ok

13:56:28.0809 2120        SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

13:56:28.0889 2120        SysMain - ok

13:56:28.0940 2120        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

13:56:28.0984 2120        TabletInputService - ok

13:56:29.0039 2120        TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

13:56:29.0128 2120        TapiSrv - ok

13:56:29.0177 2120        TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

13:56:29.0255 2120        TBS - ok

13:56:29.0374 2120        Tcpip           (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys

13:56:29.0466 2120        Tcpip - ok

13:56:29.0496 2120        Tcpip6          (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys

13:56:29.0578 2120        Tcpip6 - ok

13:56:29.0615 2120        tcpipreg        (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys

13:56:29.0662 2120        tcpipreg - ok

13:56:29.0709 2120        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

13:56:29.0784 2120        TDPIPE - ok

13:56:29.0828 2120        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

13:56:29.0916 2120        TDTCP - ok

13:56:29.0957 2120        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

13:56:30.0032 2120        tdx - ok

13:56:30.0071 2120        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

13:56:30.0109 2120        TermDD - ok

13:56:30.0171 2120        TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

13:56:30.0304 2120        TermService - ok

13:56:30.0372 2120        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

13:56:30.0417 2120        Themes - ok

13:56:30.0478 2120        THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

13:56:30.0553 2120        THREADORDER - ok

13:56:30.0646 2120        ti21sony        (dcd46a3fc856167fd985507492ae610a) C:\Windows\system32\drivers\ti21sony.sys

13:56:30.0750 2120        ti21sony - ok

13:56:30.0815 2120        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

13:56:30.0916 2120        TrkWks - ok

13:56:30.0988 2120        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

13:56:31.0068 2120        TrustedInstaller - ok

13:56:31.0115 2120        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:56:31.0204 2120        tssecsrv - ok

13:56:31.0277 2120        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

13:56:31.0350 2120        tunmp - ok

13:56:31.0411 2120        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

13:56:31.0461 2120        tunnel - ok

13:56:31.0513 2120        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

13:56:31.0546 2120        uagp35 - ok

13:56:31.0618 2120        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

13:56:31.0697 2120        udfs - ok

13:56:31.0827 2120        UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

13:56:32.0008 2120        UI0Detect - ok

13:56:32.0133 2120        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

13:56:32.0165 2120        uliagpkx - ok

13:56:32.0202 2120        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

13:56:32.0245 2120        uliahci - ok

13:56:32.0298 2120        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

13:56:32.0335 2120        UlSata - ok

13:56:32.0366 2120        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

13:56:32.0403 2120        ulsata2 - ok

13:56:32.0451 2120        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

13:56:32.0525 2120        umbus - ok

13:56:32.0591 2120        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

13:56:32.0676 2120        upnphost - ok

13:56:32.0729 2120        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

13:56:32.0764 2120        USBAAPL ( UnsignedFile.Multi.Generic ) - warning

13:56:32.0764 2120        USBAAPL - detected UnsignedFile.Multi.Generic (1)

13:56:32.0835 2120        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

13:56:32.0894 2120        usbccgp - ok

13:56:32.0949 2120        USBCCID         (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys

13:56:33.0026 2120        USBCCID - ok

13:56:33.0106 2120        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

13:56:33.0249 2120        usbcir - ok

13:56:33.0347 2120        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

13:56:33.0418 2120        usbehci - ok

13:56:33.0460 2120        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

13:56:33.0544 2120        usbhub - ok

13:56:33.0579 2120        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

13:56:33.0709 2120        usbohci - ok

13:56:33.0753 2120        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

13:56:33.0825 2120        usbprint - ok

13:56:33.0875 2120        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

13:56:33.0930 2120        usbscan - ok

13:56:33.0964 2120        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:56:34.0036 2120        USBSTOR - ok

13:56:34.0088 2120        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

13:56:34.0166 2120        usbuhci - ok

13:56:34.0212 2120        UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

13:56:34.0273 2120        UxSms - ok

13:56:34.0475 2120        VAIO Entertainment TV Device Arbitration Service (4e9c6bf8d0655bb7538088dc6f2306d9) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

13:56:34.0505 2120        VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning

13:56:34.0506 2120        VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)

13:56:34.0574 2120        VAIO Event Service (8a9f18adad471402236ca931553bf79b) C:\Program Files\sony\VAIO Event Service\VESMgr.exe

13:56:34.0605 2120        VAIO Event Service - ok

13:56:34.0805 2120        VAIOMediaPlatform-IntegratedServer-AppServer (88dc6b884824a578b0e1e9c3790c105b) C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe

13:56:34.0959 2120        VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - warning

13:56:34.0959 2120        VAIOMediaPlatform-IntegratedServer-AppServer - detected UnsignedFile.Multi.Generic (1)

13:56:35.0187 2120        VAIOMediaPlatform-IntegratedServer-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

13:56:35.0219 2120        VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - warning

13:56:35.0219 2120        VAIOMediaPlatform-IntegratedServer-HTTP - detected UnsignedFile.Multi.Generic (1)

13:56:35.0328 2120        VAIOMediaPlatform-IntegratedServer-UPnP (addf0e4e19bd2ff0a0b852d324fdc281) C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

13:56:35.0694 2120        VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - warning

13:56:35.0694 2120        VAIOMediaPlatform-IntegratedServer-UPnP - detected UnsignedFile.Multi.Generic (1)

13:56:35.0821 2120        VAIOMediaPlatform-UCLS-AppServer (52d4f568fe7d05ae5026b8717eeb59eb) C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe

13:56:35.0900 2120        VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - warning

13:56:35.0900 2120        VAIOMediaPlatform-UCLS-AppServer - detected UnsignedFile.Multi.Generic (1)

13:56:35.0965 2120        VAIOMediaPlatform-UCLS-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

13:56:35.0990 2120        VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - warning

13:56:35.0990 2120        VAIOMediaPlatform-UCLS-HTTP - detected UnsignedFile.Multi.Generic (1)

13:56:36.0084 2120        VAIOMediaPlatform-UCLS-UPnP (addf0e4e19bd2ff0a0b852d324fdc281) C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

13:56:36.0207 2120        VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - warning

13:56:36.0208 2120        VAIOMediaPlatform-UCLS-UPnP - detected UnsignedFile.Multi.Generic (1)

13:56:36.0280 2120        Vcsw - ok

13:56:36.0459 2120        vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

13:56:36.0583 2120        vds - ok

13:56:36.0664 2120        vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

13:56:36.0815 2120        vga - ok

13:56:36.0865 2120        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

13:56:36.0938 2120        VgaSave - ok

13:56:36.0972 2120        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

13:56:37.0005 2120        viaagp - ok

13:56:37.0023 2120        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

13:56:37.0157 2120        ViaC7 - ok

13:56:37.0228 2120        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

13:56:37.0259 2120        viaide - ok

13:56:37.0309 2120        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

13:56:37.0344 2120        volmgr - ok

13:56:37.0406 2120        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

13:56:37.0456 2120        volmgrx - ok

13:56:37.0586 2120        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

13:56:37.0746 2120        volsnap - ok

13:56:37.0894 2120        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

13:56:37.0931 2120        vsmraid - ok

13:56:38.0056 2120        VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

13:56:38.0223 2120        VSS - ok

13:56:38.0425 2120        VzCdbSvc        (5feb20d9ed9a2bd4f234222b0a3bb855) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

13:56:38.0463 2120        VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning

13:56:38.0463 2120        VzCdbSvc - detected UnsignedFile.Multi.Generic (1)

13:56:38.0502 2120        VzFw            (3757dfd3c07896ef660d4060366e7b4e) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

13:56:38.0516 2120        VzFw ( UnsignedFile.Multi.Generic ) - warning

13:56:38.0516 2120        VzFw - detected UnsignedFile.Multi.Generic (1)

13:56:38.0664 2120        W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

13:56:38.0733 2120        W32Time - ok

13:56:38.0809 2120        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

13:56:38.0967 2120        WacomPen - ok

13:56:39.0029 2120        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

13:56:39.0109 2120        Wanarp - ok

13:56:39.0125 2120        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

13:56:39.0185 2120        Wanarpv6 - ok

13:56:39.0256 2120        wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

13:56:39.0339 2120        wcncsvc - ok

13:56:39.0518 2120        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

13:56:39.0605 2120        WcsPlugInService - ok

13:56:39.0679 2120        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

13:56:39.0729 2120        Wd - ok

13:56:39.0820 2120        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

13:56:39.0883 2120        Wdf01000 - ok

13:56:40.0018 2120        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

13:56:40.0112 2120        WdiServiceHost - ok

13:56:40.0120 2120        WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

13:56:40.0206 2120        WdiSystemHost - ok

13:56:40.0273 2120        WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

13:56:40.0321 2120        WebClient - ok

13:56:40.0708 2120        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

13:56:40.0809 2120        Wecsvc - ok

13:56:40.0885 2120        wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

13:56:40.0972 2120        wercplsupport - ok

13:56:41.0021 2120        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

13:56:41.0109 2120        WerSvc - ok

13:56:41.0195 2120        winachsf        (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

13:56:41.0253 2120        winachsf - ok

13:56:41.0510 2120        WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

13:56:41.0552 2120        WinDefend - ok

13:56:41.0569 2120        WinHttpAutoProxySvc - ok

13:56:41.0643 2120        Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

13:56:41.0707 2120        Winmgmt - ok

13:56:41.0840 2120        WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

13:56:42.0016 2120        WinRM - ok

13:56:42.0108 2120        Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

13:56:42.0245 2120        Wlansvc - ok

13:56:42.0593 2120        wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:56:42.0902 2120        wlidsvc - ok

13:56:43.0046 2120        WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

13:56:43.0176 2120        WmiAcpi - ok

13:56:43.0252 2120        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

13:56:43.0311 2120        wmiApSrv - ok

13:56:43.0461 2120        WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

13:56:43.0581 2120        WMPNetworkSvc - ok

13:56:43.0612 2120        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

13:56:43.0671 2120        WPCSvc - ok

13:56:43.0713 2120        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

13:56:43.0793 2120        WPDBusEnum - ok

13:56:43.0877 2120        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

13:56:43.0932 2120        WpdUsb - ok

13:56:44.0528 2120        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

13:56:44.0593 2120        WPFFontCache_v0400 - ok

13:56:44.0648 2120        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

13:56:44.0741 2120        ws2ifsl - ok

13:56:44.0778 2120        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll

13:56:44.0823 2120        wscsvc - ok

13:56:44.0832 2120        WSearch - ok

13:56:45.0016 2120        wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll

13:56:45.0175 2120        wuauserv - ok

13:56:45.0365 2120        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:56:45.0439 2120        WUDFRd - ok

13:56:45.0503 2120        wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

13:56:45.0581 2120        wudfsvc - ok

13:56:45.0602 2120        XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

13:56:45.0630 2120        XAudio - ok

13:56:45.0674 2120        XAudioService   (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe

13:56:45.0718 2120        XAudioService - ok

13:56:45.0772 2120        yukonwlh        (69222091b6285906aff82e43681cf826) C:\Windows\system32\DRIVERS\yk60x86.sys

13:56:45.0830 2120        yukonwlh - ok

13:56:45.0875 2120        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

13:56:46.0045 2120        \Device\Harddisk0\DR0 - ok

13:56:46.0053 2120        Boot (0x1200)   (408300534be1d9c795f43c326e6d41cd) \Device\Harddisk0\DR0\Partition0

13:56:46.0056 2120        \Device\Harddisk0\DR0\Partition0 - ok

13:56:46.0059 2120        ============================================================

13:56:46.0059 2120        Scan finished

13:56:46.0059 2120        ============================================================

13:56:46.0085 4588        Detected object count: 18

13:56:46.0085 4588        Actual detected object count: 18

13:58:33.0643 4588        hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0643 4588        hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:58:33.0648 4588        hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0649 4588        hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:58:33.0650 4588        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0650 4588        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:58:33.0654 4588        MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0654 4588        MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:58:33.0659 4588        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0659 4588        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:58:33.0663 4588        PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0663 4588        PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:58:33.0664 4588        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0664 4588        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:58:33.0669 4588        SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0670 4588        SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:58:33.0674 4588        USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0674 4588        USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:58:33.0678 4588        VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0678 4588        VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:58:33.0684 4588        VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0684 4588        VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:58:33.0688 4588        VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0688 4588        VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:58:33.0692 4588        VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0693 4588        VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:58:33.0697 4588        VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0697 4588        VAIOMediaPlatform-UCLS-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:58:33.0698 4588        VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0698 4588        VAIOMediaPlatform-UCLS-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:58:33.0703 4588        VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0703 4588        VAIOMediaPlatform-UCLS-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:58:33.0708 4588        VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0708 4588        VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:58:33.0712 4588        VzFw ( UnsignedFile.Multi.Generic ) - skipped by user

13:58:33.0712 4588        VzFw ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 12-05-05.05 - Teresa 05.05.2012  13:44:34.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.2037.1186 [GMT 2:00]

ausgeführt von:: c:\users\Teresa\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\muzapp.exe

c:\windows\system32\system32

c:\windows\system32\system32\3DAudio.ax

c:\windows\system32\system32\avrt.dll

c:\windows\system32\system32\cis-2.4.dll

c:\windows\system32\system32\issacapi_bs-2.3.dll

c:\windows\system32\system32\issacapi_pe-2.3.dll

c:\windows\system32\system32\issacapi_se-2.3.dll

c:\windows\system32\system32\MACXMLProto.dll

c:\windows\system32\system32\MaDRM.dll

c:\windows\system32\system32\MaJGUILib.dll

c:\windows\system32\system32\MAMACExtract.dll

c:\windows\system32\system32\MASetupCleaner.exe

c:\windows\system32\system32\MaXMLProto.dll

c:\windows\system32\system32\mfplat.dll

c:\windows\system32\system32\MK_Lyric.dll

c:\windows\system32\system32\MSCLib.dll

c:\windows\system32\system32\MSFLib.dll

c:\windows\system32\system32\MSLUR71.dll

c:\windows\system32\system32\msvcp60.dll

c:\windows\system32\system32\MTTELECHIP.dll

c:\windows\system32\system32\MTXSYNCICON.dll

c:\windows\system32\system32\muzaf1.dll

c:\windows\system32\system32\muzapp.dll

c:\windows\system32\system32\muzapp.exe

c:\windows\system32\system32\muzdecode.ax

c:\windows\system32\system32\muzeffect.ax

c:\windows\system32\system32\muzmp4sp.ax

c:\windows\system32\system32\muzmpgsp.ax

c:\windows\system32\system32\muzoggsp.ax

c:\windows\system32\system32\muzwmts.dll

c:\windows\system32\system32\psapi.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-04-05 bis 2012-05-05  ))))))))))))))))))))))))))))))

.

.

2012-05-05 11:58 . 2012-05-05 11:59        --------        d-----w-        c:\users\Teresa\AppData\Local\temp

2012-05-05 11:58 . 2012-05-05 11:58        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-05-05 11:21 . 2012-04-13 07:36        6734704        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{39A6A44A-5A1E-47BC-84D9-63B0AC1627CF}\mpengine.dll

2012-05-03 18:56 . 2012-05-03 18:56        --------        d-----w-        C:\_OTL

2012-05-01 16:47 . 2012-05-01 16:47        --------        d-----w-        c:\program files\ESET

2012-05-01 09:10 . 2012-05-01 09:10        --------        d-----w-        c:\users\Teresa\AppData\Roaming\Malwarebytes

2012-05-01 09:09 . 2012-05-01 09:09        --------        d-----w-        c:\programdata\Malwarebytes

2012-05-01 09:09 . 2012-05-01 09:09        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-05-01 09:09 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-04-11 22:32 . 2012-02-28 01:03        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2012-04-11 22:32 . 2012-02-28 01:58        141112        ----a-w-        c:\program files\Internet Explorer\sqmapi.dll

2012-04-11 22:32 . 2012-02-28 01:08        194048        ----a-w-        c:\program files\Internet Explorer\IEShims.dll

2012-04-11 22:32 . 2012-02-28 01:18        1799168        ----a-w-        c:\windows\system32\jscript9.dll

2012-04-11 22:27 . 2012-03-06 06:39        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-04-11 22:27 . 2012-03-06 06:39        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2012-04-11 21:08 . 2012-03-01 11:01        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2012-04-10 19:52 . 2012-04-14 14:09        418464        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-14 14:09 . 2011-05-17 10:33        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-01 15:38 . 2010-05-13 19:16        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2012-02-23 08:18 . 2012-01-15 18:55        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-02-14 15:45 . 2012-03-14 19:09        219648        ----a-w-        c:\windows\system32\d3d10_1core.dll

2012-02-14 15:45 . 2012-03-14 19:09        160768        ----a-w-        c:\windows\system32\d3d10_1.dll

2012-02-13 14:12 . 2012-03-14 19:09        1172480        ----a-w-        c:\windows\system32\d3d10warp.dll

2012-02-13 13:47 . 2012-03-14 19:09        683008        ----a-w-        c:\windows\system32\d2d1.dll

2012-02-13 13:44 . 2012-03-14 19:09        1068544        ----a-w-        c:\windows\system32\DWrite.dll

2012-02-07 09:02 . 2012-02-07 09:02        1070352        ----a-w-        c:\windows\system32\MSCOMCTL.OCX

2012-03-22 17:18 . 2011-11-15 21:29        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

2009-01-04 00:04 . 2008-02-16 13:14        122880        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-24 39408]

"OnlineFestplatte"="c:\program files\aon\Onlinefestplatte\OnlineFestplatte.exe" [2008-01-25 253976]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-08-01 958352]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-08-01 3507088]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-08-01 20880]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-02-06 4317184]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-12 118784]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-01-22 321656]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-04 29744]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-03 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-03 154136]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-26 137752]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]

"PDFPrint"="c:\program files\pdf24\pdf24.exe" [2011-11-03 220744]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2007-02-13 14:19        98304        ----a-w-        c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~4\GOEC62~1.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 14:09]

.

2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 18:07]

.

2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 18:07]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.club-vaio.com/vbc

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.138

FF - ProfilePath - c:\users\Teresa\AppData\Roaming\Mozilla\Firefox\Profiles\etdn0ib6.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-05-05 13:59

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(5004)

c:\program files\HappyFoto\Bestellassistent\FotoSync.dll

c:\program files\HappyFoto\Bestellassistent\xerc2701.dll

c:\program files\HappyFoto\Bestellassistent\fotosynr.dll

.

Zeit der Fertigstellung: 2012-05-05  14:04:25

ComboFix-quarantined-files.txt  2012-05-05 12:04

.

Vor Suchlauf: 17 Verzeichnis(se), 24.473.079.808 Bytes frei

Nach Suchlauf: 23 Verzeichnis(se), 24.490.774.528 Bytes frei

.

- - End Of File - - DED0FFFB671FA9A5E387E3D6854342D0

--- --- ---

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

GMER hat nicht funktioniert, hier das OSAM file:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 20:39:10 on 06.05.2012
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 11.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[AppInit DLLs]

-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----

"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys

"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\Teresa\AppData\Local\Temp\catchme.sys  (File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys

"Sony DMI Call service" (DMICall) - "Sony Corporation" - C:\Windows\System32\DRIVERS\DMICall.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfdrv01.sys

"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfhlp02.sys

"StarForce Protection Synchronization Driver (version 2.x)" (sfsync02) - "Protection Technology" - C:\Windows\System32\drivers\sfsync02.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{3C05B56D-4D0A-45F9-8078-931A5250F661} "HappyFoto" - "WebWare, Dipl.-Ing. Christian Aberger" - C:\Program Files\HappyFoto\Bestellassistent\FotoSync.dll

{410AEE10-AB1F-4D31-8432-779CCE247A01} "HappyFoto" - "WebWare, Dipl.-Ing. Christian Aberger" - C:\Program Files\HappyFoto\Bestellassistent\FotoSync.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\MLSHEXT.DLL

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{ED58A35B-B554-42AF-A26C-6F3D424200D3} "SPMPanel" - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMPanel.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----

{855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} "Java Plug-in 1.6.0" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

"ICQ6" - "ICQ, Inc." - C:\Program Files\ICQ6\ICQ.exe

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Teresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)

"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"KiesHelper" - "Samsung" - C:\Program Files\Samsung\Kies\KiesHelper.exe /s

"KiesPDLR" - ? - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

"OnlineFestplatte" - "Telekom Austria TA AG" - C:\Program Files\aon\Onlinefestplatte\OnlineFestplatte.exe /tray

"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

"HP Software Update" - "Hewlett-Packard Co." - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

"ISBMgr.exe" - ? - "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"Symantec PIF AlertEng" - "Symantec Corporation" - "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"PCL hpz3l4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l4v2.dll

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"Google Desktop Manager 5.7.806.10245" (GoogleDesktopManager-061008-081103) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate1c9b22b9c050ae8)" (gupdate1c9b22b9c050ae8) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"LiveUpdate Notice Service" (LiveUpdate Notice Service) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

"LiveUpdate Notice Service Ex" (LiveUpdate Notice Ex) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)

"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"MSCSPTISRV" (MSCSPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"PACSPTISVR" (PACSPTISVR) - ? - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll

"SonicStage Back-End Service" (SonicStage Back-End Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe

"SonicStage SCSI Service" (SSScsiSV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe

"Sony SPTI Service" (SPTISRV) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe

"SQL Server (VAIO_VEDB)" (MSSQL$VAIO_VEDB) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

"SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)

"VAIO Entertainment Database Service" (VzCdbSvc) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

"VAIO Entertainment File Import Service" (VzFw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

"VAIO Entertainment TV Device Arbitration Service" (VAIO Entertainment TV Device Arbitration Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe

"VAIO Entertainment UPnP Client Adapter" (Vcsw) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files\sony\VAIO Event Service\VESMgr.exe

"VAIO Media Content Collection" (VAIOMediaPlatform-UCLS-AppServer) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe

"VAIO Media Content Collection (HTTP)" (VAIOMediaPlatform-UCLS-HTTP) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

"VAIO Media Content Collection (UPnP)" (VAIOMediaPlatform-UCLS-UPnP) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

"VAIO Media Gateway Server" (VAIOMediaPlatform-Mobile-Gateway) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe

"VAIO Media Integrated Server" (VAIOMediaPlatform-IntegratedServer-AppServer) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe

"VAIO Media Integrated Server (HTTP)" (VAIOMediaPlatform-IntegratedServer-HTTP) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe

"VAIO Media Integrated Server (UPnP)" (VAIOMediaPlatform-IntegratedServer-UPnP) - "Sony Corporation" - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
 

[Winlogon]

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"VESWinlogon" - "Sony Corporation" - C:\Windows\system32\VESWinlogon.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]

Code:

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-05-06 20:44:12

-----------------------------

20:44:12.393    OS Version: Windows 6.0.6002 Service Pack 2

20:44:12.393    Number of processors: 2 586 0xE0C

20:44:12.396    ComputerName: TERESA-PC  UserName: Teresa

20:45:07.605    Initialize success

20:47:36.819    AVAST engine defs: 12050600

20:48:17.203    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3

20:48:17.208    Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC74P Size: 152627MB BusType: 3

20:48:17.215    Disk 1  \Device\Harddisk1\DR1 -> \Device\000000c1

20:48:17.225    Disk 1 Vendor: (  Size: 152627MB BusType: 0

20:48:17.233    Disk 2  \Device\Harddisk2\DR2 -> \Device\000000c2

20:48:17.241    Disk 2 Vendor: (  Size: 152627MB BusType: 0

20:48:17.264    Disk 0 MBR read successfully

20:48:17.273    Disk 0 MBR scan

20:48:17.305    Disk 0 Windows VISTA default MBR code

20:48:17.330    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         9536 MB offset 2048

20:48:17.387    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       143089 MB offset 19531776

20:48:17.409    Disk 0 scanning sectors +312579760

20:48:17.519    Disk 0 scanning C:\Windows\system32\drivers

20:48:45.882    Service scanning

20:49:56.205    Modules scanning

20:50:06.349    Disk 0 trace - called modules:

20:50:06.383    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll sfsync02.sys ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 

20:50:06.397    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85323258]

20:50:06.410    3 CLASSPNP.SYS[883c78b3] -> nt!IofCallDriver -> [0x8521b8c8]

20:50:06.423    5 acpi.sys[806926bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x852203a0]

20:50:06.439    \Driver\atapi[0x8520d770] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> sfsync02.sys[0x807d08b4]

20:50:08.209    AVAST engine scan C:\Windows

20:50:25.976    AVAST engine scan C:\Windows\system32

21:00:01.818    AVAST engine scan C:\Windows\system32\drivers

21:00:32.129    AVAST engine scan C:\Users\Teresa

21:48:01.769    AVAST engine scan C:\ProgramData

21:54:41.109    Scan finished successfully

21:56:42.013    Disk 0 MBR has been saved successfully to "C:\Users\Teresa\Desktop\MBR.dat"

21:56:42.028    The log file has been saved successfully to "C:\Users\Teresa\Desktop\aswMBR.txt"